Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows ME Constant gambling pop-up windows [RESOLVED]

Started by spiritoh , Jul 23 2005 09:53 AM

  • This topic is locked This topic is locked

#1
spiritoh
Posted 23 July 2005 - 09:53 AM

spiritoh

    Member

  • Member
  • PipPip
  • 14 posts
Hi, can anyone please help me get rid of whatever malware or spyware on this Windows ME system. I keep getting pop-ups and I've tried Adware Se and all the virus software I can find to get rid of these things and they still keep coming back.

Here's my HiJack this log:
Logfile of HijackThis v1.99.1
Scan saved at 11:40:48 AM, on 7/23/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\ARPRBL.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\CHANNEL 3 WEATHER WIZARD\TRUEWEATHER.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\arprbl.exe reg_run
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: pkrk.exe
O4 - Global Startup: Channel 3 Weather Wizard.lnk = C:\Program Files\Common Files\Channel 3 Weather Wizard\TrueWeather.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

Advertisements

#2
tampabelle
Posted 23 July 2005 - 10:03 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#3
spiritoh
Posted 23 July 2005 - 10:41 AM

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I ran the PFind but could download the other "Track qoo.vbs"
, the post wasn't found.

Here's the WpFind data:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
KavSvc 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
urllogic 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
urllogic 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
KavSvc 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
winsync 7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
KavSvc 3/24/2005 11:21:04 PM 303136 C:\WINDOWS\HWINFO.DAT
qoologic 7/23/2005 12:15:34 PM 3173 C:\WINDOWS\hosts
urllogic 7/23/2005 12:15:34 PM 3173 C:\WINDOWS\hosts
urllogic 7/23/2005 12:15:34 PM 3173 C:\WINDOWS\hosts
UPX! 3/31/2005 11:15:10 AM 23272 C:\WINDOWS\icont.exe
69.59.186.63 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
209.66.67.134 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
web-nex 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
winsync 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.dll
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
UPX! 7/23/2005 11:59:46 AM 1044560 C:\WINDOWS\vsapi32.dll
aspack 7/23/2005 11:59:46 AM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 7/23/2005 11:59:46 AM 170053 C:\WINDOWS\tsc.exe

Checking %System% folder...
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\WOCTHUNK.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\ARIFIL32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SFLWAPI.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\XKILEXR.OLD
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MPHTMLER.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\GMI32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MOACM32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NCTPLWIZ.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DHNMPNTW.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\JNEG1X32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DXVVOX.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OPE32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
PTech 10/29/2000 8:52:52 PM 391696 C:\WINDOWS\SYSTEM\FUSION16.DRV
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SRSCLASS.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WXPLOC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WOLP32T.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DVGSIG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SAC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SQC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OJPRT400.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MNNET32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NUSWAN16.DLL
UPX! 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
qoologic 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
aspack 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
SAHAgent 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MLCUIW32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OLTWA400.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\STLFX.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IEETCFG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IKGSHL.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IK50_32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WVBVW.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\mmcrlrev.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DWDRM.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MBDVDOPT.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MVAFD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CEYPTDLG.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\FYSRCH.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NKture.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\AEIDDC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\RCCHED20.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DJMSSPXN.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\JJEG1X32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WVICORE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\NKTPLWIZ.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MHRATELC.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MWTCP.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SATUPX32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MAANG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IQETCFG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\UFDM32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SQCUR32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\EHTIER2.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\dhdmoprp.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\KGRNEL32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\GXU32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DLSTYLE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DGD3D01.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\RTAENH.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\HWOIMN07.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MAVCRT.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MUIMRT16.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MBCI.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MJEXCH40.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IDM32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\ICSS.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\HKOPCL07.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DQICM.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\OLMDSPIF.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\CORDS.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DVVOICE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IDFRARED.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MRUTILSE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DGVVOX.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\mdident.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\mrident.dll
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\PXPARSE.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\IVMUPG.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\SUCUR32.DLL
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DFMSTOR.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DPEML.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CKUSALGO.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DCCPCSVC.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DYVENUM.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MAAFD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MMAFD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\JLDW400.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DTMSVINN.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\QPV.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\UYER32.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\CRM.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\dNd8.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DLUSIC16.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\OSUI400.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\pfdrv.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\QJDWIPES.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\OJMREG.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\ZCORT4AS.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\SWMAN32.DLL
UPX! 6/2/2005 3:32:08 PM 18432 C:\WINDOWS\SYSTEM\supdate.dll
KavSvc 6/2/2005 3:32:08 PM 18432 C:\WINDOWS\SYSTEM\supdate.dll
yourkey 6/2/2005 3:32:08 PM 18432 C:\WINDOWS\SYSTEM\supdate.dll
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\DLMSTOR.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\FXSION32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MXG4DMOD.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\AAIV16XX.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\izengine.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MBHTMLED.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\Jxngle.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\dadiagn.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MVIMRT.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\IOET16.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\maxml4a.dll
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\GFIDE2X.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\LPOUSE32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\WK5INF32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\IASENG.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CPRDS.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\SQNCUI.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\EFTIER2.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\IYWPHBK.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MCRD2X40.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DAMSVINN.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\ATIFIL32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\DRMSVINN.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\SCNDMAIL.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\GUI32.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CXMNCTR.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\HNOIMG07.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\MD3216.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\IXMUPG.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\SSSCRAP.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\SPHANNEL.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\CERDS.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\MXRATING.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\mzoeacct.dll
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\DD32GT.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\SOGE.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\WIVCORE.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\MIUTILSE.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MXDVDOPT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MSNDEX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\SRPDLL.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WFDMLOG.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\NTTPLWIZ.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\QJIM32.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\OXGFS400.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\CHSEQCHK.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MHHTMLED.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\DA32GT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MQAFD.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MYRTEDIT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\RIAENH.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\AKIICDXX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\NHWDEV.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\RYRC32.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WPASHEXT.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\LROUSE16.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\SLLFX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WAPLOC.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\RNCLTSCM.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\CVM.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\DZVVOX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\WTADEFUI.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\AFIICDXX.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\BDOWSELC.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\IVM32.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\DQVENUM.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\SRSINV.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\8E55INDI.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\MDDOCS.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\NJWDEV.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\VEDX16.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\CPUTOA.DLL
ad-w-a-r-e.com 7/11/2005 6:06:44 PM 227104 C:\WINDOWS\SYSTEM\MGR2C.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\OAESVR.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\dhnet.dll
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\ITHLPAPI.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\JGVAEE.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\MYTCP.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\MBINCP16.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\DDNDI.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\MYCI.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\chmnew.dll
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\ACIPDLXX.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\SBCUR32.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\WRICORE.DLL
ad-w-a-r-e.com 7/23/2005 9:59:02 AM 226080 C:\WINDOWS\SYSTEM\CKUTOA.DLL
ad-w-a-r-e.com 7/23/2005 9:59:02 AM 226080 C:\WINDOWS\SYSTEM\DWMM.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/23/2005 12:16:12 PM 6492192 C:\WINDOWS\SYSTEM.DAT
7/23/2005 12:23:58 PM 1134624 C:\WINDOWS\USER.DAT
7/23/2005 12:13:42 PM 4341792 C:\WINDOWS\CLASSES.DAT
7/23/2005 12:14:36 PM 1110310 C:\WINDOWS\ShellIconCache
6/8/2005 11:33:54 PM 54156 C:\WINDOWS\QTFont.qfn
7/23/2005 10:35:50 AM 10796 C:\WINDOWS\ttfCache
7/23/2005 10:01:58 AM 5 C:\WINDOWS\SYSTEM\AuxDrv32ds_k.ods
7/23/2005 12:15:34 PM 668 C:\WINDOWS\PCHEALTH\HELPCTR\Database\HelpSessionHistory.stream
7/23/2005 11:50:28 AM 68 C:\WINDOWS\TEMP\ffastlog.txt
6/15/2005 10:02:20 AM 3584 C:\WINDOWS\DRM\drmv2.sst
6/15/2005 10:02:36 AM 400 C:\WINDOWS\DRM\v2ks002.bla
6/15/2005 10:02:36 AM 234176 C:\WINDOWS\DRM\Indiv002.key
7/19/2005 9:35:46 PM 2344 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
7/19/2005 9:36:12 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata00.sqm
6/15/2005 11:47:44 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata01.sqm
6/16/2005 12:47:30 PM 1204 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata02.sqm
6/16/2005 12:47:30 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata03.sqm
6/17/2005 10:39:04 AM 1548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata04.sqm
6/17/2005 10:39:04 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata05.sqm
6/17/2005 8:29:34 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata06.sqm
6/17/2005 8:29:34 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata07.sqm
6/17/2005 8:52:40 PM 1300 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata08.sqm
6/17/2005 8:53:00 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata09.sqm
6/18/2005 11:10:36 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata10.sqm
6/18/2005 11:10:36 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata11.sqm
6/24/2005 12:21:52 PM 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata12.sqm
6/24/2005 12:21:52 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata13.sqm
6/24/2005 9:34:22 PM 1144 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata14.sqm
6/24/2005 9:34:22 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata15.sqm
6/25/2005 12:34:50 AM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata16.sqm
6/25/2005 12:34:50 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata17.sqm
6/27/2005 2:59:08 PM 1156 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata18.sqm
6/27/2005 2:59:28 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata19.sqm
6/27/2005 7:01:48 PM 92 C:\WINDOWS\NetHood\updates on Main\Desktop.ini
6/25/2005 9:13:36 PM 92 C:\WINDOWS\NetHood\shareddocs on Main\Desktop.ini
6/30/2005 11:15:28 AM 92 C:\WINDOWS\NetHood\backup on Main\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\als document on Als\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\c on Als\Desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 3:15:52 PM 575 C:\WINDOWS\All Users\Start Menu\Programs\StartUp\Channel 3 Weather Wizard.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/3/2005 3:15:54 PM 568 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
4/3/2005 3:15:54 PM 443 C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
7/31/2004 11:33:52 PM 0 C:\WINDOWS\Application Data\dm.ini
3/23/2005 11:27:10 PM 926 C:\WINDOWS\Application Data\dw.log
3/23/2005 11:28:12 PM 28 C:\WINDOWS\Application Data\Sskcwrd.dll
3/23/2005 10:49:54 PM 272735 C:\WINDOWS\Application Data\Sskknwrd.dll
3/23/2005 11:31:02 PM 38 C:\WINDOWS\Application Data\Sskuknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\{9C54FCA2-6FE5-2DE1-0EE4-1FF3732C0713}
=

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
PCHealth C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray SysTray.Exe
Logitech Utility Logi_MwX.Exe
LoadQM loadqm.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
msnappau "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
winsync C:\WINDOWS\arprbl.exe reg_run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
MSFS
MAPI
IMAIL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.3 - Log file written to "WinPFind.Txt" in the WinPFind folder.
  • 0

#4
spiritoh
Posted 23 July 2005 - 10:42 AM

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I meant to say I could NOT find the Track qoo.vbs the link you gave to me to download it, came back saying that it was not found
  • 0

#5
spiritoh
Posted 23 July 2005 - 11:05 AM

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
found the Track qoo file and downloaded and ran the script here's the results:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"Logitech Utility"="Logi_MwX.Exe"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"winsync"="C:\\WINDOWS\\arprbl.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll

Subkey --- Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5}
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\SHELLEX.DLL

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\SYSTEM\DOCPROP2.DLL

==============================
C:\WINDOWS\All Users\Start Menu\Programs\StartUp

Channel 3 Weather Wizard.lnk
==============================
C:\WINDOWS\Start Menu\Programs\StartUp

Channel 3 Weather Wizard.lnk
Webshots.lnk
Microsoft Office.lnk
==============================
C:\WINDOWS\SYSTEM cpl files


INETCPL.CPL Microsoft Corporation
INTL.CPL Microsoft Corporation
MODEM.CPL Microsoft Corporation
ODBCCP32.CPL Microsoft Corporation
POWERCFG.CPL Microsoft Corporation
APPWIZ.CPL Microsoft Corporation
DESK.CPL Microsoft Corporation
JOY.CPL Microsoft Corporation
MMSYS.CPL Microsoft Corporation
NETCPL.CPL Microsoft Corporation
PASSWORD.CPL Microsoft Corporation
SYSDM.CPL Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
WUAUCPL.CPL Microsoft Corporation
QTW32.CPL Apple Computer, Inc.
ACCESS.CPL Microsoft Corporation
THEMES.CPL Microsoft Corporation
FINDFAST.CPL Microsoft Corporation
CtDetect.cpl Creative Technology Ltd.
AUDIOHQ.CPL Creative Technology Ltd.
MAIN.CPL Microsoft Corporation
TIMEDATE.CPL Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
plugincpl131_04.cpl Sun Microsystems
jpicpl32.cpl Sun Microsystems, Inc.
  • 0

#6
tampabelle
Posted 23 July 2005 - 11:41 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download FindQoologic from here:
Find_Qoologic2.zip
Save it to the desktop and extract files from it. Run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0

#7
spiritoh
Posted 23 July 2005 - 01:33 PM

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The file isn't found on this site.

Please download FindQoologic from here:


Find_Qoologic2.zip
Save it to the desktop and extract files from it. Run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0

#8
tampabelle
Posted 23 July 2005 - 01:39 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download the attachment
  • 0

#9
spiritoh
Posted 23 July 2005 - 04:46 PM

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hopefully this is the correct file:

"Find activesetup", version1, launched at: 18:45
Operating System: Windows Millennium


HKLM\Software\Microsoft\Active Setup\Installed Components\
"PerUser_CVT_Inis\(Default)" = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]
"{44BBA842-CC51-11CF-AAFA-00AA00B6015C}\(Default)" = "NetMeeting 3.01"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.W95" [MS]
"PerUser_DCC_Inis\(Default)" = "Windows Setup - Direct Cable Connection"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis_remove 64 C:\WINDOWS\INF\rna.inf" [MS]
  • 0

#10
tampabelle
Posted 23 July 2005 - 06:36 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,

The number of files thrown up by these logs are huge and I am trying to check on each and every file.

I need some help from you.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
  • 0

Advertisements

#11
spiritoh
Posted 23 July 2005 - 07:24 PM

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
when I run the l2mfix.bat I recieve the following error right away, and command window state "syntax error"

contents not.txt
Not compatible with 9x or windows nt
  • 0

#12
tampabelle
Posted 23 July 2005 - 07:41 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,


My bad !!!!!

Guess I was looking for an easy solution !!! That tool only works on Windows 2000 and Windows XP. We will need to work out this the hard way


Download Findit9xME and save it.

Unzip the file and save the files in a new folder - VX2 on your desktop. Amongst the files extracted is a file - Findit9XME.bat. Double click on the file. It will generate a log file.

Post this log file back here
  • 0

#13
spiritoh
Posted 24 July 2005 - 09:44 AM

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for helpinh on this...I tried to do it the easy way also, but this is my sons pc and you know how that goes :tazz:

Here's the output log:
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is 20040319
Volume Serial Number is 035C-1B08
Directory of C:\WINDOWS\SYSTEM

AUXDRV~1 ODS 5 07-23-05 10:01a AuxDrv32ds_k.ods
CPM DLL 226,080 07-23-05 9:59a CPM.DLL
SZELL32 DLL 226,080 07-23-05 9:59a SZELL32.DLL
DBMAP DLL 226,080 07-23-05 9:59a dbmap.dll
WFPLENC DLL 226,080 07-23-05 9:59a WFPLENC.DLL
CDOOSUSR DLL 226,080 07-23-05 9:59a CDOOSUSR.DLL
CKUTOA DLL 226,080 07-23-05 9:59a CKUTOA.DLL
DWMM DLL 226,080 07-23-05 9:59a DWMM.DLL
QPV DLL 227,616 07-17-05 12:06a QPV.DLL
UYER32 DLL 227,616 07-17-05 12:06a UYER32.DLL
CRM DLL 227,616 07-17-05 12:06a CRM.DLL
OAESVR DLL 227,616 07-17-05 12:06a OAESVR.DLL
ITHLPAPI DLL 227,616 07-17-05 12:06a ITHLPAPI.DLL
JGVAEE DLL 227,616 07-17-05 12:06a JGVAEE.DLL
MYTCP DLL 227,616 07-17-05 12:06a MYTCP.DLL
MBINCP16 DLL 227,616 07-17-05 12:06a MBINCP16.DLL
DDNDI DLL 227,616 07-17-05 12:06a DDNDI.DLL
MYCI DLL 227,616 07-17-05 12:06a MYCI.DLL
CHMNEW DLL 227,616 07-17-05 12:06a chmnew.dll
ACIPDLXX DLL 227,616 07-17-05 12:06a ACIPDLXX.DLL
SBCUR32 DLL 227,616 07-17-05 12:06a SBCUR32.DLL
WRICORE DLL 227,616 07-17-05 12:06a WRICORE.DLL
DLMSTOR DLL 227,104 07-11-05 6:06p DLMSTOR.DLL
FXSION32 DLL 227,104 07-11-05 6:06p FXSION32.DLL
DQVENUM DLL 227,104 07-11-05 6:06p DQVENUM.DLL
SRSINV DLL 227,104 07-11-05 6:06p SRSINV.DLL
8E55INDI DLL 227,104 07-11-05 6:06p 8E55INDI.DLL
MDDOCS DLL 227,104 07-11-05 6:06p MDDOCS.DLL
NJWDEV DLL 227,104 07-11-05 6:06p NJWDEV.DLL
VEDX16 DLL 227,104 07-11-05 6:06p VEDX16.DLL
CPUTOA DLL 227,104 07-11-05 6:06p CPUTOA.DLL
MGR2C DLL 227,104 07-11-05 6:06p MGR2C.DLL
MXDVDOPT DLL 227,104 06-24-05 3:53p MXDVDOPT.DLL
SRPDLL DLL 227,104 06-24-05 3:53p SRPDLL.DLL
WFDMLOG DLL 227,104 06-24-05 3:53p WFDMLOG.DLL
NTTPLWIZ DLL 227,104 06-24-05 3:53p NTTPLWIZ.DLL
QJIM32 DLL 227,104 06-24-05 3:53p QJIM32.DLL
OXGFS400 DLL 227,104 06-24-05 3:53p OXGFS400.DLL
CHSEQCHK DLL 227,104 06-24-05 3:53p CHSEQCHK.DLL
MHHTMLED DLL 227,104 06-24-05 3:53p MHHTMLED.DLL
DA32GT DLL 227,104 06-24-05 3:53p DA32GT.DLL
MQAFD DLL 227,104 06-24-05 3:53p MQAFD.DLL
MYRTEDIT DLL 227,104 06-24-05 3:53p MYRTEDIT.DLL
RIAENH DLL 227,104 06-24-05 3:53p RIAENH.DLL
AKIICDXX DLL 227,104 06-24-05 3:53p AKIICDXX.DLL
NHWDEV DLL 227,104 06-24-05 3:53p NHWDEV.DLL
RYRC32 DLL 227,104 06-24-05 3:53p RYRC32.DLL
WPASHEXT DLL 227,104 06-24-05 3:53p WPASHEXT.DLL
LROUSE16 DLL 227,104 06-24-05 3:53p LROUSE16.DLL
SLLFX DLL 227,104 06-24-05 3:53p SLLFX.DLL
WAPLOC DLL 227,104 06-24-05 3:53p WAPLOC.DLL
RNCLTSCM DLL 227,104 06-24-05 3:53p RNCLTSCM.DLL
CVM DLL 227,104 06-24-05 3:53p CVM.DLL
DZVVOX DLL 227,104 06-24-05 3:53p DZVVOX.DLL
WTADEFUI DLL 227,104 06-24-05 3:53p WTADEFUI.DLL
AFIICDXX DLL 227,104 06-24-05 3:53p AFIICDXX.DLL
BDOWSELC DLL 227,104 06-24-05 3:53p BDOWSELC.DLL
IVM32 DLL 227,104 06-24-05 3:53p IVM32.DLL
IXMUPG DLL 226,080 06-17-05 12:03a IXMUPG.DLL
SPHANNEL DLL 226,080 06-17-05 12:03a SPHANNEL.DLL
CERDS DLL 226,080 06-17-05 12:03a CERDS.DLL
MXRATING DLL 226,080 06-17-05 12:03a MXRATING.DLL
MZOEACCT DLL 226,080 06-17-05 12:03a mzoeacct.dll
DD32GT DLL 226,080 06-17-05 12:03a DD32GT.DLL
SOGE DLL 226,080 06-17-05 12:03a SOGE.DLL
WIVCORE DLL 226,080 06-17-05 12:03a WIVCORE.DLL
MIUTILSE DLL 226,080 06-17-05 12:03a MIUTILSE.DLL
WOCTHUNK DLL 226,592 05-10-05 5:24p WOCTHUNK.DLL
ARIFIL32 DLL 226,592 05-10-05 5:24p ARIFIL32.DLL
DHNMPNTW DLL 226,592 05-10-05 5:24p DHNMPNTW.DLL
JNEG1X32 DLL 226,592 05-10-05 5:24p JNEG1X32.DLL
CEYPTDLG DLL 226,592 05-10-05 5:24p CEYPTDLG.DLL
FYSRCH DLL 226,592 05-10-05 5:24p FYSRCH.DLL
DPEML DLL 226,592 05-10-05 5:24p DPEML.DLL
DCCPCSVC DLL 226,592 05-10-05 5:24p DCCPCSVC.DLL
DYVENUM DLL 226,592 05-10-05 5:24p DYVENUM.DLL
MAAFD DLL 226,592 05-10-05 5:24p MAAFD.DLL
MMAFD DLL 226,592 05-10-05 5:24p MMAFD.DLL
JLDW400 DLL 226,592 05-10-05 5:24p JLDW400.DLL
DTMSVINN DLL 226,592 05-10-05 5:24p DTMSVINN.DLL
DND8 DLL 226,592 05-10-05 5:24p dNd8.dll
DLUSIC16 DLL 226,592 05-10-05 5:24p DLUSIC16.DLL
OSUI400 DLL 226,592 05-10-05 5:24p OSUI400.DLL
PFDRV DLL 226,592 05-10-05 5:24p pfdrv.dll
QJDWIPES DLL 226,592 05-10-05 5:24p QJDWIPES.DLL
OJMREG DLL 226,592 05-10-05 5:24p OJMREG.DLL
ZCORT4AS DLL 226,592 05-10-05 5:24p ZCORT4AS.dll
SWMAN32 DLL 226,592 05-10-05 5:24p SWMAN32.DLL
MXG4DMOD DLL 226,592 05-10-05 5:24p MXG4DMOD.DLL
AAIV16XX DLL 226,592 05-10-05 5:24p AAIV16XX.DLL
IZENGINE DLL 226,592 05-10-05 5:24p izengine.dll
MBHTMLED DLL 226,592 05-10-05 5:24p MBHTMLED.DLL
JXNGLE DLL 226,592 05-10-05 5:24p Jxngle.dll
DADIAGN DLL 226,592 05-10-05 5:24p dadiagn.dll
MVIMRT DLL 226,592 05-10-05 5:24p MVIMRT.DLL
IOET16 DLL 226,592 05-10-05 5:24p IOET16.DLL
MAXML4A DLL 226,592 05-10-05 5:24p maxml4a.dll
GFIDE2X DLL 226,592 05-10-05 5:24p GFIDE2X.DLL
LPOUSE32 DLL 226,592 05-10-05 5:24p LPOUSE32.DLL
WK5INF32 DLL 226,592 05-10-05 5:24p WK5INF32.DLL
IASENG DLL 226,592 05-10-05 5:24p IASENG.DLL
CPRDS DLL 226,592 05-10-05 5:24p CPRDS.DLL
SQNCUI DLL 226,592 05-10-05 5:24p SQNCUI.DLL
EFTIER2 DLL 226,592 05-10-05 5:24p EFTIER2.DLL
IYWPHBK DLL 226,592 05-10-05 5:24p IYWPHBK.DLL
MCRD2X40 DLL 226,592 05-10-05 5:24p MCRD2X40.DLL
DAMSVINN DLL 226,592 05-10-05 5:24p DAMSVINN.DLL
ATIFIL32 DLL 226,592 05-10-05 5:24p ATIFIL32.DLL
DRMSVINN DLL 226,592 05-10-05 5:24p DRMSVINN.DLL
SCNDMAIL DLL 226,592 05-10-05 5:24p SCNDMAIL.DLL
GUI32 DLL 226,592 05-10-05 5:24p GUI32.DLL
CXMNCTR DLL 226,592 05-10-05 5:24p CXMNCTR.DLL
HNOIMG07 DLL 226,592 05-10-05 5:24p HNOIMG07.DLL
MD3216 DLL 226,592 05-10-05 5:24p MD3216.DLL
SFLWAPI DLL 227,104 03-23-05 8:39p SFLWAPI.DLL
MPHTMLER DLL 227,104 03-23-05 8:39p MPHTMLER.DLL
MOACM32 DLL 227,104 03-23-05 8:39p MOACM32.DLL
NCTPLWIZ DLL 227,104 03-23-05 8:39p NCTPLWIZ.DLL
OPE32 DLL 227,104 03-23-05 8:39p OPE32.DLL
DNNMPNTW DLL 227,104 03-23-05 8:39p DNNMPNTW.DLL
SRSCLASS DLL 227,104 03-23-05 8:39p SRSCLASS.DLL
WXPLOC DLL 227,104 03-23-05 8:39p WXPLOC.DLL
DVGSIG DLL 227,104 03-23-05 8:39p DVGSIG.DLL
SAC DLL 227,104 03-23-05 8:39p SAC.DLL
SQC DLL 227,104 03-23-05 8:39p SQC.DLL
OJPRT400 DLL 227,104 03-23-05 8:39p OJPRT400.DLL
MNNET32 DLL 227,104 03-23-05 8:39p MNNET32.DLL
NUSWAN16 DLL 227,104 03-23-05 8:39p NUSWAN16.DLL
MLCUIW32 DLL 227,104 03-23-05 8:39p MLCUIW32.DLL
OLTWA400 DLL 227,104 03-23-05 8:39p OLTWA400.DLL
STLFX DLL 227,104 03-23-05 8:39p STLFX.DLL
IEETCFG DLL 227,104 03-23-05 8:39p IEETCFG.DLL
IKGSHL DLL 227,104 03-23-05 8:39p IKGSHL.DLL
IK50_32 DLL 227,104 03-23-05 8:39p IK50_32.DLL
WVBVW DLL 227,104 03-23-05 8:39p WVBVW.DLL
MMCRLREV DLL 227,104 03-23-05 8:39p mmcrlrev.dll
DWDRM DLL 227,104 03-23-05 8:39p DWDRM.DLL
MBDVDOPT DLL 227,104 03-23-05 8:39p MBDVDOPT.DLL
MVAFD DLL 227,104 03-23-05 8:39p MVAFD.DLL
NKTURE DLL 227,104 03-23-05 8:39p NKture.dll
AEIDDC DLL 227,104 03-23-05 8:39p AEIDDC.DLL
RCCHED20 DLL 227,104 03-23-05 8:39p RCCHED20.DLL
DJMSSPXN DLL 227,104 03-23-05 8:39p DJMSSPXN.DLL
JJEG1X32 DLL 227,104 03-23-05 8:39p JJEG1X32.DLL
WVICORE DLL 227,104 03-23-05 8:39p WVICORE.DLL
NKTPLWIZ DLL 227,104 03-23-05 8:39p NKTPLWIZ.DLL
MWTCP DLL 227,104 03-23-05 8:39p MWTCP.DLL
SATUPX32 DLL 227,104 03-23-05 8:39p SATUPX32.DLL
MAANG DLL 227,104 03-23-05 8:39p MAANG.DLL
IQETCFG DLL 227,104 03-23-05 8:39p IQETCFG.DLL
UFDM32 DLL 227,104 03-23-05 8:39p UFDM32.DLL
SQCUR32 DLL 227,104 03-23-05 8:39p SQCUR32.DLL
EHTIER2 DLL 227,104 03-23-05 8:39p EHTIER2.DLL
DHDMOPRP DLL 227,104 03-23-05 8:39p dhdmoprp.dll
KGRNEL32 DLL 227,104 03-23-05 8:39p KGRNEL32.DLL
GXU32 DLL 227,104 03-23-05 8:39p GXU32.DLL
DLSTYLE DLL 227,104 03-23-05 8:39p DLSTYLE.DLL
DGD3D01 DLL 227,104 03-23-05 8:39p DGD3D01.DLL
RTAENH DLL 227,104 03-23-05 8:39p RTAENH.DLL
HWOIMN07 DLL 227,104 03-23-05 8:39p HWOIMN07.DLL
MAVCRT DLL 227,104 03-23-05 8:39p MAVCRT.DLL
MUIMRT16 DLL 227,104 03-23-05 8:39p MUIMRT16.DLL
MBCI DLL 227,104 03-23-05 8:39p MBCI.DLL
MJEXCH40 DLL 227,104 03-23-05 8:39p MJEXCH40.DLL
IDM32 DLL 227,104 03-23-05 8:39p IDM32.DLL
ICSS DLL 227,104 03-23-05 8:39p ICSS.DLL
HKOPCL07 DLL 227,104 03-23-05 8:39p HKOPCL07.DLL
DQICM DLL 227,104 03-23-05 8:39p DQICM.DLL
OLMDSPIF DLL 227,104 03-23-05 8:39p OLMDSPIF.DLL
CORDS DLL 227,104 03-23-05 8:39p CORDS.DLL
DVVOICE DLL 227,104 03-23-05 8:39p DVVOICE.DLL
IDFRARED DLL 227,104 03-23-05 8:39p IDFRARED.DLL
MRUTILSE DLL 227,104 03-23-05 8:39p MRUTILSE.DLL
DGVVOX DLL 227,104 03-23-05 8:39p DGVVOX.DLL
MDIDENT DLL 227,104 03-23-05 8:39p mdident.dll
MRIDENT DLL 227,104 03-23-05 8:39p mrident.dll
PXPARSE DLL 227,104 03-23-05 8:39p PXPARSE.DLL
IVMUPG DLL 227,104 03-23-05 8:39p IVMUPG.DLL
SUCUR32 DLL 227,104 03-23-05 8:39p SUCUR32.DLL
DFMSTOR DLL 227,104 03-23-05 8:39p DFMSTOR.DLL
180 file(s) 40,618,341 bytes
0 dir(s) 25,927.69 MB free

------- Hidden Files in System Directory -------


Volume in drive C is 20040319
Volume Serial Number is 035C-1B08
Directory of C:\WINDOWS\SYSTEM

AUXDRV~1 ODS 5 07-23-05 10:01a AuxDrv32ds_k.ods
FOLDER HTT 23,155 03-24-05 11:19p folder.htt
DESKTOP INI 271 03-24-05 11:19p desktop.ini
3 file(s) 23,431 bytes
0 dir(s) 25,927.66 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AD650611-56B3-C9B3-94F4-0E5643E06385}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
wocthunk.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
arifil32.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dhnmpntw.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
jneg1x32.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
cpm.dll Sat Jul 23 2005 9:59:02a ..S.R 226,080 220.78 K
szell32.dll Sat Jul 23 2005 9:59:02a ..S.R 226,080 220.78 K
ceyptdlg.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
fysrch.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dpeml.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dccpcsvc.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dyvenum.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
maafd.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
mmafd.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
jldw400.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dtmsvinn.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
qpv.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
uyer32.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
crm.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
dnd8.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dlusic16.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
osui400.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
pfdrv.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
qjdwipes.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
ojmreg.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
zcort4as.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
swman32.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dbmap.dll Sat Jul 23 2005 9:59:02a ..S.R 226,080 220.78 K
dlmstor.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
fxsion32.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
mxg4dmod.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
aaiv16xx.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
izengine.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
mbhtmled.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
jxngle.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
dadiagn.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
mvimrt.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
ioet16.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
maxml4a.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
gfide2x.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
lpouse32.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
wk5inf32.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
iaseng.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
cprds.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
sqncui.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
eftier2.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
iywphbk.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
mcrd2x40.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
damsvinn.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
atifil32.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
drmsvinn.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
scndmail.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
gui32.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
cxmnctr.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
hnoimg07.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
md3216.dll Tue May 10 2005 5:24:08p ..S.R 226,592 221.28 K
ixmupg.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
sphannel.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
cerds.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
mxrating.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
mzoeacct.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
dd32gt.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
soge.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
wivcore.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
miutilse.dll Fri Jun 17 2005 12:03:42a ..S.R 226,080 220.78 K
mxdvdopt.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
srpdll.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
wfdmlog.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
nttplwiz.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
qjim32.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
oxgfs400.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
chseqchk.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
mhhtmled.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
da32gt.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
mqafd.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
myrtedit.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
riaenh.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
akiicdxx.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
nhwdev.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
ryrc32.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
wpashext.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
lrouse16.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
sllfx.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
waploc.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
rncltscm.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
cvm.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
dzvvox.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
wtadefui.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
afiicdxx.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
bdowselc.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
ivm32.dll Fri Jun 24 2005 3:53:54p ..S.R 227,104 221.78 K
dqvenum.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
srsinv.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
8e55indi.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
mddocs.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
njwdev.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
vedx16.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
cputoa.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
mgr2c.dll Mon Jul 11 2005 6:06:44p ..S.R 227,104 221.78 K
wfplenc.dll Sat Jul 23 2005 9:59:02a ..S.R 226,080 220.78 K
oaesvr.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
ithlpapi.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
jgvaee.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
mytcp.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
mbincp16.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
ddndi.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
myci.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
chmnew.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
acipdlxx.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
sbcur32.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
wricore.dll Sun Jul 17 2005 12:06:16a ..S.R 227,616 222.28 K
cdoosusr.dll Sat Jul 23 2005 9:59:02a ..S.R 226,080 220.78 K
ckutoa.dll Sat Jul 23 2005 9:59:02a ..S.R 226,080 220.78 K
auxdrv~1.ods Sat Jul 23 2005 10:01:58a A.SH. 5 0.00 K
dwmm.dll Sat Jul 23 2005 9:59:02a ..S.R 226,080 220.78 K

114 items found: 114 files, 0 directories.
Total of file sizes: 25,629,477 bytes 24.44 M

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: aFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: qoologic trojan
C:\WINDOWS\USER.DAT: qoologic trojan removal
C:\WINDOWS\USER.DAT: pFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: rFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: jC:\WINDOWS\Desktop\Find_Qoologic2.zipic2.zip
C:\WINDOWS\USER.DAT: cFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: cC:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: cFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.P
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.N
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.I
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.E
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.D
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.A
C:\WINDOWS\SYSTEM\pav.sig: Qoologic

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: :.aspackze
C:\WINDOWS\SYSTEM\pav.sig: .aspack.text
C:\WINDOWS\SYSTEM\pav.sig: H.aspack.text
C:\WINDOWS\SYSTEM\pav.sig: .aspack.text
C:\WINDOWS\SYSTEM\pav.sig: 4.aspack
C:\WINDOWS\SYSTEM\pav.sig: F<SW.aspack
C:\WINDOWS\SYSTEM\pav.sig: [.aspack
C:\WINDOWS\SYSTEM\pav.sig: .aspack0
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: [email protected]
C:\WINDOWS\SYSTEM\pav.sig: AsPack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"Logitech Utility"="Logi_MwX.Exe"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#14
tampabelle
Posted 24 July 2005 - 11:14 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,


Lets start getting the bad guys !!!!!!!
  • Download the Pocket Killbox.
  • Unzip the contents of KillBox.zip to a convenient location.
  • Double-click on KillBox.exe.
  • Click "Replace on Reboot" and check the "Use Dummy" box.
  • Paste this file into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\SYSTEM\wocthunk.dll
  • Click the "Delete File" button which looks like a stop sign.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "No" at the Pending Operations prompt.
  • Repeat steps 4-8 above for these files:
    • C:\WINDOWS\SYSTEM\arifil32.dll
    • C:\WINDOWS\SYSTEM\dhnmpntw.dll
    • C:\WINDOWS\SYSTEM\jneg1x32.dll
    • C:\WINDOWS\SYSTEM\cpm.dll
    • C:\WINDOWS\SYSTEM\szell32.dll
    • C:\WINDOWS\SYSTEM\ceyptdlg.dll
    • C:\WINDOWS\SYSTEM\fysrch.dll
    • C:\WINDOWS\SYSTEM\dpeml.dll
    • C:\WINDOWS\SYSTEM\dccpcsvc.dll
    • C:\WINDOWS\SYSTEM\dyvenum.dll
    • C:\WINDOWS\SYSTEM\maafd.dll
    • C:\WINDOWS\SYSTEM\mmafd.dll
    • C:\WINDOWS\SYSTEM\jldw400.dll
    • C:\WINDOWS\SYSTEM\dtmsvinn.dll
    • C:\WINDOWS\SYSTEM\qpv.dll
    • C:\WINDOWS\SYSTEM\uyer32.dll
    • C:\WINDOWS\SYSTEM\crm.dll
    • C:\WINDOWS\SYSTEM\dnd8.dll
    • C:\WINDOWS\SYSTEM\dlusic16.dll
    • C:\WINDOWS\SYSTEM\osui400.dll
    • C:\WINDOWS\SYSTEM\pfdrv.dll
    • C:\WINDOWS\SYSTEM\qjdwipes.dll
    • C:\WINDOWS\SYSTEM\ojmreg.dll
    • C:\WINDOWS\SYSTEM\zcort4as.dll
    • C:\WINDOWS\SYSTEM\swman32.dll
    • C:\WINDOWS\SYSTEM\dbmap.dll
    • C:\WINDOWS\SYSTEM\dlmstor.dll
    • C:\WINDOWS\SYSTEM\fxsion32.dll
    • C:\WINDOWS\SYSTEM\mxg4dmod.dll
    • C:\WINDOWS\SYSTEM\aaiv16xx.dll
    • C:\WINDOWS\SYSTEM\izengine.dll
    • C:\WINDOWS\SYSTEM\mbhtmled.dll
    • C:\WINDOWS\SYSTEM\jxngle.dll
    • C:\WINDOWS\SYSTEM\dadiagn.dll
    • C:\WINDOWS\SYSTEM\mvimrt.dll
    • C:\WINDOWS\SYSTEM\ioet16.dll
    • C:\WINDOWS\SYSTEM\maxml4a.dll
    • C:\WINDOWS\SYSTEM\gfide2x.dll
    • C:\WINDOWS\SYSTEM\lpouse32.dll
    • C:\WINDOWS\SYSTEM\wk5inf32.dll
    • C:\WINDOWS\SYSTEM\iaseng.dll
    • C:\WINDOWS\SYSTEM\cprds.dll
    • C:\WINDOWS\SYSTEM\sqncui.dll
    • C:\WINDOWS\SYSTEM\eftier2.dll
    • C:\WINDOWS\SYSTEM\iywphbk.dll
    • C:\WINDOWS\SYSTEM\mcrd2x40.dll
    • C:\WINDOWS\SYSTEM\damsvinn.dll
    • C:\WINDOWS\SYSTEM\atifil32.dll
    • C:\WINDOWS\SYSTEM\drmsvinn.dll
    • C:\WINDOWS\SYSTEM\scndmail.dll
    • C:\WINDOWS\SYSTEM\gui32.dll
    • C:\WINDOWS\SYSTEM\cxmnctr.dll
    • C:\WINDOWS\SYSTEM\hnoimg07.dll
    • C:\WINDOWS\SYSTEM\md3216.dll
    • C:\WINDOWS\SYSTEM\ixmupg.dll
    • C:\WINDOWS\SYSTEM\sphannel.dll
    • C:\WINDOWS\SYSTEM\cerds.dll
    • C:\WINDOWS\SYSTEM\mxrating.dll
    • C:\WINDOWS\SYSTEM\mzoeacct.dll
    • C:\WINDOWS\SYSTEM\dd32gt.dll
    • C:\WINDOWS\SYSTEM\soge.dll
    • C:\WINDOWS\SYSTEM\wivcore.dll
    • C:\WINDOWS\SYSTEM\miutilse.dll
    • C:\WINDOWS\SYSTEM\mxdvdopt.dll
    • C:\WINDOWS\SYSTEM\srpdll.dll
    • C:\WINDOWS\SYSTEM\wfdmlog.dll
    • C:\WINDOWS\SYSTEM\nttplwiz.dll
    • C:\WINDOWS\SYSTEM\qjim32.dll
    • C:\WINDOWS\SYSTEM\oxgfs400.dll
    • C:\WINDOWS\SYSTEM\chseqchk.dll
    • C:\WINDOWS\SYSTEM\mhhtmled.dll
    • C:\WINDOWS\SYSTEM\da32gt.dll
    • C:\WINDOWS\SYSTEM\mqafd.dll
    • C:\WINDOWS\SYSTEM\myrtedit.dll
    • C:\WINDOWS\SYSTEM\riaenh.dll
    • C:\WINDOWS\SYSTEM\akiicdxx.dll
    • C:\WINDOWS\SYSTEM\nhwdev.dll
    • C:\WINDOWS\SYSTEM\ryrc32.dll
    • C:\WINDOWS\SYSTEM\wpashext.dll
    • C:\WINDOWS\SYSTEM\lrouse16.dll
    • C:\WINDOWS\SYSTEM\sllfx.dll
    • C:\WINDOWS\SYSTEM\waploc.dll
    • C:\WINDOWS\SYSTEM\rncltscm.dll
    • C:\WINDOWS\SYSTEM\cvm.dll
    • C:\WINDOWS\SYSTEM\dzvvox.dll
    • C:\WINDOWS\SYSTEM\wtadefui.dll
    • C:\WINDOWS\SYSTEM\afiicdxx.dll
    • C:\WINDOWS\SYSTEM\bdowselc.dll
    • C:\WINDOWS\SYSTEM\ivm32.dll
    • C:\WINDOWS\SYSTEM\dqvenum.dll
    • C:\WINDOWS\SYSTEM\srsinv.dll
    • C:\WINDOWS\SYSTEM\8e55indi.dll
    • C:\WINDOWS\SYSTEM\mddocs.dll
    • C:\WINDOWS\SYSTEM\njwdev.dll
    • C:\WINDOWS\SYSTEM\vedx16.dll
    • C:\WINDOWS\SYSTEM\cputoa.dll
    • C:\WINDOWS\SYSTEM\mgr2c.dll
    • C:\WINDOWS\SYSTEM\wfplenc.dll
    • C:\WINDOWS\SYSTEM\oaesvr.dll
    • C:\WINDOWS\SYSTEM\ithlpapi.dll
    • C:\WINDOWS\SYSTEM\jgvaee.dll
    • C:\WINDOWS\SYSTEM\mytcp.dll
    • C:\WINDOWS\SYSTEM\mbincp16.dll
    • C:\WINDOWS\SYSTEM\ddndi.dll
    • C:\WINDOWS\SYSTEM\myci.dll
    • C:\WINDOWS\SYSTEM\chmnew.dll
    • C:\WINDOWS\SYSTEM\acipdlxx.dll
    • C:\WINDOWS\SYSTEM\sbcur32.dll
    • C:\WINDOWS\SYSTEM\wricore.dll
    • C:\WINDOWS\SYSTEM\cdoosusr.dll
    • C:\WINDOWS\SYSTEM\ckutoa.dll
    • C:\WINDOWS\SYSTEM\dwmm.dll
  • Click "Replace on Reboot" and check the "Use Dummy" box.
  • Paste this file into the top "Full Path of File to Delete" box.
    • C:\WINDOWS\System32\Guard.tmp
  • Click the "Delete File" button which looks like a stop sign.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "Yes" at the Pending Operations prompt to restart your computer.
  • Double-click on find.bat and post the new output.txt.

  • 0

#15
tampabelle
Posted 24 July 2005 - 11:18 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi spiritoh,

Lots of files, let me see if I can find a better way to paste all the files instead of copying them one at a time
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP