Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows ME Constant gambling pop-up windows [RESOLVED]


  • This topic is locked This topic is locked

#16
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,

Lets try this method - This should be easier on you. In case you have any problems in copying the files and pasting them, then you would need to revert to the manual copying and pasting of each file. :tazz:

* Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\WINDOWS\SYSTEM\wocthunk.dll
C:\WINDOWS\SYSTEM\arifil32.dll
C:\WINDOWS\SYSTEM\dhnmpntw.dll
C:\WINDOWS\SYSTEM\jneg1x32.dll
C:\WINDOWS\SYSTEM\cpm.dll
C:\WINDOWS\SYSTEM\szell32.dll
C:\WINDOWS\SYSTEM\ceyptdlg.dll
C:\WINDOWS\SYSTEM\fysrch.dll
C:\WINDOWS\SYSTEM\dpeml.dll
C:\WINDOWS\SYSTEM\dccpcsvc.dll
C:\WINDOWS\SYSTEM\dyvenum.dll
C:\WINDOWS\SYSTEM\maafd.dll
C:\WINDOWS\SYSTEM\mmafd.dll
C:\WINDOWS\SYSTEM\jldw400.dll
C:\WINDOWS\SYSTEM\dtmsvinn.dll
C:\WINDOWS\SYSTEM\qpv.dll
C:\WINDOWS\SYSTEM\uyer32.dll
C:\WINDOWS\SYSTEM\crm.dll
C:\WINDOWS\SYSTEM\dnd8.dll
C:\WINDOWS\SYSTEM\dlusic16.dll
C:\WINDOWS\SYSTEM\osui400.dll
C:\WINDOWS\SYSTEM\pfdrv.dll
C:\WINDOWS\SYSTEM\qjdwipes.dll
C:\WINDOWS\SYSTEM\ojmreg.dll
C:\WINDOWS\SYSTEM\zcort4as.dll
C:\WINDOWS\SYSTEM\swman32.dll
C:\WINDOWS\SYSTEM\dbmap.dll
C:\WINDOWS\SYSTEM\dlmstor.dll
C:\WINDOWS\SYSTEM\fxsion32.dll
C:\WINDOWS\SYSTEM\mxg4dmod.dll
C:\WINDOWS\SYSTEM\aaiv16xx.dll
C:\WINDOWS\SYSTEM\izengine.dll
C:\WINDOWS\SYSTEM\mbhtmled.dll
C:\WINDOWS\SYSTEM\jxngle.dll
C:\WINDOWS\SYSTEM\dadiagn.dll
C:\WINDOWS\SYSTEM\mvimrt.dll
C:\WINDOWS\SYSTEM\ioet16.dll
C:\WINDOWS\SYSTEM\maxml4a.dll
C:\WINDOWS\SYSTEM\gfide2x.dll
C:\WINDOWS\SYSTEM\lpouse32.dll
C:\WINDOWS\SYSTEM\wk5inf32.dll
C:\WINDOWS\SYSTEM\iaseng.dll
C:\WINDOWS\SYSTEM\cprds.dll
C:\WINDOWS\SYSTEM\sqncui.dll
C:\WINDOWS\SYSTEM\eftier2.dll
C:\WINDOWS\SYSTEM\iywphbk.dll
C:\WINDOWS\SYSTEM\mcrd2x40.dll
C:\WINDOWS\SYSTEM\damsvinn.dll
C:\WINDOWS\SYSTEM\atifil32.dll
C:\WINDOWS\SYSTEM\drmsvinn.dll
C:\WINDOWS\SYSTEM\scndmail.dll
C:\WINDOWS\SYSTEM\gui32.dll
C:\WINDOWS\SYSTEM\cxmnctr.dll
C:\WINDOWS\SYSTEM\hnoimg07.dll
C:\WINDOWS\SYSTEM\md3216.dll
C:\WINDOWS\SYSTEM\ixmupg.dll
C:\WINDOWS\SYSTEM\sphannel.dll
C:\WINDOWS\SYSTEM\cerds.dll
C:\WINDOWS\SYSTEM\mxrating.dll
C:\WINDOWS\SYSTEM\mzoeacct.dll
C:\WINDOWS\SYSTEM\dd32gt.dll
C:\WINDOWS\SYSTEM\soge.dll
C:\WINDOWS\SYSTEM\wivcore.dll
C:\WINDOWS\SYSTEM\miutilse.dll
C:\WINDOWS\SYSTEM\mxdvdopt.dll
C:\WINDOWS\SYSTEM\srpdll.dll
C:\WINDOWS\SYSTEM\wfdmlog.dll
C:\WINDOWS\SYSTEM\nttplwiz.dll
C:\WINDOWS\SYSTEM\qjim32.dll
C:\WINDOWS\SYSTEM\oxgfs400.dll
C:\WINDOWS\SYSTEM\chseqchk.dll
C:\WINDOWS\SYSTEM\mhhtmled.dll
C:\WINDOWS\SYSTEM\da32gt.dll
C:\WINDOWS\SYSTEM\mqafd.dll
C:\WINDOWS\SYSTEM\myrtedit.dll
C:\WINDOWS\SYSTEM\riaenh.dll
C:\WINDOWS\SYSTEM\akiicdxx.dll
C:\WINDOWS\SYSTEM\nhwdev.dll
C:\WINDOWS\SYSTEM\ryrc32.dll
C:\WINDOWS\SYSTEM\wpashext.dll
C:\WINDOWS\SYSTEM\lrouse16.dll
C:\WINDOWS\SYSTEM\sllfx.dll
C:\WINDOWS\SYSTEM\waploc.dll
C:\WINDOWS\SYSTEM\rncltscm.dll
C:\WINDOWS\SYSTEM\cvm.dll
C:\WINDOWS\SYSTEM\dzvvox.dll
C:\WINDOWS\SYSTEM\wtadefui.dll
C:\WINDOWS\SYSTEM\afiicdxx.dll
C:\WINDOWS\SYSTEM\bdowselc.dll
C:\WINDOWS\SYSTEM\ivm32.dll
C:\WINDOWS\SYSTEM\dqvenum.dll
C:\WINDOWS\SYSTEM\srsinv.dll
C:\WINDOWS\SYSTEM\8e55indi.dll
C:\WINDOWS\SYSTEM\mddocs.dll
C:\WINDOWS\SYSTEM\njwdev.dll
C:\WINDOWS\SYSTEM\vedx16.dll
C:\WINDOWS\SYSTEM\cputoa.dll
C:\WINDOWS\SYSTEM\mgr2c.dll
C:\WINDOWS\SYSTEM\wfplenc.dll
C:\WINDOWS\SYSTEM\oaesvr.dll
C:\WINDOWS\SYSTEM\ithlpapi.dll
C:\WINDOWS\SYSTEM\jgvaee.dll
C:\WINDOWS\SYSTEM\mytcp.dll
C:\WINDOWS\SYSTEM\mbincp16.dll
C:\WINDOWS\SYSTEM\ddndi.dll
C:\WINDOWS\SYSTEM\myci.dll
C:\WINDOWS\SYSTEM\chmnew.dll
C:\WINDOWS\SYSTEM\acipdlxx.dll
C:\WINDOWS\SYSTEM\sbcur32.dll
C:\WINDOWS\SYSTEM\wricore.dll
C:\WINDOWS\SYSTEM\cdoosusr.dll
C:\WINDOWS\SYSTEM\ckutoa.dll
C:\WINDOWS\SYSTEM\dwmm.dll
C:\WINDOWS\System32\Guard.tmp


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.


Double-click on find.bat and post the new output.txt.
  • 0

Advertisements


#17
spiritoh

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Looks like we're getting there....
here's the log:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is 20040319
Volume Serial Number is 035C-1B08
Directory of C:\WINDOWS\SYSTEM

AUXDRV~1 ODS 5 07-23-05 10:01a AuxDrv32ds_k.ods
SFLWAPI DLL 227,104 03-23-05 8:39p SFLWAPI.DLL
MPHTMLER DLL 227,104 03-23-05 8:39p MPHTMLER.DLL
MOACM32 DLL 227,104 03-23-05 8:39p MOACM32.DLL
NCTPLWIZ DLL 227,104 03-23-05 8:39p NCTPLWIZ.DLL
OPE32 DLL 227,104 03-23-05 8:39p OPE32.DLL
DNNMPNTW DLL 227,104 03-23-05 8:39p DNNMPNTW.DLL
SRSCLASS DLL 227,104 03-23-05 8:39p SRSCLASS.DLL
WXPLOC DLL 227,104 03-23-05 8:39p WXPLOC.DLL
DVGSIG DLL 227,104 03-23-05 8:39p DVGSIG.DLL
SAC DLL 227,104 03-23-05 8:39p SAC.DLL
SQC DLL 227,104 03-23-05 8:39p SQC.DLL
OJPRT400 DLL 227,104 03-23-05 8:39p OJPRT400.DLL
MNNET32 DLL 227,104 03-23-05 8:39p MNNET32.DLL
NUSWAN16 DLL 227,104 03-23-05 8:39p NUSWAN16.DLL
MLCUIW32 DLL 227,104 03-23-05 8:39p MLCUIW32.DLL
OLTWA400 DLL 227,104 03-23-05 8:39p OLTWA400.DLL
STLFX DLL 227,104 03-23-05 8:39p STLFX.DLL
IEETCFG DLL 227,104 03-23-05 8:39p IEETCFG.DLL
IKGSHL DLL 227,104 03-23-05 8:39p IKGSHL.DLL
IK50_32 DLL 227,104 03-23-05 8:39p IK50_32.DLL
WVBVW DLL 227,104 03-23-05 8:39p WVBVW.DLL
MMCRLREV DLL 227,104 03-23-05 8:39p mmcrlrev.dll
DWDRM DLL 227,104 03-23-05 8:39p DWDRM.DLL
MBDVDOPT DLL 227,104 03-23-05 8:39p MBDVDOPT.DLL
MVAFD DLL 227,104 03-23-05 8:39p MVAFD.DLL
NKTURE DLL 227,104 03-23-05 8:39p NKture.dll
AEIDDC DLL 227,104 03-23-05 8:39p AEIDDC.DLL
RCCHED20 DLL 227,104 03-23-05 8:39p RCCHED20.DLL
DJMSSPXN DLL 227,104 03-23-05 8:39p DJMSSPXN.DLL
JJEG1X32 DLL 227,104 03-23-05 8:39p JJEG1X32.DLL
WVICORE DLL 227,104 03-23-05 8:39p WVICORE.DLL
NKTPLWIZ DLL 227,104 03-23-05 8:39p NKTPLWIZ.DLL
MWTCP DLL 227,104 03-23-05 8:39p MWTCP.DLL
SATUPX32 DLL 227,104 03-23-05 8:39p SATUPX32.DLL
MAANG DLL 227,104 03-23-05 8:39p MAANG.DLL
IQETCFG DLL 227,104 03-23-05 8:39p IQETCFG.DLL
UFDM32 DLL 227,104 03-23-05 8:39p UFDM32.DLL
SQCUR32 DLL 227,104 03-23-05 8:39p SQCUR32.DLL
EHTIER2 DLL 227,104 03-23-05 8:39p EHTIER2.DLL
DHDMOPRP DLL 227,104 03-23-05 8:39p dhdmoprp.dll
KGRNEL32 DLL 227,104 03-23-05 8:39p KGRNEL32.DLL
GXU32 DLL 227,104 03-23-05 8:39p GXU32.DLL
DLSTYLE DLL 227,104 03-23-05 8:39p DLSTYLE.DLL
DGD3D01 DLL 227,104 03-23-05 8:39p DGD3D01.DLL
RTAENH DLL 227,104 03-23-05 8:39p RTAENH.DLL
HWOIMN07 DLL 227,104 03-23-05 8:39p HWOIMN07.DLL
MAVCRT DLL 227,104 03-23-05 8:39p MAVCRT.DLL
MUIMRT16 DLL 227,104 03-23-05 8:39p MUIMRT16.DLL
MBCI DLL 227,104 03-23-05 8:39p MBCI.DLL
MJEXCH40 DLL 227,104 03-23-05 8:39p MJEXCH40.DLL
IDM32 DLL 227,104 03-23-05 8:39p IDM32.DLL
ICSS DLL 227,104 03-23-05 8:39p ICSS.DLL
HKOPCL07 DLL 227,104 03-23-05 8:39p HKOPCL07.DLL
DQICM DLL 227,104 03-23-05 8:39p DQICM.DLL
OLMDSPIF DLL 227,104 03-23-05 8:39p OLMDSPIF.DLL
CORDS DLL 227,104 03-23-05 8:39p CORDS.DLL
DVVOICE DLL 227,104 03-23-05 8:39p DVVOICE.DLL
IDFRARED DLL 227,104 03-23-05 8:39p IDFRARED.DLL
MRUTILSE DLL 227,104 03-23-05 8:39p MRUTILSE.DLL
DGVVOX DLL 227,104 03-23-05 8:39p DGVVOX.DLL
MDIDENT DLL 227,104 03-23-05 8:39p mdident.dll
MRIDENT DLL 227,104 03-23-05 8:39p mrident.dll
PXPARSE DLL 227,104 03-23-05 8:39p PXPARSE.DLL
IVMUPG DLL 227,104 03-23-05 8:39p IVMUPG.DLL
SUCUR32 DLL 227,104 03-23-05 8:39p SUCUR32.DLL
DFMSTOR DLL 227,104 03-23-05 8:39p DFMSTOR.DLL
67 file(s) 14,988,869 bytes
0 dir(s) 25,921.94 MB free

------- Hidden Files in System Directory -------


Volume in drive C is 20040319
Volume Serial Number is 035C-1B08
Directory of C:\WINDOWS\SYSTEM

AUXDRV~1 ODS 5 07-23-05 10:01a AuxDrv32ds_k.ods
FOLDER HTT 23,155 03-24-05 11:19p folder.htt
DESKTOP INI 271 03-24-05 11:19p desktop.ini
3 file(s) 23,431 bytes
0 dir(s) 25,921.91 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AD650611-56B3-C9B3-94F4-0E5643E06385}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
auxdrv~1.ods Sat Jul 23 2005 10:01:58a A.SH. 5 0.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 5 bytes 0.00 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: aFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: qoologic trojan
C:\WINDOWS\USER.DAT: qoologic trojan removal
C:\WINDOWS\USER.DAT: TROJ_QOOLOGIC
C:\WINDOWS\USER.DAT: QOOLOGIC fix
C:\WINDOWS\USER.DAT: TROJ_QOOLOGIC
C:\WINDOWS\USER.DAT: cC:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: cFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: pFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: rFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: jC:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: pFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: rFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: d-Qoologic.lnk
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.P
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.N
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.I
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.E
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.D
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.A
C:\WINDOWS\SYSTEM\pav.sig: Qoologic

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: :.aspackze
C:\WINDOWS\SYSTEM\pav.sig: .aspack.text
C:\WINDOWS\SYSTEM\pav.sig: H.aspack.text
C:\WINDOWS\SYSTEM\pav.sig: .aspack.text
C:\WINDOWS\SYSTEM\pav.sig: 4.aspack
C:\WINDOWS\SYSTEM\pav.sig: F<SW.aspack
C:\WINDOWS\SYSTEM\pav.sig: [.aspack
C:\WINDOWS\SYSTEM\pav.sig: .aspack0
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: H@.aspack.text
C:\WINDOWS\SYSTEM\pav.sig: AsPack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"Logitech Utility"="Logi_MwX.Exe"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#18
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,


Some more files to delete -


* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C



C:\WINDOWS\SYSTEM\SFLWAPI.DLL
C:\WINDOWS\SYSTEM\MPHTMLER.DLL
C:\WINDOWS\SYSTEM\MOACM32.DLL
C:\WINDOWS\SYSTEM\NCTPLWIZ.DLL
C:\WINDOWS\SYSTEM\OPE32.DLL
C:\WINDOWS\SYSTEM\DNNMPNTW.DLL
C:\WINDOWS\SYSTEM\SRSCLASS.DLL
C:\WINDOWS\SYSTEM\WXPLOC.DLL
C:\WINDOWS\SYSTEM\DVGSIG.DLL
C:\WINDOWS\SYSTEM\SAC.DLL
C:\WINDOWS\SYSTEM\SQC.DLL
C:\WINDOWS\SYSTEM\OJPRT400.DLL
C:\WINDOWS\SYSTEM\MNNET32.DLL
C:\WINDOWS\SYSTEM\NUSWAN16.DLL
C:\WINDOWS\SYSTEM\MLCUIW32.DLL
C:\WINDOWS\SYSTEM\OLTWA400.DLL
C:\WINDOWS\SYSTEM\STLFX.DLL
C:\WINDOWS\SYSTEM\IEETCFG.DLL
C:\WINDOWS\SYSTEM\IKGSHL.DLL
C:\WINDOWS\SYSTEM\IK50_32.DLL
C:\WINDOWS\SYSTEM\WVBVW.DLL
C:\WINDOWS\SYSTEM\mmcrlrev.dll
C:\WINDOWS\SYSTEM\DWDRM.DLL
C:\WINDOWS\SYSTEM\MBDVDOPT.DLL
C:\WINDOWS\SYSTEM\MVAFD.DLL
C:\WINDOWS\SYSTEM\NKture.dll
C:\WINDOWS\SYSTEM\AEIDDC.DLL
C:\WINDOWS\SYSTEM\RCCHED20.DLL
C:\WINDOWS\SYSTEM\DJMSSPXN.DLL
C:\WINDOWS\SYSTEM\JJEG1X32.DLL
C:\WINDOWS\SYSTEM\WVICORE.DLL
C:\WINDOWS\SYSTEM\NKTPLWIZ.DLL
C:\WINDOWS\SYSTEM\MWTCP.DLL
C:\WINDOWS\SYSTEM\SATUPX32.DLL
C:\WINDOWS\SYSTEM\MAANG.DLL
C:\WINDOWS\SYSTEM\IQETCFG.DLL
C:\WINDOWS\SYSTEM\UFDM32.DLL
C:\WINDOWS\SYSTEM\SQCUR32.DLL
C:\WINDOWS\SYSTEM\EHTIER2.DLL
C:\WINDOWS\SYSTEM\dhdmoprp.dll
C:\WINDOWS\SYSTEM\KGRNEL32.DLL
C:\WINDOWS\SYSTEM\GXU32.DLL
C:\WINDOWS\SYSTEM\DLSTYLE.DLL
C:\WINDOWS\SYSTEM\DGD3D01.DLL
C:\WINDOWS\SYSTEM\RTAENH.DLL
C:\WINDOWS\SYSTEM\HWOIMN07.DLL
C:\WINDOWS\SYSTEM\MAVCRT.DLL
C:\WINDOWS\SYSTEM\MUIMRT16.DLL
C:\WINDOWS\SYSTEM\MBCI.DLL
C:\WINDOWS\SYSTEM\MJEXCH40.DLL
C:\WINDOWS\SYSTEM\IDM32.DLL
C:\WINDOWS\SYSTEM\ICSS.DLL
C:\WINDOWS\SYSTEM\HKOPCL07.DLL
C:\WINDOWS\SYSTEM\DQICM.DLL
C:\WINDOWS\SYSTEM\OLMDSPIF.DLL
C:\WINDOWS\SYSTEM\CORDS.DLL
C:\WINDOWS\SYSTEM\DVVOICE.DLL
C:\WINDOWS\SYSTEM\IDFRARED.DLL
C:\WINDOWS\SYSTEM\MRUTILSE.DLL
C:\WINDOWS\SYSTEM\DGVVOX.DLL
C:\WINDOWS\SYSTEM\mdident.dll
C:\WINDOWS\SYSTEM\mrident.dll
C:\WINDOWS\SYSTEM\PXPARSE.DLL
C:\WINDOWS\SYSTEM\IVMUPG.DLL
C:\WINDOWS\SYSTEM\SUCUR32.DLL
C:\WINDOWS\SYSTEM\DFMSTOR.DLL


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Double-click on find.bat and post the new output.txt.
  • 0

#19
spiritoh

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Are we getting there yet? Should I shoot my son??? :tazz:

Log:
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is 20040319
Volume Serial Number is 035C-1B08
Directory of C:\WINDOWS\SYSTEM

AUXDRV~1 ODS 5 07-23-05 10:01a AuxDrv32ds_k.ods
1 file(s) 5 bytes
0 dir(s) 25,948.06 MB free

------- Hidden Files in System Directory -------


Volume in drive C is 20040319
Volume Serial Number is 035C-1B08
Directory of C:\WINDOWS\SYSTEM

AUXDRV~1 ODS 5 07-23-05 10:01a AuxDrv32ds_k.ods
FOLDER HTT 23,155 03-24-05 11:19p folder.htt
DESKTOP INI 271 03-24-05 11:19p desktop.ini
3 file(s) 23,431 bytes
0 dir(s) 25,948.03 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{AD650611-56B3-C9B3-94F4-0E5643E06385}"=""


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
auxdrv~1.ods Sat Jul 23 2005 10:01:58a A.SH. 5 0.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 5 bytes 0.00 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find_Qoologic2
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: aFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: qoologic trojan
C:\WINDOWS\USER.DAT: qoologic trojan removal
C:\WINDOWS\USER.DAT: TROJ_QOOLOGIC
C:\WINDOWS\USER.DAT: QOOLOGIC fix
C:\WINDOWS\USER.DAT: TROJ_QOOLOGIC
C:\WINDOWS\USER.DAT: cC:\WINDOWS\Desktop\Find_Qoologic2.zip
C:\WINDOWS\USER.DAT: cFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: jC:\WINDOWS\Desktop\Find_Qoologic2.ziplogic2.zip
C:\WINDOWS\USER.DAT: pFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: rFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: pFind_Qoologic2.zip
C:\WINDOWS\USER.DAT: Find_Qoologic2.zip.lnk
C:\WINDOWS\USER.DAT: rFind-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.741: TROJ_QOOLOGIC.A
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.P
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.N
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.I
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.E
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.D
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.741: TROJ_QOOLOGIC.A
C:\WINDOWS\SYSTEM\pav.sig: Qoologic

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: :.aspackze
C:\WINDOWS\SYSTEM\pav.sig: .aspack.text
C:\WINDOWS\SYSTEM\pav.sig: H.aspack.text
C:\WINDOWS\SYSTEM\pav.sig: .aspack.text
C:\WINDOWS\SYSTEM\pav.sig: 4.aspack
C:\WINDOWS\SYSTEM\pav.sig: F<SW.aspack
C:\WINDOWS\SYSTEM\pav.sig: [.aspack
C:\WINDOWS\SYSTEM\pav.sig: .aspack0
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: .aspack
C:\WINDOWS\SYSTEM\pav.sig: H@.aspack.text
C:\WINDOWS\SYSTEM\pav.sig: AsPack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"Logitech Utility"="Logi_MwX.Exe"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"



  • 0

#20
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,

Rather than shooting him, put the fear of God and yourself in him !!!!! That should make easier for you.


I trust you still have the WinPFind and Trackqoo files with you.

I would like to see fresh logs from them please.

And yes, we are definitely on the mend !!!! I was taking a little time to double check all those files !!!! Cant take chances with deleting critical and necessary files !!!!
  • 0

#21
spiritoh

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
That I will do :tazz:

Here's the Logs, Track qoo first:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"PCHealth"="C:\\WINDOWS\\PCHealth\\Support\\PCHSchd.exe -s"
"SystemTray"="SysTray.Exe"
"Logitech Utility"="Logi_MwX.Exe"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\WINDOWS\\SYSTEM\\QTTASK.EXE\" -atboottime"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\en-us\\msnappau.exe\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"avast! Web Scanner"="C:\\PROGRA~1\\ALWILS~1\\AVAST4\\ASHWEBSV.EXE"
"ashMaiSv"="C:\\PROGRA~1\\ALWILS~1\\AVAST4\\ashmaisv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll

Subkey --- avast
{472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\SYSTEM\DOCPROP2.DLL

==============================
C:\WINDOWS\All Users\Start Menu\Programs\StartUp

Channel 3 Weather Wizard.lnk
==============================
C:\WINDOWS\Start Menu\Programs\StartUp

Channel 3 Weather Wizard.lnk
Webshots.lnk
Microsoft Office.lnk
STRINGS.EXE
==============================
C:\WINDOWS\SYSTEM cpl files


INETCPL.CPL Microsoft Corporation
INTL.CPL Microsoft Corporation
MODEM.CPL Microsoft Corporation
ODBCCP32.CPL Microsoft Corporation
POWERCFG.CPL Microsoft Corporation
APPWIZ.CPL Microsoft Corporation
DESK.CPL Microsoft Corporation
JOY.CPL Microsoft Corporation
MMSYS.CPL Microsoft Corporation
NETCPL.CPL Microsoft Corporation
PASSWORD.CPL Microsoft Corporation
SYSDM.CPL Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
WUAUCPL.CPL Microsoft Corporation
QTW32.CPL Apple Computer, Inc.
ACCESS.CPL Microsoft Corporation
THEMES.CPL Microsoft Corporation
FINDFAST.CPL Microsoft Corporation
CtDetect.cpl Creative Technology Ltd.
AUDIOHQ.CPL Creative Technology Ltd.
MAIN.CPL Microsoft Corporation
TIMEDATE.CPL Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
plugincpl131_04.cpl Sun Microsystems
jpicpl32.cpl Sun Microsystems, Inc.


PFind Log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
KavSvc 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
urllogic 7/24/2005 5:22:28 PM 6492192 C:\WINDOWS\SYSTEM.DAT
urllogic 7/24/2005 5:22:28 PM 6492192 C:\WINDOWS\SYSTEM.DAT
KavSvc 7/24/2005 5:22:28 PM 6492192 C:\WINDOWS\SYSTEM.DAT
qoologic 7/24/2005 5:23:36 PM 1441824 C:\WINDOWS\USER.DAT
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
KavSvc 3/24/2005 11:21:04 PM 303136 C:\WINDOWS\HWINFO.DAT
69.59.186.63 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
209.66.67.134 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
web-nex 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
winsync 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
qoologic 7/24/2005 3:08:14 PM 1217 C:\WINDOWS\hosts
urllogic 7/24/2005 3:08:14 PM 1217 C:\WINDOWS\hosts
urllogic 7/24/2005 3:08:14 PM 1217 C:\WINDOWS\hosts
UPX! 3/31/2005 11:15:10 AM 23272 C:\WINDOWS\icont.exe
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 7/23/2005 11:59:46 AM 170053 C:\WINDOWS\tsc.exe
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll

Checking %System% folder...
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\XKILEXR.OLD
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\GMI32.DLL
UPX! 12/9/2003 12:31:00 AM 11254 C:\WINDOWS\SYSTEM\locate.com
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\DXVVOX.DLL
PTech 10/29/2000 8:52:52 PM 391696 C:\WINDOWS\SYSTEM\FUSION16.DRV
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\WOLP32T.DLL
UPX! 7/9/2005 5:03:06 AM 433152 C:\WINDOWS\SYSTEM\aswBoot.exe
ad-w-a-r-e.com 7/23/2005 9:59:02 AM 226080 C:\WINDOWS\SYSTEM\CUYPTDLG.DLL
UPX! 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
qoologic 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
aspack 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
SAHAgent 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
ad-w-a-r-e.com 3/23/2005 8:39:36 PM 227104 C:\WINDOWS\SYSTEM\MHRATELC.DLL
ad-w-a-r-e.com 5/10/2005 5:24:08 PM 226592 C:\WINDOWS\SYSTEM\CKUSALGO.DLL
ad-w-a-r-e.com 6/17/2005 12:03:42 AM 226080 C:\WINDOWS\SYSTEM\SSSCRAP.DLL
ad-w-a-r-e.com 6/24/2005 3:53:54 PM 227104 C:\WINDOWS\SYSTEM\MSNDEX.DLL
ad-w-a-r-e.com 7/17/2005 12:06:16 AM 227616 C:\WINDOWS\SYSTEM\dhnet.dll

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/24/2005 5:26:44 PM 6492192 C:\WINDOWS\SYSTEM.DAT
7/24/2005 5:23:36 PM 1441824 C:\WINDOWS\USER.DAT
7/24/2005 5:22:28 PM 4341792 C:\WINDOWS\CLASSES.DAT
6/8/2005 11:33:54 PM 54156 C:\WINDOWS\QTFont.qfn
7/24/2005 3:07:08 PM 1111346 C:\WINDOWS\ShellIconCache
7/23/2005 12:26:28 PM 10796 C:\WINDOWS\ttfCache
7/23/2005 10:01:58 AM 5 C:\WINDOWS\SYSTEM\AuxDrv32ds_k.ods
7/23/2005 12:15:34 PM 668 C:\WINDOWS\PCHEALTH\HELPCTR\Database\HelpSessionHistory.stream
7/24/2005 4:53:50 PM 433 C:\WINDOWS\TEMP\ffastlog.txt
6/15/2005 10:02:20 AM 3584 C:\WINDOWS\DRM\drmv2.sst
6/15/2005 10:02:36 AM 400 C:\WINDOWS\DRM\v2ks002.bla
6/15/2005 10:02:36 AM 234176 C:\WINDOWS\DRM\Indiv002.key
7/24/2005 11:22:06 AM 2344 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
7/19/2005 9:36:12 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata00.sqm
6/15/2005 11:47:44 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata01.sqm
6/16/2005 12:47:30 PM 1204 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata02.sqm
6/16/2005 12:47:30 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata03.sqm
6/17/2005 10:39:04 AM 1548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata04.sqm
6/17/2005 10:39:04 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata05.sqm
6/17/2005 8:29:34 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata06.sqm
6/17/2005 8:29:34 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata07.sqm
6/17/2005 8:52:40 PM 1300 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata08.sqm
6/17/2005 8:53:00 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata09.sqm
6/18/2005 11:10:36 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata10.sqm
6/18/2005 11:10:36 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata11.sqm
6/24/2005 12:21:52 PM 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata12.sqm
6/24/2005 12:21:52 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata13.sqm
6/24/2005 9:34:22 PM 1144 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata14.sqm
6/24/2005 9:34:22 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata15.sqm
6/25/2005 12:34:50 AM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata16.sqm
6/25/2005 12:34:50 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata17.sqm
6/27/2005 2:59:08 PM 1156 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata18.sqm
6/27/2005 2:59:28 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata19.sqm
7/23/2005 9:30:40 PM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\O9QJ4XQN\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\QP6LG58V\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4TEFS92R\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\PCOJXHWH\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\1NJR9XOA\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\AFO1ULCB\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\SR6BUDML\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\C9MZSLYJ\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\Q4HHZBJZ\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\OPEBOH63\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\LFFJPXWE\desktop.ini
7/24/2005 11:04:36 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\WXQNK5AV\desktop.ini
7/24/2005 11:08:56 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\6NS36H87\desktop.ini
7/24/2005 11:13:50 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\SH41EVK9\desktop.ini
7/24/2005 11:13:50 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\8FB7AWD9\desktop.ini
7/24/2005 11:13:50 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\FNNU9ZYQ\desktop.ini
7/24/2005 11:43:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\01E3GB67\desktop.ini
7/24/2005 11:43:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\WPWTYJW9\desktop.ini
7/24/2005 11:43:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\SHMJWD2R\desktop.ini
7/24/2005 11:44:22 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\PFB5V1J0\desktop.ini
7/24/2005 11:49:32 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\IXOR2LQP\desktop.ini
7/24/2005 11:49:32 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\85638PQR\desktop.ini
7/24/2005 11:49:48 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\8DQFCHIJ\desktop.ini
7/24/2005 11:49:48 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KHM38T2J\desktop.ini
7/24/2005 11:51:32 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\NXOJYXE5\desktop.ini
7/24/2005 11:59:20 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\S1UN45EF\desktop.ini
6/27/2005 7:01:48 PM 92 C:\WINDOWS\NetHood\updates on Main\Desktop.ini
6/25/2005 9:13:36 PM 92 C:\WINDOWS\NetHood\shareddocs on Main\Desktop.ini
6/30/2005 11:15:28 AM 92 C:\WINDOWS\NetHood\backup on Main\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\als document on Als\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\c on Als\Desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 3:15:52 PM 575 C:\WINDOWS\All Users\Start Menu\Programs\StartUp\Channel 3 Weather Wizard.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/3/2005 3:15:54 PM 568 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
3/10/2004 6:01:36 AM 45056 C:\WINDOWS\Start Menu\Programs\StartUp\STRINGS.EXE
4/3/2005 3:15:54 PM 443 C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
7/31/2004 11:33:52 PM 0 C:\WINDOWS\Application Data\dm.ini
3/23/2005 11:27:10 PM 926 C:\WINDOWS\Application Data\dw.log
3/23/2005 11:28:12 PM 28 C:\WINDOWS\Application Data\Sskcwrd.dll
3/23/2005 10:49:54 PM 272735 C:\WINDOWS\Application Data\Sskknwrd.dll
3/23/2005 11:31:02 PM 38 C:\WINDOWS\Application Data\Sskuknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\{AD650611-56B3-C9B3-94F4-0E5643E06385}
=

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
PCHealth C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray SysTray.Exe
Logitech Utility Logi_MwX.Exe
LoadQM loadqm.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
msnappau "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
avast! Web Scanner C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
MSFS
MAPI
IMAIL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.3 - Log file written to "WinPFind.Txt" in the WinPFind folder.
  • 0

#22
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,

Some more files to delete but the good thing is that the list of files is getting shorter and shorter :tazz: -

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\WINDOWS\SYSTEM\XKILEXR.OLD
C:\WINDOWS\SYSTEM\GMI32.DLL
C:\WINDOWS\SYSTEM\DXVVOX.DLL
C:\WINDOWS\SYSTEM\WOLP32T.DLL
C:\WINDOWS\SYSTEM\CUYPTDLG.DLL
C:\WINDOWS\SYSTEM\MHRATELC.DLL
C:\WINDOWS\SYSTEM\CKUSALGO.DLL
C:\WINDOWS\SYSTEM\SSSCRAP.DLL
C:\WINDOWS\SYSTEM\MSNDEX.DLL
C:\WINDOWS\SYSTEM\dhnet.dll
C:\WINDOWS\Application Data\Sskcwrd.dll
C:\WINDOWS\Application Data\Sskknwrd.dll
C:\WINDOWS\Application Data\Sskuknwrd.dll



* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Copy the following into a new text file in Notepad and save it as fix.reg (make sure the Save as Type is set as All Files) -

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""


Double click on fix.reg and let it merge with your registry.

Can I have one more WinPFind log please ??? and a Hijack This log also ??

Edited by tampabelle, 24 July 2005 - 04:20 PM.

  • 0

#23
spiritoh

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the logs, looks like its finally getting there. Thank you so much for your time with this.

PFind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
urllogic 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST
KavSvc 3/24/2005 11:07:56 PM 6959136 C:\SYSTEM.1ST

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
urllogic 7/24/2005 8:32:06 PM 6492192 C:\WINDOWS\SYSTEM.DAT
urllogic 7/24/2005 8:32:06 PM 6492192 C:\WINDOWS\SYSTEM.DAT
KavSvc 7/24/2005 8:32:06 PM 6492192 C:\WINDOWS\SYSTEM.DAT
qoologic 7/24/2005 8:32:06 PM 1441824 C:\WINDOWS\USER.DAT
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\VPTNFILE.741
KavSvc 3/24/2005 11:21:04 PM 303136 C:\WINDOWS\HWINFO.DAT
69.59.186.63 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
209.66.67.134 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
web-nex 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
winsync 7/13/2005 10:07:08 PM 26624 C:\WINDOWS\jgkghww.old
qoologic 7/24/2005 3:08:14 PM 1217 C:\WINDOWS\hosts
urllogic 7/24/2005 3:08:14 PM 1217 C:\WINDOWS\hosts
urllogic 7/24/2005 3:08:14 PM 1217 C:\WINDOWS\hosts
UPX! 3/31/2005 11:15:10 AM 23272 C:\WINDOWS\icont.exe
PECompact2 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
qoologic 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
SAHAgent 7/23/2005 11:59:42 AM 15400675 C:\WINDOWS\lpt$vpn.741
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 7/23/2005 11:59:46 AM 170053 C:\WINDOWS\tsc.exe
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll

Checking %System% folder...
UPX! 12/9/2003 12:31:00 AM 11254 C:\WINDOWS\SYSTEM\locate.com
PTech 10/29/2000 8:52:52 PM 391696 C:\WINDOWS\SYSTEM\FUSION16.DRV
UPX! 7/9/2005 5:03:06 AM 433152 C:\WINDOWS\SYSTEM\aswBoot.exe
UPX! 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
qoologic 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
aspack 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig
SAHAgent 8/2/2004 9:53:02 PM 6463843 C:\WINDOWS\SYSTEM\pav.sig

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/24/2005 8:35:10 PM 6492192 C:\WINDOWS\SYSTEM.DAT
7/24/2005 8:33:12 PM 1441824 C:\WINDOWS\USER.DAT
7/24/2005 8:30:16 PM 4341792 C:\WINDOWS\CLASSES.DAT
6/8/2005 11:33:54 PM 54156 C:\WINDOWS\QTFont.qfn
7/24/2005 3:07:08 PM 1111346 C:\WINDOWS\ShellIconCache
7/23/2005 12:26:28 PM 10796 C:\WINDOWS\ttfCache
7/23/2005 10:01:58 AM 5 C:\WINDOWS\SYSTEM\AuxDrv32ds_k.ods
7/23/2005 12:15:34 PM 668 C:\WINDOWS\PCHEALTH\HELPCTR\Database\HelpSessionHistory.stream
7/24/2005 8:29:36 PM 466 C:\WINDOWS\TEMP\ffastlog.txt
6/15/2005 10:02:20 AM 3584 C:\WINDOWS\DRM\drmv2.sst
6/15/2005 10:02:36 AM 400 C:\WINDOWS\DRM\v2ks002.bla
6/15/2005 10:02:36 AM 234176 C:\WINDOWS\DRM\Indiv002.key
7/24/2005 11:22:06 AM 2344 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
7/19/2005 9:36:12 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata00.sqm
6/15/2005 11:47:44 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata01.sqm
6/16/2005 12:47:30 PM 1204 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata02.sqm
6/16/2005 12:47:30 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata03.sqm
6/17/2005 10:39:04 AM 1548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata04.sqm
6/17/2005 10:39:04 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata05.sqm
6/17/2005 8:29:34 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata06.sqm
6/17/2005 8:29:34 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata07.sqm
6/17/2005 8:52:40 PM 1300 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata08.sqm
6/17/2005 8:53:00 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata09.sqm
6/18/2005 11:10:36 PM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata10.sqm
6/18/2005 11:10:36 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata11.sqm
6/24/2005 12:21:52 PM 1192 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata12.sqm
6/24/2005 12:21:52 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata13.sqm
6/24/2005 9:34:22 PM 1144 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata14.sqm
6/24/2005 9:34:22 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata15.sqm
6/25/2005 12:34:50 AM 1132 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata16.sqm
6/25/2005 12:34:50 AM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata17.sqm
6/27/2005 2:59:08 PM 1156 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata18.sqm
6/27/2005 2:59:28 PM 352 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\8743112\sqmdata19.sqm
7/23/2005 9:30:40 PM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\O9QJ4XQN\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\QP6LG58V\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\4TEFS92R\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\PCOJXHWH\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\1NJR9XOA\desktop.ini
7/24/2005 11:04:16 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\AFO1ULCB\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\SR6BUDML\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\C9MZSLYJ\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\Q4HHZBJZ\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\OPEBOH63\desktop.ini
7/24/2005 11:04:18 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\LFFJPXWE\desktop.ini
7/24/2005 11:04:36 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\WXQNK5AV\desktop.ini
7/24/2005 11:08:56 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\6NS36H87\desktop.ini
7/24/2005 11:13:50 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\SH41EVK9\desktop.ini
7/24/2005 11:13:50 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\8FB7AWD9\desktop.ini
7/24/2005 11:13:50 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\FNNU9ZYQ\desktop.ini
7/24/2005 11:43:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\01E3GB67\desktop.ini
7/24/2005 11:43:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\WPWTYJW9\desktop.ini
7/24/2005 11:43:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\SHMJWD2R\desktop.ini
7/24/2005 11:44:22 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\PFB5V1J0\desktop.ini
7/24/2005 11:49:32 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\IXOR2LQP\desktop.ini
7/24/2005 11:49:32 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\85638PQR\desktop.ini
7/24/2005 11:49:48 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\8DQFCHIJ\desktop.ini
7/24/2005 11:49:48 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KHM38T2J\desktop.ini
7/24/2005 11:51:32 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\NXOJYXE5\desktop.ini
7/24/2005 11:59:20 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\S1UN45EF\desktop.ini
6/27/2005 7:01:48 PM 92 C:\WINDOWS\NetHood\updates on Main\Desktop.ini
6/25/2005 9:13:36 PM 92 C:\WINDOWS\NetHood\shareddocs on Main\Desktop.ini
6/30/2005 11:15:28 AM 92 C:\WINDOWS\NetHood\backup on Main\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\als document on Als\Desktop.ini
7/2/2005 11:44:02 PM 92 C:\WINDOWS\NetHood\c on Als\Desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/3/2005 3:15:52 PM 575 C:\WINDOWS\All Users\Start Menu\Programs\StartUp\Channel 3 Weather Wizard.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
4/3/2005 3:15:54 PM 568 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
3/10/2004 6:01:36 AM 45056 C:\WINDOWS\Start Menu\Programs\StartUp\STRINGS.EXE
4/3/2005 3:15:54 PM 443 C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
7/31/2004 11:33:52 PM 0 C:\WINDOWS\Application Data\dm.ini
3/23/2005 11:27:10 PM 926 C:\WINDOWS\Application Data\dw.log

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\SV1
SV1 =

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
PCHealth C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray SysTray.Exe
Logitech Utility Logi_MwX.Exe
LoadQM loadqm.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
msnappau "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
avast! Web Scanner C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
ashMaiSv C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
MSFS
MAPI
IMAIL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.3 - Log file written to "WinPFind.Txt" in the WinPFind folder.

Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 8:46:46 PM, on 7/24/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\CHANNEL 3 WEATHER WIZARD\TRUEWEATHER.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\UTILITIES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: STRINGS.EXE
O4 - Global Startup: Channel 3 Weather Wizard.lnk = C:\Program Files\Common Files\Channel 3 Weather Wizard\TrueWeather.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#24
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,


While I am tempted to say that everything is fine, we have a few minor items to fix !!!! :tazz:

Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).


Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be listed there). Uninstall or remove the following items -

View Point Manager

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

C:\WINDOWS\jgkghww.old


Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#25
spiritoh

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi.
Ran the Panda online scan, it didn't give the option to view a report, the results came back, "no Viruses found"

Here's the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:08 PM, on 7/24/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\COMMON FILES\CHANNEL 3 WEATHER WIZARD\TRUEWEATHER.EXE
C:\WINDOWS\WEBSHOTS.SCR
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\UTILITIES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Channel 3 Weather Wizard.lnk = C:\Program Files\Common Files\Channel 3 Weather Wizard\TrueWeather.exe
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

Advertisements


#26
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Spiritoh,

Do you have any issues with your PC ?? Your HJT log looks clean !!!!
  • 0

#27
spiritoh

spiritoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No issues...did notice that my son had already tried to mess it up last night when he got home from work...there is this XsoftSpy directory he added last night, is there anything to worry about?

Thanks so much for your help, on payday this Friday I will donate to your cause through PayPal.
  • 0

#28
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi spiritoh,


Looks like you are very mad at your son !!!! Give him a break, he has been trying to help you now. XoftSpy is an anti-spyware product. I guess he would have been tryin to make amends for what happened at his hands the previous time. Give him a hug !!

While I have my own favorite anti-spyware products, this product is not a rogue product. You can read more about rogue and good spyware products here. Search for the keyword - Xoftspy - in the page.


Thats Great news that your PC is fine now.



I would recommend the following steps to keep your PC clean –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.
  • 0

#29
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP