Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Loading Websites problem [CLOSED]

Started by MBurlew8 , Aug 02 2005 08:54 AM

  • This topic is locked This topic is locked

#1
MBurlew8
Posted 02 August 2005 - 08:54 AM

MBurlew8

    Member

  • Member
  • PipPip
  • 18 posts
I'm having numerous pop ups from loading websites, partypoker and others. I've had this problem for quite awhile now but it's gotten worse. Here is my HJT log :tazz:


Logfile of HijackThis v1.99.1
Scan saved at 9:53:26 AM, on 8/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\JNOPQQ.EXE
C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [FlashClean] C:\PROGRAM FILES\FLASHCLEAN\FlashClean.exe %1
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\jnopqq.exe reg_run
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxAjSzNn] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE -pack RegSoAlertWxAjSzNn
O4 - Startup: natr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmas...ick/TMSetup.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {8DA664DC-123E-4836-B7B3-6653A8B082AB} (ChatOCX Control) - http://www.igl.net/c...ChatOCXProj.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.2.7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
  • 0

Advertisements

#2
didom
Posted 05 August 2005 - 08:35 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#3
MBurlew8
Posted 10 August 2005 - 02:59 PM

MBurlew8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry it's taken me so long to reply. Had internet problems....

WinPFind

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows Millennium Edition Version: 4.90.3000
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
qoologic 8/10/2005 3:48:52 PM 1421344 C:\WINDOWS\USER.DAT
KavSvc 8/10/2005 3:47:48 PM 2129952 C:\WINDOWS\SYSTEM.DAT
winsync 8/10/2005 3:47:48 PM 2129952 C:\WINDOWS\SYSTEM.DAT
PECompact2 6/14/2005 10:06:00 AM 15162837 C:\WINDOWS\VPTNFILE.685
qoologic 6/14/2005 10:06:00 AM 15162837 C:\WINDOWS\VPTNFILE.685
SAHAgent 6/14/2005 10:06:00 AM 15162837 C:\WINDOWS\VPTNFILE.685
UPX! 8/10/2005 3:43:24 PM 82432 C:\WINDOWS\ru.exe

Items found in C:\WINDOWS\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.urllogic.com

KavSvc 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
69.59.186.63 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
209.66.67.134 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
testpopup 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
web-nex 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
yourkey 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
aspack 7/4/2005 12:29:26 PM 535040 C:\WINDOWS\flashax.exe
web-nex 8/10/2005 3:45:28 PM 21416 C:\WINDOWS\jnkmr.dll
qoologic 7/31/2005 10:39:32 PM 2627 C:\WINDOWS\hostsagb
urllogic 7/31/2005 10:39:32 PM 2627 C:\WINDOWS\hostsagb
urllogic 7/31/2005 10:39:32 PM 2627 C:\WINDOWS\hostsagb
UPX! 6/14/2005 10:06:02 AM 1044560 C:\WINDOWS\vsapi32.dll
aspack 6/14/2005 10:06:02 AM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 6/14/2005 10:06:04 AM 170053 C:\WINDOWS\tsc.exe
KavSvc 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
69.59.186.63 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
209.66.67.134 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
web-nex 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
yourkey 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll

Checking %System% folder...
ad-w-a-r-e.com 6/16/2005 3:42:04 PM 226080 C:\WINDOWS\SYSTEM\UBL.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\VIODCTL.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
ad-w-a-r-e.com 6/16/2005 3:42:04 PM 226080 C:\WINDOWS\SYSTEM\SIHAV.DLL
ad-w-a-r-e.com 6/2/2005 11:21:02 AM 226592 C:\WINDOWS\SYSTEM\SE_8M.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\VHWWDM32.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\MMLTUS40.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\AFKRNL32.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\PEWRPROF.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\UBBUI.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\DVDIM.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\THOLHELP.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\ET.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\PDPD.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\CNOOSUSR.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\MIPMSP.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\IISENG.DLL
Umonitor 6/28/2005 12:40:02 PM 405504 C:\WINDOWS\SYSTEM\WPASCR.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\OPEXL32.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\DCSKCOPY.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\RMAPH.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\MOC30.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\ISM32.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\ILM32.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\SPDOCVW.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\CMRPOL.DLL
Umonitor 6/28/2005 12:40:02 PM 405504 C:\WINDOWS\SYSTEM\IWROP.DLL
UPX! 6/29/2005 5:50:04 AM 18432 C:\WINDOWS\SYSTEM\supdate.dll
KavSvc 6/29/2005 5:50:04 AM 18432 C:\WINDOWS\SYSTEM\supdate.dll
yourkey 6/29/2005 5:50:04 AM 18432 C:\WINDOWS\SYSTEM\supdate.dll
ad-w-a-r-e.com 6/16/2005 3:42:04 PM 226080 C:\WINDOWS\SYSTEM\dbdmo.dll
Umonitor 6/28/2005 12:42:44 PM 405504 C:\WINDOWS\SYSTEM\VVRSION.DLL
Umonitor 6/28/2005 12:42:44 PM 405504 C:\WINDOWS\SYSTEM\UAP10.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\WJW32.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\WY2THK.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\QOV.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\CCMMDLG.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\RECMQSVR.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DBDRAMPF.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\OWENGL32.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\JJEG2X32.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\QXDIT.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DAGHELP.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DHMODEMX.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\mqpatcha.dll
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\RLSTORRC.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\ONSLB400.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\DY3J.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\MUMIXMGR.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\mecpxl32.dll
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\eienu.dll
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\CJA.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\tQembed.dll
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\MKREPL40.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DAUSIC.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\RPAPH.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\AYSTREAM.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\IZWDIAL.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\SXRIALUI.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\RYABASE.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DYDRG24X.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\QLV.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\HFTPLUG.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\SSHAV.DLL
ad-w-a-r-e.com 6/2/2005 11:21:02 AM 226592 C:\WINDOWS\SYSTEM\AMMUI.DLL
ad-w-a-r-e.com 6/2/2005 11:21:02 AM 226592 C:\WINDOWS\SYSTEM\DWSENH.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\IMMFILTER.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DESPEX.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\AYMUI.DLL
ad-w-a-r-e.com 6/2/2005 11:21:02 AM 226592 C:\WINDOWS\SYSTEM\MEPWL32.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\oybccu32.dll
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\ALSTREAM.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\wkp.dll
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\PUSPL.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\VKWWDM32.DLL
ad-w-a-r-e.com 6/2/2005 11:21:02 AM 226592 C:\WINDOWS\SYSTEM\zmib.dll
ad-w-a-r-e.com 6/16/2005 3:42:04 PM 226080 C:\WINDOWS\SYSTEM\WYASCR.DLL
ad-w-a-r-e.com 6/16/2005 3:42:04 PM 226080 C:\WINDOWS\SYSTEM\IW3Svc.dll
FSG! 8/19/2001 6:30:46 AM 11593 C:\WINDOWS\SYSTEM\temperror32.dat
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\NRTOS.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\IDROP.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\SBDOCLC.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\SII.DLL
ad-w-a-r-e.com 6/2/2005 11:21:02 AM 226592 C:\WINDOWS\SYSTEM\APMUI.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\WTADMOD.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\DFCVW_32.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\GIU32.DLL
ad-w-a-r-e.com 6/13/2005 12:29:20 PM 226592 C:\WINDOWS\SYSTEM\lvqp7c25q.dll
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\CUYPTNET.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\QGVD.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DQDRG8X.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\WJADMOD.DLL
SAHAgent 6/16/2005 2:28:14 PM 3523 C:\WINDOWS\SYSTEM\4d7cfuso.ini
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\MTAWT.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\WKW32.DLL
69.59.186.63 8/3/2005 4:27:18 AM 29696 C:\WINDOWS\SYSTEM\datadx.dll
209.66.67.134 8/3/2005 4:27:18 AM 29696 C:\WINDOWS\SYSTEM\datadx.dll
66.63.167.97 8/3/2005 4:27:18 AM 29696 C:\WINDOWS\SYSTEM\datadx.dll
66.63.167.77 8/3/2005 4:27:18 AM 29696 C:\WINDOWS\SYSTEM\datadx.dll
web-nex 8/3/2005 4:27:18 AM 29696 C:\WINDOWS\SYSTEM\datadx.dll
winsync 8/3/2005 4:27:18 AM 29696 C:\WINDOWS\SYSTEM\datadx.dll
rec2_run 8/3/2005 4:27:18 AM 29696 C:\WINDOWS\SYSTEM\datadx.dll
SAHAgent 6/14/2005 3:34:14 PM 203264 C:\WINDOWS\SYSTEM\4d7cfuso.exe
SAHAgent 6/16/2005 2:16:46 PM 35 C:\WINDOWS\SYSTEM\1pr8lv29.ini
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\cyral.dll
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\DTEML.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\HXINK.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\SCRIALUI.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\WDCTHUNK.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\IYGCMN.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\OFFIL400.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\SASCLASS.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\MLRD2X40.DLL
Umonitor 6/28/2005 12:43:10 PM 405504 C:\WINDOWS\SYSTEM\mWpi32x.dll
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\RECRES.dll
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\mypatcha.dll
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\axl71.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\DJDIM.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\mfvcr70.dll
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\AATXPRXY.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\MCC30.DLL
Umonitor 7/12/2005 12:48:04 PM 405504 C:\WINDOWS\SYSTEM\ABRACE.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\SSRIALUI.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\NHONN32.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\MTJINT40.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\KCRNEL32.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\xjoice.dll
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\wgpcore.dll
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\efenu.dll
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\TCPI.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\IQMUI.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\OOESVR.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\OSETHK32.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\dbwave.dll
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\SFI.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\QCV.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\DLDREF.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DADRM16F.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\DKDHALF.DLL
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\mrjetoledb40.dll
Umonitor 7/16/2005 9:11:34 AM 405504 C:\WINDOWS\SYSTEM\dgnaddr.dll
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\jgd.dll
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\WX5INF32.DLL
Umonitor 7/21/2005 4:00:44 PM 405504 C:\WINDOWS\SYSTEM\MHC40.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
8/10/2005 3:50:00 PM 1421344 C:\WINDOWS\USER.DAT
8/10/2005 3:46:04 PM 3784736 C:\WINDOWS\CLASSES.DAT
8/10/2005 3:47:48 PM 2129952 C:\WINDOWS\SYSTEM.DAT
8/10/2005 3:43:24 PM 82432 C:\WINDOWS\ru.exe
7/31/2005 10:30:58 PM 3864 C:\WINDOWS\ttfCache
8/10/2005 3:46:36 PM 920584 C:\WINDOWS\ShellIconCache
7/4/2005 12:12:18 AM 4212 C:\WINDOWS\SYSTEM\zllictbl.dat
7/25/2005 12:34:30 PM 5852 C:\WINDOWS\SYSTEM\KGyGaAvL.sys
7/25/2005 12:34:18 PM 104 C:\WINDOWS\SYSTEM\04E9A3F359.sys
8/10/2005 3:48:38 PM 2840 C:\WINDOWS\PCHEALTH\HELPCTR\Database\HelpSessionHistory.stream
8/10/2005 3:43:24 PM 6 C:\WINDOWS\TASKS\SA.DAT
8/10/2005 3:43:26 PM 178 C:\WINDOWS\TASKS\RUTASK.job
8/10/2005 3:47:22 PM 2702 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
8/10/2005 3:37:34 PM 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
8/10/2005 3:37:34 PM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
8/10/2005 3:38:10 PM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\1SR9ZPW8\desktop.ini
8/10/2005 3:38:10 PM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\ILH2AOGR\desktop.ini
8/10/2005 3:39:38 PM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\0HBAJ7O1\desktop.ini
8/10/2005 3:42:22 PM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\OXHGK8XQ\desktop.ini
8/10/2005 3:37:32 PM 94 C:\WINDOWS\Recent\Desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
8/3/2005 4:27:30 AM 81920 C:\WINDOWS\Start Menu\Programs\StartUp\natr.exe

Checking files in %USERPROFILE%\Application Data folder...
7/27/2005 10:20:52 PM 15036 C:\WINDOWS\Application Data\dw.log
5/26/2005 2:56:40 PM 8568 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{FEF10FA2-355E-4e06-9381-9B24D7F7CC88} = C:\WINDOWS\SYSTEM\SHELL32.DLL
{53C74826-AB99-4d33-ACA4-3117F51D3788} = C:\WINDOWS\SYSTEM\SHELL32.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

<<< WARNING! - NOT A VALID WIN98 KEY! (ME is Ok) >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7ab770c7-0e23-4d7a-8aa2-19bfad479829}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\SYSTEM\DOCPROP2.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRAM FILES\AIM\AIM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7BED0340-176B-44BC-915E-C21C1DD6F617}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2D51D869-C36B-42BD-AE68-0A81BC771FA5} = :
{7BED0340-176B-44BC-915E-C21C1DD6F617} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
FlashClean C:\PROGRAM FILES\FLASHCLEAN\FlashClean.exe %1
KavSvc C:\WINDOWS\ramhll.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
*StateMgr C:\WINDOWS\System\Restore\StateMgr.exe
rtvscn95 C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccleaner "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
Eebh C:\Program Files\bsws\tsur.exe
Zyntqcge \zva.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
DisableLocalMachineRun 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
DisableLocalUserRun 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
MSERAT C:\WINDOWS\SYSTEM\MSERAT.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
AUHook {BCBCD383-3E06-11D3-91A9-00C04F68105C} = C:\WINDOWS\SYSTEM\AUHOOK.DLL

<<< WARNING! - NOT A VALID WIN98*admin KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
<<< WARNING! - NOT A VALID WIN98*admin KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/10/2005 3:52:51 PM






Track qoo


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"FlashClean"="C:\\PROGRAM FILES\\FLASHCLEAN\\FlashClean.exe %1"
"KavSvc"="C:\\WINDOWS\\ramhll.exe reg_run"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\SYSTEM\DOCPROP2.DLL

==============================
C:\WINDOWS\All Users\Start Menu\Programs\StartUp

==============================
C:\WINDOWS\Start Menu\Programs\StartUp

natr.exe
==============================
C:\WINDOWS\SYSTEM cpl files


INETCPL.CPL Microsoft Corporation
INTL.CPL Microsoft Corporation
MODEM.CPL Microsoft Corporation
POWERCFG.CPL Microsoft Corporation
APPWIZ.CPL Microsoft Corporation
DESK.CPL Microsoft Corporation
MAIN.CPL Microsoft Corporation
MMSYS.CPL Microsoft Corporation
NETCPL.CPL Microsoft Corporation
PASSWORD.CPL Microsoft Corporation
SYSDM.CPL Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
TIMEDATE.CPL Microsoft Corporation
WUAUCPL.CPL Microsoft Corporation
ACCESS.CPL Microsoft Corporation
CMICNFG.CPL C-Media Corporation
JOY.CPL Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
odbccp32.cpl Microsoft Corporation
conres.cpl
  • 0

#4
didom
Posted 10 August 2005 - 03:40 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please also run this for me:

Download Find Q.zip and save it to your desktop.
http://forums.net-in...=post&id=153912

Extract (unzip) the files inside into their own folder called Find Q.
Look here how to unzip/extract properly:
http://metallica.gee...xplanation.html
Open the Find Q-folder.
Locate and double-click the Find Q.bat to run it.
Wait until notepad opens and copy and paste the content in your next reply.
  • 0

#5
MBurlew8
Posted 10 August 2005 - 05:01 PM

MBurlew8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Not sure if i did this right. . .

»»»»» Search by size...

C:\WINDOWS\SYSTEM\SUPDATE.DLL
C:\WINDOWS\TEMP\SNB.EXE
C:\WINDOWS\TEMP\GLB1A2B.EXE
C:\WINDOWS\TEMP\A~NSISU_.EXE
C:\WINDOWS\TEMP\F1521964.EXE
C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\NATR.EXE

Edited by MBurlew8, 10 August 2005 - 05:23 PM.

  • 0

#6
didom
Posted 11 August 2005 - 08:36 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
  • Please download the Killbox.
    Unzip it to the desktop but do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\WINDOWS\hostsagb
    C:\WINDOWS\uknig.dll
    C:\WINDOWS\jnkmr.dll
    C:\\WINDOWS\ramhll.exe
    C:\WINDOWS\rkunyyn.dll
    C:\WINDOWS\TASKS\RUTASK.job
    C:\WINDOWS\TEMP\GLB1A2B.EXE
    C:\WINDOWS\TEMP\A~NSISU_.EXE
    C:\WINDOWS\TEMP\F1521964.EXE
    C:\WINDOWS\SYSTEM\datadx.dll
    C:\WINDOWS\SYSTEM\conres.cpl
    C:\WINDOWS\SYSTEM\SUPDATE.DLL
    C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\NATR.EXE

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

  • Let the system reboot.
-------------------------------------------
  • Download The Hoster
  • Unzip hoster to an own folder (C:\Hoster)
  • Start Hoster.exe
  • Click 'Restore Original Hosts' and click OK.
  • Close the program.
Reboot your computer again.

-----------------------------------------------

Please download L2m9xfix here:
http://www.geekstogo...ds/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.

------------------------------------------------

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!


So I need three logs...... HijackThis + runthis.bat log + WinPFind!
  • 0

#7
MBurlew8
Posted 11 August 2005 - 09:52 AM

MBurlew8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:48:38 AM, on 8/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RAMHLL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\CMD\COMMAND.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\WEB OFFER\WO.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - Default URLSearchHook is missing
O2 - BHO: SDWin32 Class - {8A36E75F-112B-4FBF-A497-73CEEF29380A} - C:\WINDOWS\SYSTEM\BPQKS.DLL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [FlashClean] C:\PROGRAM FILES\FLASHCLEAN\FlashClean.exe %1
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ramhll.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [Command] C:\WINDOWS\cmd\command.exe
O4 - HKLM\..\Run: [bpqksc] C:\WINDOWS\SYSTEM\bpqksc.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: natr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmas...ick/TMSetup.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {8DA664DC-123E-4836-B7B3-6653A8B082AB} (ChatOCX Control) - http://www.igl.net/c...ChatOCXProj.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.2.7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab




Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\AATXPRXY.DLL
C:\WINDOWS\system\AATXPRXY.DLL
C:\WINDOWS\system\AATXPRXY.DLL
C:\WINDOWS\system\AATXPRXY.DLL
C:\WINDOWS\system\ABRACE.DLL
C:\WINDOWS\system\ABRACE.DLL
C:\WINDOWS\system\ABRACE.DLL
C:\WINDOWS\system\ABRACE.DLL
C:\WINDOWS\system\AFKRNL32.DLL
C:\WINDOWS\system\AFKRNL32.DLL
C:\WINDOWS\system\AFKRNL32.DLL
C:\WINDOWS\system\AFKRNL32.DLL
C:\WINDOWS\system\ALSTREAM.DLL
C:\WINDOWS\system\ALSTREAM.DLL
C:\WINDOWS\system\ALSTREAM.DLL
C:\WINDOWS\system\ALSTREAM.DLL
C:\WINDOWS\system\AMMUI.DLL
C:\WINDOWS\system\AMMUI.DLL
C:\WINDOWS\system\APMUI.DLL
C:\WINDOWS\system\APMUI.DLL
C:\WINDOWS\system\axl71.DLL
C:\WINDOWS\system\axl71.DLL
C:\WINDOWS\system\axl71.DLL
C:\WINDOWS\system\axl71.DLL
C:\WINDOWS\system\AYMUI.DLL
C:\WINDOWS\system\AYMUI.DLL
C:\WINDOWS\system\AYMUI.DLL
C:\WINDOWS\system\AYMUI.DLL
C:\WINDOWS\system\AYSTREAM.DLL
C:\WINDOWS\system\AYSTREAM.DLL
C:\WINDOWS\system\AYSTREAM.DLL
C:\WINDOWS\system\AYSTREAM.DLL
C:\WINDOWS\system\CCMMDLG.DLL
C:\WINDOWS\system\CCMMDLG.DLL
C:\WINDOWS\system\CCMMDLG.DLL
C:\WINDOWS\system\CCMMDLG.DLL
C:\WINDOWS\system\CJA.DLL
C:\WINDOWS\system\CJA.DLL
C:\WINDOWS\system\CJA.DLL
C:\WINDOWS\system\CJA.DLL
C:\WINDOWS\system\CMRPOL.DLL
C:\WINDOWS\system\CMRPOL.DLL
C:\WINDOWS\system\CMRPOL.DLL
C:\WINDOWS\system\CMRPOL.DLL
C:\WINDOWS\system\CNOOSUSR.DLL
C:\WINDOWS\system\CNOOSUSR.DLL
C:\WINDOWS\system\CNOOSUSR.DLL
C:\WINDOWS\system\CNOOSUSR.DLL
C:\WINDOWS\system\CUYPTNET.DLL
C:\WINDOWS\system\CUYPTNET.DLL
C:\WINDOWS\system\CUYPTNET.DLL
C:\WINDOWS\system\CUYPTNET.DLL
C:\WINDOWS\system\cyral.dll
C:\WINDOWS\system\cyral.dll
C:\WINDOWS\system\cyral.dll
C:\WINDOWS\system\cyral.dll
C:\WINDOWS\system\DADRM16F.DLL
C:\WINDOWS\system\DADRM16F.DLL
C:\WINDOWS\system\DADRM16F.DLL
C:\WINDOWS\system\DADRM16F.DLL
C:\WINDOWS\system\DAGHELP.DLL
C:\WINDOWS\system\DAGHELP.DLL
C:\WINDOWS\system\DAGHELP.DLL
C:\WINDOWS\system\DAGHELP.DLL
C:\WINDOWS\system\DAUSIC.DLL
C:\WINDOWS\system\DAUSIC.DLL
C:\WINDOWS\system\DAUSIC.DLL
C:\WINDOWS\system\DAUSIC.DLL
C:\WINDOWS\system\dbdmo.dll
C:\WINDOWS\system\DBDRAMPF.DLL
C:\WINDOWS\system\DBDRAMPF.DLL
C:\WINDOWS\system\DBDRAMPF.DLL
C:\WINDOWS\system\DBDRAMPF.DLL
C:\WINDOWS\system\dbwave.dll
C:\WINDOWS\system\dbwave.dll
C:\WINDOWS\system\dbwave.dll
C:\WINDOWS\system\dbwave.dll
C:\WINDOWS\system\DCSKCOPY.DLL
C:\WINDOWS\system\DCSKCOPY.DLL
C:\WINDOWS\system\DCSKCOPY.DLL
C:\WINDOWS\system\DCSKCOPY.DLL
C:\WINDOWS\system\DESPEX.DLL
C:\WINDOWS\system\DESPEX.DLL
C:\WINDOWS\system\DESPEX.DLL
C:\WINDOWS\system\DESPEX.DLL
C:\WINDOWS\system\DFCVW_32.DLL
C:\WINDOWS\system\DFCVW_32.DLL
C:\WINDOWS\system\dgnaddr.dll
C:\WINDOWS\system\dgnaddr.dll
C:\WINDOWS\system\dgnaddr.dll
C:\WINDOWS\system\dgnaddr.dll
C:\WINDOWS\system\DHMODEMX.DLL
C:\WINDOWS\system\DHMODEMX.DLL
C:\WINDOWS\system\DHMODEMX.DLL
C:\WINDOWS\system\DHMODEMX.DLL
C:\WINDOWS\system\DJDIM.DLL
C:\WINDOWS\system\DJDIM.DLL
C:\WINDOWS\system\DJDIM.DLL
C:\WINDOWS\system\DJDIM.DLL
C:\WINDOWS\system\DKDHALF.DLL
C:\WINDOWS\system\DKDHALF.DLL
C:\WINDOWS\system\DKDHALF.DLL
C:\WINDOWS\system\DKDHALF.DLL
C:\WINDOWS\system\DKLAY.DLL
C:\WINDOWS\system\DKLAY.DLL
C:\WINDOWS\system\DKLAY.DLL
C:\WINDOWS\system\DKLAY.DLL
C:\WINDOWS\system\DLDREF.DLL
C:\WINDOWS\system\DLDREF.DLL
C:\WINDOWS\system\DLDREF.DLL
C:\WINDOWS\system\DLDREF.DLL
C:\WINDOWS\system\DQDRG8X.DLL
C:\WINDOWS\system\DQDRG8X.DLL
C:\WINDOWS\system\DQDRG8X.DLL
C:\WINDOWS\system\DQDRG8X.DLL
C:\WINDOWS\system\DTEML.DLL
C:\WINDOWS\system\DTEML.DLL
C:\WINDOWS\system\DTEML.DLL
C:\WINDOWS\system\DTEML.DLL
C:\WINDOWS\system\DVDIM.DLL
C:\WINDOWS\system\DVDIM.DLL
C:\WINDOWS\system\DVDIM.DLL
C:\WINDOWS\system\DVDIM.DLL
C:\WINDOWS\system\DWSENH.DLL
C:\WINDOWS\system\DWSENH.DLL
C:\WINDOWS\system\DY3J.DLL
C:\WINDOWS\system\DY3J.DLL
C:\WINDOWS\system\DY3J.DLL
C:\WINDOWS\system\DY3J.DLL
C:\WINDOWS\system\DYDRG24X.DLL
C:\WINDOWS\system\DYDRG24X.DLL
C:\WINDOWS\system\DYDRG24X.DLL
C:\WINDOWS\system\DYDRG24X.DLL
C:\WINDOWS\system\efenu.dll
C:\WINDOWS\system\efenu.dll
C:\WINDOWS\system\efenu.dll
C:\WINDOWS\system\efenu.dll
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\eienu.dll
C:\WINDOWS\system\ET.DLL
C:\WINDOWS\system\ET.DLL
C:\WINDOWS\system\ET.DLL
C:\WINDOWS\system\ET.DLL
C:\WINDOWS\system\GBF.DLL
C:\WINDOWS\system\GBF.DLL
C:\WINDOWS\system\GBF.DLL
C:\WINDOWS\system\GBF.DLL
C:\WINDOWS\system\GIU32.DLL
C:\WINDOWS\system\GIU32.DLL
C:\WINDOWS\system\HFTPLUG.DLL
C:\WINDOWS\system\HFTPLUG.DLL
C:\WINDOWS\system\HFTPLUG.DLL
C:\WINDOWS\system\HFTPLUG.DLL
C:\WINDOWS\system\HXINK.DLL
C:\WINDOWS\system\HXINK.DLL
C:\WINDOWS\system\HXINK.DLL
C:\WINDOWS\system\HXINK.DLL
C:\WINDOWS\system\IDROP.DLL
C:\WINDOWS\system\IDROP.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\IISENG.DLL
C:\WINDOWS\system\ILM32.DLL
C:\WINDOWS\system\ILM32.DLL
C:\WINDOWS\system\ILM32.DLL
C:\WINDOWS\system\ILM32.DLL
C:\WINDOWS\system\IMMFILTER.DLL
C:\WINDOWS\system\IMMFILTER.DLL
C:\WINDOWS\system\IMMFILTER.DLL
C:\WINDOWS\system\IMMFILTER.DLL
C:\WINDOWS\system\IQMUI.DLL
C:\WINDOWS\system\IQMUI.DLL
C:\WINDOWS\system\IQMUI.DLL
C:\WINDOWS\system\IQMUI.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\ISM32.DLL
C:\WINDOWS\system\IW3Svc.dll
C:\WINDOWS\system\IWROP.DLL
C:\WINDOWS\system\IWROP.DLL
C:\WINDOWS\system\IWROP.DLL
C:\WINDOWS\system\IWROP.DLL
C:\WINDOWS\system\IYGCMN.DLL
C:\WINDOWS\system\IYGCMN.DLL
C:\WINDOWS\system\IYGCMN.DLL
C:\WINDOWS\system\IYGCMN.DLL
C:\WINDOWS\system\IZ50_QCX.DLL
C:\WINDOWS\system\IZ50_QCX.DLL
C:\WINDOWS\system\IZ50_QCX.DLL
C:\WINDOWS\system\IZ50_QCX.DLL
C:\WINDOWS\system\IZWDIAL.DLL
C:\WINDOWS\system\IZWDIAL.DLL
C:\WINDOWS\system\jgd.dll
C:\WINDOWS\system\jgd.dll
C:\WINDOWS\system\jgd.dll
C:\WINDOWS\system\jgd.dll
C:\WINDOWS\system\JJEG2X32.DLL
C:\WINDOWS\system\JJEG2X32.DLL
C:\WINDOWS\system\JJEG2X32.DLL
C:\WINDOWS\system\JJEG2X32.DLL
C:\WINDOWS\system\KCRNEL32.DLL
C:\WINDOWS\system\KCRNEL32.DLL
C:\WINDOWS\system\KCRNEL32.DLL
C:\WINDOWS\system\KCRNEL32.DLL
C:\WINDOWS\system\lvqp7c25q.dll
C:\WINDOWS\system\lvqp7c25q.dll
C:\WINDOWS\system\mbcpxl32.dll
C:\WINDOWS\system\mbcpxl32.dll
C:\WINDOWS\system\mbcpxl32.dll
C:\WINDOWS\system\mbcpxl32.dll
C:\WINDOWS\system\MCC30.DLL
C:\WINDOWS\system\MCC30.DLL
C:\WINDOWS\system\MCC30.DLL
C:\WINDOWS\system\MCC30.DLL
C:\WINDOWS\system\mecpxl32.dll
C:\WINDOWS\system\mecpxl32.dll
C:\WINDOWS\system\mecpxl32.dll
C:\WINDOWS\system\mecpxl32.dll
C:\WINDOWS\system\MEPWL32.DLL
C:\WINDOWS\system\MEPWL32.DLL
C:\WINDOWS\system\mfvcr70.dll
C:\WINDOWS\system\mfvcr70.dll
C:\WINDOWS\system\mfvcr70.dll
C:\WINDOWS\system\mfvcr70.dll
C:\WINDOWS\system\MHC40.DLL
C:\WINDOWS\system\MHC40.DLL
C:\WINDOWS\system\MHC40.DLL
C:\WINDOWS\system\MHC40.DLL
C:\WINDOWS\system\MIPMSP.DLL
C:\WINDOWS\system\MIPMSP.DLL
C:\WINDOWS\system\MIPMSP.DLL
C:\WINDOWS\system\MIPMSP.DLL
C:\WINDOWS\system\MKREPL40.DLL
C:\WINDOWS\system\MKREPL40.DLL
C:\WINDOWS\system\MKREPL40.DLL
C:\WINDOWS\system\MKREPL40.DLL
C:\WINDOWS\system\MLRD2X40.DLL
C:\WINDOWS\system\MLRD2X40.DLL
C:\WINDOWS\system\MLRD2X40.DLL
C:\WINDOWS\system\MLRD2X40.DLL
C:\WINDOWS\system\MMLTUS40.DLL
C:\WINDOWS\system\MMLTUS40.DLL
C:\WINDOWS\system\MMLTUS40.DLL
C:\WINDOWS\system\MMLTUS40.DLL
C:\WINDOWS\system\MOC30.DLL
C:\WINDOWS\system\MOC30.DLL
C:\WINDOWS\system\MOC30.DLL
C:\WINDOWS\system\MOC30.DLL
C:\WINDOWS\system\mqpatcha.dll
C:\WINDOWS\system\mqpatcha.dll
C:\WINDOWS\system\mqpatcha.dll
C:\WINDOWS\system\mqpatcha.dll
C:\WINDOWS\system\mrjetoledb40.dll
C:\WINDOWS\system\mrjetoledb40.dll
C:\WINDOWS\system\mrjetoledb40.dll
C:\WINDOWS\system\mrjetoledb40.dll
C:\WINDOWS\system\MTAWT.DLL
C:\WINDOWS\system\MTAWT.DLL
C:\WINDOWS\system\MTAWT.DLL
C:\WINDOWS\system\MTAWT.DLL
C:\WINDOWS\system\MTJINT40.DLL
C:\WINDOWS\system\MTJINT40.DLL
C:\WINDOWS\system\MTJINT40.DLL
C:\WINDOWS\system\MTJINT40.DLL
C:\WINDOWS\system\MUEXCL40.DLL
C:\WINDOWS\system\MUEXCL40.DLL
C:\WINDOWS\system\MUEXCL40.DLL
C:\WINDOWS\system\MUEXCL40.DLL
C:\WINDOWS\system\MUMIXMGR.DLL
C:\WINDOWS\system\MUMIXMGR.DLL
C:\WINDOWS\system\MUMIXMGR.DLL
C:\WINDOWS\system\MUMIXMGR.DLL
C:\WINDOWS\system\mWpi32x.dll
C:\WINDOWS\system\mWpi32x.dll
C:\WINDOWS\system\mWpi32x.dll
C:\WINDOWS\system\mWpi32x.dll
C:\WINDOWS\system\mypatcha.dll
C:\WINDOWS\system\mypatcha.dll
C:\WINDOWS\system\mypatcha.dll
C:\WINDOWS\system\mypatcha.dll
C:\WINDOWS\system\NHONN32.DLL
C:\WINDOWS\system\NHONN32.DLL
C:\WINDOWS\system\NHONN32.DLL
C:\WINDOWS\system\NHONN32.DLL
C:\WINDOWS\system\NRTOS.DLL
C:\WINDOWS\system\NRTOS.DLL
C:\WINDOWS\system\OFFIL400.DLL
C:\WINDOWS\system\OFFIL400.DLL
C:\WINDOWS\system\OFFIL400.DLL
C:\WINDOWS\system\OFFIL400.DLL
C:\WINDOWS\system\ONSLB400.DLL
C:\WINDOWS\system\ONSLB400.DLL
C:\WINDOWS\system\ONSLB400.DLL
C:\WINDOWS\system\ONSLB400.DLL
C:\WINDOWS\system\OOESVR.DLL
C:\WINDOWS\system\OOESVR.DLL
C:\WINDOWS\system\OOESVR.DLL
C:\WINDOWS\system\OOESVR.DLL
C:\WINDOWS\system\OPEXL32.DLL
C:\WINDOWS\system\OPEXL32.DLL
C:\WINDOWS\system\OPEXL32.DLL
C:\WINDOWS\system\OPEXL32.DLL
C:\WINDOWS\system\OSETHK32.DLL
C:\WINDOWS\system\OSETHK32.DLL
C:\WINDOWS\system\OSETHK32.DLL
C:\WINDOWS\system\OSETHK32.DLL
C:\WINDOWS\system\OWENGL32.DLL
C:\WINDOWS\system\OWENGL32.DLL
C:\WINDOWS\system\OWENGL32.DLL
C:\WINDOWS\system\OWENGL32.DLL
C:\WINDOWS\system\oybccu32.dll
C:\WINDOWS\system\oybccu32.dll
C:\WINDOWS\system\oybccu32.dll
C:\WINDOWS\system\oybccu32.dll
C:\WINDOWS\system\PDPD.DLL
C:\WINDOWS\system\PDPD.DLL
C:\WINDOWS\system\PDPD.DLL
C:\WINDOWS\system\PDPD.DLL
C:\WINDOWS\system\PEWRPROF.DLL
C:\WINDOWS\system\PEWRPROF.DLL
C:\WINDOWS\system\PEWRPROF.DLL
C:\WINDOWS\system\PEWRPROF.DLL
C:\WINDOWS\system\PUSPL.DLL
C:\WINDOWS\system\PUSPL.DLL
C:\WINDOWS\system\PUSPL.DLL
C:\WINDOWS\system\PUSPL.DLL
C:\WINDOWS\system\QCV.DLL
C:\WINDOWS\system\QCV.DLL
C:\WINDOWS\system\QCV.DLL
C:\WINDOWS\system\QCV.DLL
C:\WINDOWS\system\QGVD.DLL
C:\WINDOWS\system\QGVD.DLL
C:\WINDOWS\system\QGVD.DLL
C:\WINDOWS\system\QGVD.DLL
C:\WINDOWS\system\QLV.DLL
C:\WINDOWS\system\QLV.DLL
C:\WINDOWS\system\QLV.DLL
C:\WINDOWS\system\QLV.DLL
C:\WINDOWS\system\QOV.DLL
C:\WINDOWS\system\QOV.DLL
C:\WINDOWS\system\QOV.DLL
C:\WINDOWS\system\QOV.DLL
C:\WINDOWS\system\QXDIT.DLL
C:\WINDOWS\system\QXDIT.DLL
C:\WINDOWS\system\QXDIT.DLL
C:\WINDOWS\system\QXDIT.DLL
C:\WINDOWS\system\RECMQSVR.DLL
C:\WINDOWS\system\RECMQSVR.DLL
C:\WINDOWS\system\RECMQSVR.DLL
C:\WINDOWS\system\RECMQSVR.DLL
C:\WINDOWS\system\RECRES.dll
C:\WINDOWS\system\RECRES.dll
C:\WINDOWS\system\RECRES.dll
C:\WINDOWS\system\RECRES.dll
C:\WINDOWS\system\RLSTORRC.DLL
C:\WINDOWS\system\RLSTORRC.DLL
C:\WINDOWS\system\RLSTORRC.DLL
C:\WINDOWS\system\RLSTORRC.DLL
C:\WINDOWS\system\RMAPH.DLL
C:\WINDOWS\system\RMAPH.DLL
C:\WINDOWS\system\RMAPH.DLL
C:\WINDOWS\system\RMAPH.DLL
C:\WINDOWS\system\RPAPH.DLL
C:\WINDOWS\system\RPAPH.DLL
C:\WINDOWS\system\RPAPH.DLL
C:\WINDOWS\system\RPAPH.DLL
C:\WINDOWS\system\RYABASE.DLL
C:\WINDOWS\system\RYABASE.DLL
C:\WINDOWS\system\RYABASE.DLL
C:\WINDOWS\system\RYABASE.DLL
C:\WINDOWS\system\SASCLASS.DLL
C:\WINDOWS\system\SASCLASS.DLL
C:\WINDOWS\system\SASCLASS.DLL
C:\WINDOWS\system\SASCLASS.DLL
C:\WINDOWS\system\SBDOCLC.DLL
C:\WINDOWS\system\SBDOCLC.DLL
C:\WINDOWS\system\SCRIALUI.DLL
C:\WINDOWS\system\SCRIALUI.DLL
C:\WINDOWS\system\SCRIALUI.DLL
C:\WINDOWS\system\SCRIALUI.DLL
C:\WINDOWS\system\SE_8M.DLL
C:\WINDOWS\system\SE_8M.DLL
C:\WINDOWS\system\SFI.DLL
C:\WINDOWS\system\SFI.DLL
C:\WINDOWS\system\SFI.DLL
C:\WINDOWS\system\SFI.DLL
C:\WINDOWS\system\SIHAV.DLL
C:\WINDOWS\system\SII.DLL
C:\WINDOWS\system\SII.DLL
C:\WINDOWS\system\SPDOCVW.DLL
C:\WINDOWS\system\SPDOCVW.DLL
C:\WINDOWS\system\SPDOCVW.DLL
C:\WINDOWS\system\SPDOCVW.DLL
C:\WINDOWS\system\SSHAV.DLL
C:\WINDOWS\system\SSHAV.DLL
C:\WINDOWS\system\SSHAV.DLL
C:\WINDOWS\system\SSHAV.DLL
C:\WINDOWS\system\SSRIALUI.DLL
C:\WINDOWS\system\SSRIALUI.DLL
C:\WINDOWS\system\SSRIALUI.DLL
C:\WINDOWS\system\SSRIALUI.DLL
C:\WINDOWS\system\SXRIALUI.DLL
C:\WINDOWS\system\SXRIALUI.DLL
C:\WINDOWS\system\TCPI.DLL
C:\WINDOWS\system\TCPI.DLL
C:\WINDOWS\system\TCPI.DLL
C:\WINDOWS\system\TCPI.DLL
C:\WINDOWS\system\THOLHELP.DLL
C:\WINDOWS\system\THOLHELP.DLL
C:\WINDOWS\system\THOLHELP.DLL
C:\WINDOWS\system\THOLHELP.DLL
C:\WINDOWS\system\tQembed.dll
C:\WINDOWS\system\tQembed.dll
C:\WINDOWS\system\tQembed.dll
C:\WINDOWS\system\tQembed.dll
C:\WINDOWS\system\UAP10.DLL
C:\WINDOWS\system\UAP10.DLL
C:\WINDOWS\system\UAP10.DLL
C:\WINDOWS\system\UAP10.DLL
C:\WINDOWS\system\UBBUI.DLL
C:\WINDOWS\system\UBBUI.DLL
C:\WINDOWS\system\UBBUI.DLL
C:\WINDOWS\system\UBBUI.DLL
C:\WINDOWS\system\UBL.DLL
C:\WINDOWS\system\VHWWDM32.DLL
C:\WINDOWS\system\VHWWDM32.DLL
C:\WINDOWS\system\VHWWDM32.DLL
C:\WINDOWS\system\VHWWDM32.DLL
C:\WINDOWS\system\VIODCTL.DLL
C:\WINDOWS\system\VIODCTL.DLL
C:\WINDOWS\system\VIODCTL.DLL
C:\WINDOWS\system\VIODCTL.DLL
C:\WINDOWS\system\VKWWDM32.DLL
C:\WINDOWS\system\VKWWDM32.DLL
C:\WINDOWS\system\VKWWDM32.DLL
C:\WINDOWS\system\VKWWDM32.DLL
C:\WINDOWS\system\VVRSION.DLL
C:\WINDOWS\system\VVRSION.DLL
C:\WINDOWS\system\VVRSION.DLL
C:\WINDOWS\system\VVRSION.DLL
C:\WINDOWS\system\WDCTHUNK.DLL
C:\WINDOWS\system\WDCTHUNK.DLL
C:\WINDOWS\system\WDCTHUNK.DLL
C:\WINDOWS\system\WDCTHUNK.DLL
C:\WINDOWS\system\wgpcore.dll
C:\WINDOWS\system\wgpcore.dll
C:\WINDOWS\system\wgpcore.dll
C:\WINDOWS\system\wgpcore.dll
C:\WINDOWS\system\WJADMOD.DLL
C:\WINDOWS\system\WJADMOD.DLL
C:\WINDOWS\system\WJADMOD.DLL
C:\WINDOWS\system\WJADMOD.DLL
C:\WINDOWS\system\WJW32.DLL
C:\WINDOWS\system\WJW32.DLL
C:\WINDOWS\system\WJW32.DLL
C:\WINDOWS\system\WJW32.DLL
C:\WINDOWS\system\wkp.dll
C:\WINDOWS\system\wkp.dll
C:\WINDOWS\system\wkp.dll
C:\WINDOWS\system\wkp.dll
C:\WINDOWS\system\WKW32.DLL
C:\WINDOWS\system\WKW32.DLL
C:\WINDOWS\system\WKW32.DLL
C:\WINDOWS\system\WKW32.DLL
C:\WINDOWS\system\WPASCR.DLL
C:\WINDOWS\system\WPASCR.DLL
C:\WINDOWS\system\WPASCR.DLL
C:\WINDOWS\system\WPASCR.DLL
C:\WINDOWS\system\WPICORE.DLL
C:\WINDOWS\system\WPICORE.DLL
C:\WINDOWS\system\WPICORE.DLL
C:\WINDOWS\system\WPICORE.DLL
C:\WINDOWS\system\WTADMOD.DLL
C:\WINDOWS\system\WTADMOD.DLL
C:\WINDOWS\system\WX5INF32.DLL
C:\WINDOWS\system\WX5INF32.DLL
C:\WINDOWS\system\WX5INF32.DLL
C:\WINDOWS\system\WX5INF32.DLL
C:\WINDOWS\system\WY2THK.DLL
C:\WINDOWS\system\WY2THK.DLL
C:\WINDOWS\system\WY2THK.DLL
C:\WINDOWS\system\WY2THK.DLL
C:\WINDOWS\system\WYASCR.DLL
C:\WINDOWS\system\xjoice.dll
C:\WINDOWS\system\xjoice.dll
C:\WINDOWS\system\xjoice.dll
C:\WINDOWS\system\xjoice.dll
C:\WINDOWS\system\zmib.dll
C:\WINDOWS\system\zmib.dll
C:\WINDOWS\system\ZQORT4AS.dll
C:\WINDOWS\system\ZQORT4AS.dll
C:\WINDOWS\system\ZQORT4AS.dll
C:\WINDOWS\system\ZQORT4AS.dll

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{8DABE793-23D9-45DF-A3DB-F442883BB479}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WBEM\\NET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{4CB3ACD0-B2D8-11D3-8791-005004A8FC4D}\InprocServer32]
@="C:\\PROGRAM FILES\\COMMON FILES\\ADAPTEC SHARED\\CREATORAPI\\JOLIET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{743F1DC6-5ABA-429F-8BDF-C54D03253DC2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{DA825E1B-6830-43D7-835D-0B5AD82956A2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{286F484D-375E-4458-A272-B138E2F80A6A}\InProcServer32]
@="dpnet.dll"
[HKEY_CLASSES_ROOT\CLSID\{8DABE793-23D9-45DF-A3DB-F442883BB479}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WBEM\\NET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{4CB3ACD0-B2D8-11D3-8791-005004A8FC4D}\InprocServer32]
@="C:\\PROGRAM FILES\\COMMON FILES\\ADAPTEC SHARED\\CREATORAPI\\JOLIET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{743F1DC6-5ABA-429F-8BDF-C54D03253DC2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{DA825E1B-6830-43D7-835D-0B5AD82956A2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{286F484D-375E-4458-A272-B138E2F80A6A}\InProcServer32]
@="dpnet.dll"
[HKEY_CLASSES_ROOT\CLSID\{8DABE793-23D9-45DF-A3DB-F442883BB479}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WBEM\\NET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{4CB3ACD0-B2D8-11D3-8791-005004A8FC4D}\InprocServer32]
@="C:\\PROGRAM FILES\\COMMON FILES\\ADAPTEC SHARED\\CREATORAPI\\JOLIET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{743F1DC6-5ABA-429F-8BDF-C54D03253DC2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{DA825E1B-6830-43D7-835D-0B5AD82956A2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{286F484D-375E-4458-A272-B138E2F80A6A}\InProcServer32]
@="dpnet.dll"
[HKEY_CLASSES_ROOT\CLSID\{8DABE793-23D9-45DF-A3DB-F442883BB479}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\WBEM\\NET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{4CB3ACD0-B2D8-11D3-8791-005004A8FC4D}\InprocServer32]
@="C:\\PROGRAM FILES\\COMMON FILES\\ADAPTEC SHARED\\CREATORAPI\\JOLIET.DLL"
--
[HKEY_CLASSES_ROOT\CLSID\{743F1DC6-5ABA-429F-8BDF-C54D03253DC2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{DA825E1B-6830-43D7-835D-0B5AD82956A2}\InProcServer32]
@="dpnet.dll"
--
[HKEY_CLASSES_ROOT\CLSID\{286F484D-375E-4458-A272-B138E2F80A6A}\InProcServer32]
@="dpnet.dll"
[HKEY_CLASSES_ROOT\CLSID\{51A0A4C2-7361-4B80-85EB-96B8718AFBCE}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MBCPXL32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{51A0A4C2-7361-4B80-85EB-96B8718AFBCE}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MBCPXL32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{51A0A4C2-7361-4B80-85EB-96B8718AFBCE}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MBCPXL32.DLL"
[HKEY_CLASSES_ROOT\CLSID\{51A0A4C2-7361-4B80-85EB-96B8718AFBCE}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MBCPXL32.DLL"


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!



WinPFind
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows Millennium Edition Version: 4.90.3000
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 8/10/2005 8:29:08 PM 25105 C:\MTE2NzY6ODoxNg.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
qoologic 8/11/2005 10:34:48 AM 1421344 C:\WINDOWS\USER.DAT
KavSvc 8/11/2005 10:34:48 AM 2129952 C:\WINDOWS\SYSTEM.DAT
winsync 8/11/2005 10:34:48 AM 2129952 C:\WINDOWS\SYSTEM.DAT
PECompact2 6/14/2005 10:06:00 AM 15162837 C:\WINDOWS\VPTNFILE.685
qoologic 6/14/2005 10:06:00 AM 15162837 C:\WINDOWS\VPTNFILE.685
SAHAgent 6/14/2005 10:06:00 AM 15162837 C:\WINDOWS\VPTNFILE.685
UPX! 8/10/2005 3:43:24 PM 82432 C:\WINDOWS\ru.exe

Items found in C:\WINDOWS\hosts

KavSvc 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
69.59.186.63 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
209.66.67.134 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
testpopup 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
web-nex 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
yourkey 8/3/2005 4:27:30 AM 34816 C:\WINDOWS\rkunyyn.dll
aspack 7/4/2005 12:29:26 PM 535040 C:\WINDOWS\flashax.exe
web-nex 8/11/2005 10:30:16 AM 38003 C:\WINDOWS\jnkmr.dll
qoologic 7/31/2005 10:39:32 PM 2627 C:\WINDOWS\hostsagb
urllogic 7/31/2005 10:39:32 PM 2627 C:\WINDOWS\hostsagb
urllogic 7/31/2005 10:39:32 PM 2627 C:\WINDOWS\hostsagb
UPX! 6/14/2005 10:06:02 AM 1044560 C:\WINDOWS\vsapi32.dll
aspack 6/14/2005 10:06:02 AM 1044560 C:\WINDOWS\vsapi32.dll
UPX! 6/14/2005 10:06:04 AM 170053 C:\WINDOWS\tsc.exe
KavSvc 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
69.59.186.63 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
209.66.67.134 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
web-nex 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll
yourkey 8/3/2005 4:27:30 AM 16384 C:\WINDOWS\uknig.dll

Checking %System% folder...
aspack 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
KavSvc 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
69.59.186.63 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
209.66.67.134 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
66.63.167.97 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
66.63.167.77 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
web-nex 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
yourkey 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
rec2_run 8/10/2005 4:20:02 PM 29184 C:\WINDOWS\SYSTEM\supdate.dll
FSG! 8/19/2001 6:30:46 AM 11593 C:\WINDOWS\SYSTEM\temperror32.dat
SAHAgent 6/16/2005 2:28:14 PM 3523 C:\WINDOWS\SYSTEM\4d7cfuso.ini
69.59.186.63 8/11/2005 10:11:30 AM 29184 C:\WINDOWS\SYSTEM\datadx.dll
209.66.67.134 8/11/2005 10:11:30 AM 29184 C:\WINDOWS\SYSTEM\datadx.dll
66.63.167.97 8/11/2005 10:11:30 AM 29184 C:\WINDOWS\SYSTEM\datadx.dll
66.63.167.77 8/11/2005 10:11:30 AM 29184 C:\WINDOWS\SYSTEM\datadx.dll
web-nex 8/11/2005 10:11:30 AM 29184 C:\WINDOWS\SYSTEM\datadx.dll
winsync 8/11/2005 10:11:30 AM 29184 C:\WINDOWS\SYSTEM\datadx.dll
rec2_run 8/11/2005 10:11:30 AM 29184 C:\WINDOWS\SYSTEM\datadx.dll
SAHAgent 6/14/2005 3:34:14 PM 203264 C:\WINDOWS\SYSTEM\4d7cfuso.exe
SAHAgent 6/16/2005 2:16:46 PM 35 C:\WINDOWS\SYSTEM\1pr8lv29.ini

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
8/11/2005 10:36:08 AM 1421344 C:\WINDOWS\USER.DAT
8/11/2005 10:34:28 AM 3784736 C:\WINDOWS\CLASSES.DAT
8/11/2005 10:34:48 AM 2129952 C:\WINDOWS\SYSTEM.DAT
8/10/2005 3:43:24 PM 82432 C:\WINDOWS\ru.exe
8/11/2005 10:05:02 AM 3864 C:\WINDOWS\ttfCache
8/11/2005 10:28:44 AM 376764 C:\WINDOWS\ShellIconCache
7/4/2005 12:12:18 AM 4212 C:\WINDOWS\SYSTEM\zllictbl.dat
7/25/2005 12:34:30 PM 5852 C:\WINDOWS\SYSTEM\KGyGaAvL.sys
7/25/2005 12:34:18 PM 104 C:\WINDOWS\SYSTEM\04E9A3F359.sys
8/11/2005 10:35:48 AM 2840 C:\WINDOWS\PCHEALTH\HELPCTR\Database\HelpSessionHistory.stream
8/10/2005 3:43:24 PM 6 C:\WINDOWS\TASKS\SA.DAT
8/11/2005 10:35:26 AM 2702 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
8/11/2005 10:31:34 AM 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
8/11/2005 10:31:34 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
8/11/2005 10:35:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\01234567\desktop.ini
8/11/2005 10:35:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\8LANIP8R\desktop.ini
8/11/2005 10:35:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\V11YF6KU\desktop.ini
8/11/2005 10:35:28 AM 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\F7HIJTLD\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
8/3/2005 4:27:30 AM 81920 C:\WINDOWS\Start Menu\Programs\StartUp\natr.exe

Checking files in %USERPROFILE%\Application Data folder...
7/27/2005 10:20:52 PM 15036 C:\WINDOWS\Application Data\dw.log
5/26/2005 2:56:40 PM 8568 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{FEF10FA2-355E-4e06-9381-9B24D7F7CC88} = C:\WINDOWS\SYSTEM\SHELL32.DLL
{53C74826-AB99-4d33-ACA4-3117F51D3788} = C:\WINDOWS\SYSTEM\SHELL32.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

<<< WARNING! - NOT A VALID WIN98 KEY! (ME is Ok) >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7ab770c7-0e23-4d7a-8aa2-19bfad479829}
= C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\SYSTEM\DOCPROP2.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A36E75F-112B-4FBF-A497-73CEEF29380A}
SDWin32 Class = C:\WINDOWS\SYSTEM\BPQKS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
Web Offer Bar = C:\WINDOWS\SYSTEM\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
Web Offer Bar = C:\WINDOWS\SYSTEM\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRAM FILES\AIM\AIM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{7BED0340-176B-44BC-915E-C21C1DD6F617}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2D51D869-C36B-42BD-AE68-0A81BC771FA5} = :
{7BED0340-176B-44BC-915E-C21C1DD6F617} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
FlashClean C:\PROGRAM FILES\FLASHCLEAN\FlashClean.exe %1
KavSvc C:\WINDOWS\ramhll.exe reg_run
autoupdate rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
Command C:\WINDOWS\cmd\command.exe
bpqksc C:\WINDOWS\SYSTEM\bpqksc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
*StateMgr C:\WINDOWS\System\Restore\StateMgr.exe
rtvscn95 C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccleaner "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
eZmmod C:\PROGRA~1\ezula\mmod.exe
eZWO C:\PROGRA~1\Web Offer\wo.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
DisableLocalMachineRun 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
DisableLocalUserRun 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
MSERAT C:\WINDOWS\SYSTEM\MSERAT.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
AUHook {BCBCD383-3E06-11D3-91A9-00C04F68105C} = C:\WINDOWS\SYSTEM\AUHOOK.DLL

<<< WARNING! - NOT A VALID WIN98*admin KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
<<< WARNING! - NOT A VALID WIN98*admin KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/11/2005 10:39:02 AM



Track qoo.vbs
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"FlashClean"="C:\\PROGRAM FILES\\FLASHCLEAN\\FlashClean.exe %1"
"KavSvc"="C:\\WINDOWS\\ramhll.exe reg_run"
"autoupdate"="rundll32 C:\\WINDOWS\\SYSTEM\\DATADX.DLL,SHStart"
"Command"="C:\\WINDOWS\\cmd\\command.exe"
"bpqksc"="C:\\WINDOWS\\SYSTEM\\bpqksc.exe"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SSC\VPSHELL2.DLL

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\SYSTEM\SHELL32.DLL

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\SYSTEM\DOCPROP2.DLL

==============================
C:\WINDOWS\All Users\Start Menu\Programs\StartUp

==============================
C:\WINDOWS\Start Menu\Programs\StartUp

natr.exe
==============================
C:\WINDOWS\SYSTEM cpl files


INETCPL.CPL Microsoft Corporation
INTL.CPL Microsoft Corporation
MODEM.CPL Microsoft Corporation
POWERCFG.CPL Microsoft Corporation
APPWIZ.CPL Microsoft Corporation
DESK.CPL Microsoft Corporation
MAIN.CPL Microsoft Corporation
MMSYS.CPL Microsoft Corporation
NETCPL.CPL Microsoft Corporation
PASSWORD.CPL Microsoft Corporation
SYSDM.CPL Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
TIMEDATE.CPL Microsoft Corporation
WUAUCPL.CPL Microsoft Corporation
ACCESS.CPL Microsoft Corporation
CMICNFG.CPL C-Media Corporation
JOY.CPL Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
odbccp32.cpl Microsoft Corporation
conres.cpl
  • 0

#8
didom
Posted 13 August 2005 - 05:47 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Can you please do the fix again?

But now please insert the files in Killbox one-by-one..... not all together!
  • 0

#9
didom
Posted 31 August 2005 - 03:04 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP