Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Many Pop-Ups, Browser changing [RESOLVED]


  • This topic is locked This topic is locked

#1
HeadHurts

HeadHurts

    Member

  • Member
  • PipPip
  • 24 posts
I have run Clean Up, Ad-Aware, CWShredder, Spybot and Trojan Hunter. All identified problems after completing but the pop-ups remained. It seems to be getting worse as my system freezes all the time as well. "Mirar " was added to my Internet Tool Bar and is also displaying it's own pop-ups.

Any assistance is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:46:20 PM, on 8/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\SNSS\SNSS.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\XS44PX.EXE
C:\PROGRAM FILES\AEAB\TDAE.EXE
C:\WINDOWS\SYSTEM\ICFO95.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\ICFO95.EXE
C:\UNZIPPED\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
O2 - BHO: SDWin32 Class - {7CEE6680-13C3-11DA-A761-004854224535} - C:\WINDOWS\SYSTEM\MWSPJ.DLL
O2 - BHO: (no name) - {EE450223-BCC5-C13F-B4CD-E34BC6325BC4} - C:\WINDOWS\SYSTEM\KUU.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: SDWin32 Class - {32D25BE0-151E-11DA-A761-004854224535} - C:\WINDOWS\SYSTEM\GXVOU.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\SYSTEM\WINNB57.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\SYSTEM\WINNB57.DLL
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [wmgmin] C:\W130713.STUB.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\xs44px.exe reg_run
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\SYSTEM\newexp
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [Aeue] C:\Program Files\aeab\tdae.exe
O4 - HKCU\..\Run: [ICFO95] C:\WINDOWS\SYSTEM\ICFO95.exe
O4 - HKCU\..\RunOnce: [ICFO95] C:\WINDOWS\SYSTEM\ICFO95.exe
O4 - Startup: uipp.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol133.pogo.c...aploader_v5.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hoovers.webe...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: LotusMenu - http://www.warnaco.c...nu/menudisp.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwea.ops.pl...quicksilver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp


2. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O2 - BHO: SDWin32 Class - {7CEE6680-13C3-11DA-A761-004854224535} - C:\WINDOWS\SYSTEM\MWSPJ.DLL
O2 - BHO: (no name) - {EE450223-BCC5-C13F-B4CD-E34BC6325BC4} - C:\WINDOWS\SYSTEM\KUU.DLL
O2 - BHO: SDWin32 Class - {32D25BE0-151E-11DA-A761-004854224535} - C:\WINDOWS\SYSTEM\GXVOU.DLL
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\SYSTEM\WINNB57.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\SYSTEM\WINNB57.DLL
O4 - HKLM\..\Run: [snss Launcher] "C:\Program Files\snss\snss.exe"
O4 - HKLM\..\Run: [wmgmin] C:\W130713.STUB.EXE
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\SYSTEM\newexp
O4 - HKCU\..\Run: [Aeue] C:\Program Files\aeab\tdae.exe
O4 - HKCU\..\Run: [ICFO95] C:\WINDOWS\SYSTEM\ICFO95.exe
O4 - HKCU\..\RunOnce: [ICFO95] C:\WINDOWS\SYSTEM\ICFO95.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

3. Delete Rogue files

Run CleanUp and delete all temp files including temporary internet files

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\Program Files\E2G
C:\Program Files\snss
C:\Program Files\aeab

Files
C:\WINDOWS\SYSTEM\MWSPJ.DLL
C:\WINDOWS\SYSTEM\KUU.DLL
C:\WINDOWS\SYSTEM\GXVOU.DLL
C:\WINDOWS\SYSTEM\WINNB57.DLL
C:\WINDOWS\SYSTEM\WINNB57.DLL
C:\W130713.STUB.EXE
C:\WINDOWS\SYSTEM\DATADX.DLL
C:\WINDOWS\SYSTEM\newexp.exe
C:\WINDOWS\SYSTEM\ICFO95.exe



Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#3
HeadHurts

HeadHurts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I followed your instructions and had these problems:

I was able to delete all 3 of the the folders files you listed in step 3.

The following files could not be founf:
WINNB57. dll I found one file, but you have it listed twice. Only one deleted
W130713.stub.exe
newexp.exe
ICF095.exe

I could not run the Panda software. I tried 3 times and each time my screen froze. The Panda screen went toally blank.

I am still getting Party PokerHotbar.comadopthbmediapro.com Pop ups.

I am also geeting an error message that says:
NAVW32 Performed Illegal operation and will be shut down.

Here is my new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:37 PM, on 8/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\ICFO95.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\UIPP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\ICFO95.EXE
C:\WINDOWS\TEMP\EI.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\UNZIPPED\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\PROGRAM FILES\E2G\IEBHOS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\xs44px.exe reg_run
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKCU\..\Run: [ICFO95] C:\WINDOWS\SYSTEM\ICFO95.exe
O4 - Startup: uipp.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol133.pogo.c...aploader_v5.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hoovers.webe...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: LotusMenu - http://www.warnaco.c...nu/menudisp.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwea.ops.pl...quicksilver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download the following tools!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#5
HeadHurts

HeadHurts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I'm having a problem with the Track Qoo file. I can download it to my deskyop and Unzip it. But it creats a file called Track qoo 1 .vbs. When I double click on it, it askes me what program I want to open it in.

I tried deleting all of it and downloading it again, but I'm getting the same message.



Here's the WinPFind results:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 8/23/05 9:40:20 AM 25105 c:\MTE2NzY6ODoxNg.exe
UPX! 8/26/05 7:18:30 PM 82432 c:\MTE2ODI6ODoxNg.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 8/28/05 6:21:08 AM RH 10289184 c:\windows\SYSTEM.DAT
winsync 8/28/05 6:21:08 AM RH 10289184 c:\windows\SYSTEM.DAT
PTech 8/28/05 6:21:08 AM RH 1163296 c:\windows\USER.DAT
UPX! 8/22/05 10:43:24 PM 113048 c:\windows\invitessk.exe.tcf

Items found in c:\windows\hosts

69.59.186.63 8/28/05 6:09:32 AM 46080 c:\windows\fskksfg.dll
209.66.67.134 8/28/05 6:09:32 AM 46080 c:\windows\fskksfg.dll
web-nex 8/28/05 6:09:32 AM 46080 c:\windows\fskksfg.dll
winsync 8/28/05 6:09:32 AM 46080 c:\windows\fskksfg.dll
69.59.186.63 8/28/05 6:09:32 AM 10240 c:\windows\raooa.dll
209.66.67.134 8/28/05 6:09:32 AM 10240 c:\windows\raooa.dll
web-nex 8/28/05 6:09:32 AM 10240 c:\windows\raooa.dll
winsync 8/28/05 6:09:32 AM 10240 c:\windows\raooa.dll

Checking %System% folder...
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WCI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DCDRAMP.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\PBFMGR.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WWNTRUST.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\sHge.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DLIME.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MOPWL32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DGNDI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SLNSAPI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RCCLTC3.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WSW32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MMVCRT20.DLL
Umonitor 8/22/05 10:42:20 PM 405504 c:\windows\SYSTEM\VBODEC32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\IODll300.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MBDAERR.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mi4sdmod.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RNCHED.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hhzfac03.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SJREAMCI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DCTAZAP.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\HVINKPRX.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WYNALIGN.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\PQD.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SEI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\HHINKPRX.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MKAB32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MDRSERV.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mq4sdmod.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DMBENG.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MNO95FX.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\TWPI32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RIAUI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RCAUI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\GZDEF.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\jbmd400.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hezime03.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hyzpcl03.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\VbsShe.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\Pgsaci40.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ix41_qcx.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mjjetoledb40.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\wzdmps.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RNCMQSVR.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hyzjui03.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mywmdm.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\qhdwipes.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ROANP.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\VGA232.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WHTHK32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\OKE2CONV.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DQSERIAL.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\etthook.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hazfac03.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\iy50_qcx.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\itet16.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WQBCHECK.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\FS20ENU.DLL
UPX! 8/26/05 1:35:22 PM 69120 c:\windows\SYSTEM\icfo95.exe
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SmmpleRegistry.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\CBPBK32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\JYCRIPT.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ISMUPG.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\duwave.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MDJAVA.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DMOUND3D.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\eohsig.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\OFECLI.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\CQGMGR32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ICPEERS.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\wtv8dmod.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\PhetzlUp.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\OABCTRAC.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mouni11.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\lyfax11n.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ICDll300.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\aKmd532.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MHEXCL40.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\in41_qc.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\JKVART.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\IZRNONCE.DLL
FSG! 12/13/04 7:55:34 AM 398742 c:\windows\SYSTEM\DOZTCNk1.xml
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\jpproxy.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\BXNAPI.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/28/05 6:21:08 AM RH 10289184 c:\windows\SYSTEM.DAT
8/28/05 6:21:08 AM RH 1163296 c:\windows\USER.DAT
8/28/05 6:14:16 AM H 1467362 c:\windows\ShellIconCache
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WCI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DCDRAMP.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\PBFMGR.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WWNTRUST.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\sHge.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DLIME.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MOPWL32.DLL
8/23/05 6:04:02 PM H 23520 c:\windows\SYSTEM\ffastlog.txt
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DGNDI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SLNSAPI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RCCLTC3.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WSW32.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MMVCRT20.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SWLWID.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\IODll300.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MBDAERR.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mi4sdmod.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RNCHED.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hhzfac03.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SJREAMCI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DCTAZAP.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\HVINKPRX.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WYNALIGN.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\PQD.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SEI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\HHINKPRX.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MKAB32.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MDRSERV.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mq4sdmod.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DMBENG.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MNO95FX.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\TWPI32.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RIAUI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RCAUI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\GZDEF.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\jbmd400.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hezime03.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hyzpcl03.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\VbsShe.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\Pgsaci40.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ix41_qcx.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mjjetoledb40.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\wzdmps.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\RNCMQSVR.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hyzjui03.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mywmdm.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\qhdwipes.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ROANP.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\VGA232.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WHTHK32.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\OKE2CONV.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DQSERIAL.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\etthook.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\hazfac03.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\iy50_qcx.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\itet16.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\WQBCHECK.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\FS20ENU.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SmmpleRegistry.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\CBPBK32.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\JYCRIPT.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ISMUPG.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\duwave.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MDJAVA.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DMOUND3D.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\eohsig.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\OFECLI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\CQGMGR32.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ICPEERS.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\wtv8dmod.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\PhetzlUp.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\OABCTRAC.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mouni11.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\lyfax11n.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\ICDll300.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\aKmd532.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MHEXCL40.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\in41_qc.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\JKVART.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\IZRNONCE.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\jpproxy.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\BXNAPI.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\CISEQCHK.DLL
8/23/05 10:31:40 PM H 3993 c:\windows\All Users\Application Data\AOL\AOLDiag\AOL\ACSD\Win32\3.0.14.1\manifest.bin
8/26/05 2:21:28 PM H 3882 c:\windows\All Users\Application Data\AOL\AOLDiag\AOL\ACSDialer\Win32\3.0.14.1\manifest.bin
8/27/05 3:48:08 PM H 54 c:\windows\Application Data\Microsoft\Office\Recent\index.dat
8/26/05 5:06:02 PM HS 1131 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
8/23/05 9:10:38 AM H 0 c:\windows\Application Data\Microsoft\Word\~WRL2919.tmp
8/23/05 11:28:24 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/23/05 11:29:52 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\UNOJ785C\desktop.ini
8/23/05 11:33:54 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\Q70XA9O3\desktop.ini
8/23/05 11:37:22 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\XPCFS1WK\desktop.ini
8/23/05 11:37:28 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\E54FAXW9\desktop.ini
8/25/05 1:22:56 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\PQRJ234N\desktop.ini
8/25/05 1:23:06 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\2PUTSX8N\desktop.ini
8/23/05 11:38:26 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\GIXQKTEN\desktop.ini
8/25/05 4:08:14 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\AZ8JEVUP\desktop.ini
8/23/05 11:38:30 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\SNC36DG3\desktop.ini
8/25/05 1:23:50 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\XCPTZ993\desktop.ini
8/23/05 11:40:36 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\4ZQ3YTID\desktop.ini
8/25/05 4:12:14 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\OQMWT9GC\desktop.ini
8/23/05 7:29:32 PM H 6 c:\windows\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 60928 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 8/8/99 2:17:12 AM 41232 c:\windows\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 c:\windows\SYSTEM\POWERCFG.CPL
Microsoft Corporation 10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
4/23/99 10:22:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 c:\windows\SYSTEM\TIMEDATE.CPL
9/27/95 19456 c:\windows\SYSTEM\FINDFAST.CPL
Apple Computer, Inc. 1/6/04 4:02:36 PM 323072 c:\windows\SYSTEM\QuickTime.cpl
8/26/05 1:39:16 PM 31232 c:\windows\SYSTEM\conres.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
8/27/05 8:26:20 PM 92160 C:\WINDOWS\Start Menu\Programs\StartUp\uipp.exe
8/26/05 4:42:32 PM 415 C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk

Checking files in %USERPROFILE%\Application Data folder...
8/25/05 5:56:16 PM 3689 C:\WINDOWS\Application Data\dw.log
6/14/05 12:21:58 PM 66168 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F}
IEWatchObj Class = C:\WINDOWS\SYSTEM\IETie.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Comcast Toolbar = C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
CControl Object = C:\Program Files\E2G\IeBHOs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\SYSTEM\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{CA0B9B71-C2AF-11D3-B376-0800460222F0} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} = Related Page : C:\WINDOWS\SYSTEM\WINNB57.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
USBMMKBD usbmmkbd.exe
HPScanPatch C:\WINDOWS\SYSTEM\HPScanFix.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
HPDJ Taskbar Utility C:\WINDOWS\SYSTEM\hpztsb03.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
THGuard "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
winsync C:\WINDOWS\xs44px.exe reg_run
version C:\WINDOWS\SYSTEM\OEZSLP.exe
secure C:\WINDOWS\SYSTEM\DOZTCN.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
AolAcsDaemon1 "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Encompass_ENCMONTR C:\Program Files\Encompass\ENCMONTR.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ICFO95 C:\WINDOWS\SYSTEM\ICFO95.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ICFO95 C:\WINDOWS\SYSTEM\ICFO95.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ICFO95 C:\WINDOWS\SYSTEM\ICFO95.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/28/05 6:32:09 AM
  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICFO95"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICFO95"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
'ICFO95"=-


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

c:\MTE2NzY6ODoxNg.exe
c:\windows\fskksfg.dll
c:\windows\invitessk.exe.tcf
c:\windows\raooa.dll
C:\WINDOWS\Start Menu\Programs\StartUp\uipp.exe
c:\windows\SYSTEM\aKmd532.dll
c:\windows\SYSTEM\BXNAPI.DLL
c:\windows\SYSTEM\CBPBK32.DLL
c:\windows\SYSTEM\CISEQCHK.DLL
c:\windows\SYSTEM\conres.cpl
c:\windows\SYSTEM\CQGMGR32.DLL
c:\windows\SYSTEM\DCDRAMP.DLL
c:\windows\SYSTEM\DCTAZAP.DLL
c:\windows\SYSTEM\DGNDI.DLL
c:\windows\SYSTEM\DLIME.DLL
c:\windows\SYSTEM\DMBENG.DLL
c:\windows\SYSTEM\DMOUND3D.DLL
C:\WINDOWS\SYSTEM\DOZTCN.exe
c:\windows\SYSTEM\DOZTCNk1.xml
c:\windows\SYSTEM\DQSERIAL.DLL
c:\windows\SYSTEM\duwave.dll
c:\windows\SYSTEM\eohsig.dll
c:\windows\SYSTEM\etthook.dll
c:\windows\SYSTEM\FS20ENU.DLL
c:\windows\SYSTEM\GZDEF.DLL
c:\windows\SYSTEM\hazfac03.dll
c:\windows\SYSTEM\hezime03.dll
c:\windows\SYSTEM\HHINKPRX.DLL
c:\windows\SYSTEM\hhzfac03.dll
c:\windows\SYSTEM\HVINKPRX.DLL
c:\windows\SYSTEM\hyzjui03.dll
c:\windows\SYSTEM\hyzpcl03.dll
c:\windows\SYSTEM\ICDll300.dll
C:\WINDOWS\SYSTEM\ICFO95.exe
c:\windows\SYSTEM\ICPEERS.DLL
c:\windows\SYSTEM\in41_qc.dll
c:\windows\SYSTEM\IODll300.dll
c:\windows\SYSTEM\ISMUPG.DLL
c:\windows\SYSTEM\itet16.dll
c:\windows\SYSTEM\ix41_qcx.dll
c:\windows\SYSTEM\iy50_qcx.dll
c:\windows\SYSTEM\IZRNONCE.DLL
c:\windows\SYSTEM\jbmd400.dll
c:\windows\SYSTEM\JKVART.DLL
c:\windows\SYSTEM\jpproxy.dll
c:\windows\SYSTEM\JYCRIPT.DLL
c:\windows\SYSTEM\lyfax11n.dll
c:\windows\SYSTEM\MBDAERR.DLL
c:\windows\SYSTEM\MDJAVA.DLL
c:\windows\SYSTEM\MDRSERV.DLL
c:\windows\SYSTEM\MHEXCL40.DLL
c:\windows\SYSTEM\mi4sdmod.dll
c:\windows\SYSTEM\mjjetoledb40.dll
c:\windows\SYSTEM\MKAB32.DLL
c:\windows\SYSTEM\MMVCRT20.DLL
c:\windows\SYSTEM\MNO95FX.DLL
c:\windows\SYSTEM\MOPWL32.DLL
c:\windows\SYSTEM\mouni11.dll
c:\windows\SYSTEM\mq4sdmod.dll
c:\windows\SYSTEM\mywmdm.dll
c:\windows\SYSTEM\OABCTRAC.DLL
C:\WINDOWS\SYSTEM\OEZSLP.exe
c:\windows\SYSTEM\OFECLI.DLL
c:\windows\SYSTEM\OKE2CONV.DLL
c:\windows\SYSTEM\PBFMGR.DLL
c:\windows\SYSTEM\Pgsaci40.dll
c:\windows\SYSTEM\PhetzlUp.dll
c:\windows\SYSTEM\PQD.DLL
c:\windows\SYSTEM\qhdwipes.dll
c:\windows\SYSTEM\RCAUI.DLL
c:\windows\SYSTEM\RCCLTC3.DLL
c:\windows\SYSTEM\RIAUI.DLL
c:\windows\SYSTEM\RNCHED.DLL
c:\windows\SYSTEM\RNCMQSVR.DLL
c:\windows\SYSTEM\ROANP.DLL
c:\windows\SYSTEM\SEI.DLL
c:\windows\SYSTEM\sHge.dll
c:\windows\SYSTEM\SJREAMCI.DLL
c:\windows\SYSTEM\SLNSAPI.DLL
c:\windows\SYSTEM\SmmpleRegistry.dll
c:\windows\SYSTEM\TWPI32.DLL
c:\windows\SYSTEM\VBODEC32.DLL
c:\windows\SYSTEM\VbsShe.dll
c:\windows\SYSTEM\VGA232.DLL
c:\windows\SYSTEM\WCI.DLL
c:\windows\SYSTEM\WHTHK32.DLL
C:\WINDOWS\SYSTEM\WINNB57.DLL
c:\windows\SYSTEM\WQBCHECK.DLL
c:\windows\SYSTEM\WSW32.DLL
c:\windows\SYSTEM\wtv8dmod.dll
c:\windows\SYSTEM\WWNTRUST.DLL
c:\windows\SYSTEM\WYNALIGN.DLL
c:\windows\SYSTEM\wzdmps.dll
C:\WINDOWS\xs44px.exe
C:\PROGRAM FILES\E2G\IEBHOS.DLL


As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"


Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\PROGRAM FILES\E2G\IEBHOS.DLL
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\xs44px.exe reg_run
O4 - HKCU\..\Run: [ICFO95] C:\WINDOWS\SYSTEM\ICFO95.exe
O4 - Startup: uipp.exe

Now close all windows other than HiJackThis, then click Fix Checked.

Restart back in Normal Mode and Post a fresh HijackThis log!
  • 0

#7
HeadHurts

HeadHurts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
When I past all the entries into the Full Path of File to delete, am I doing that one copy & paste at a time? It only lets me have one enrty.

I'm sure I am doing something wrong here....
  • 0

#8
HeadHurts

HeadHurts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I finished running these steps. In safe mode, these files had to be deleted because they didn't seem to delete the first time:


fskksfg.dll
raooa.dll
bxnapi.dll
dgndi.dll
mq4sdmod.dll

KillQoo.rg seem to run fine.

When I ran Hijack this, 2 were not listed and I couldn't "fix" them:

04 HKCU\..Run\ {ICF095}
04 Startup: uipp.exe

I have less pop-up menus, but I still have them. When I first log on to my system, this is what seems to be running:

Aolservicehost
Aolhostmanager
Aoldialer
Qttask
Rundll32
Hpztsb03


Here's my latest log:

Logfile of HijackThis v1.99.1
Scan saved at 3:11:19 PM, on 8/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\UNZIPPED\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\xs44px.exe reg_run
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\OEZSLP.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\DOZTCN.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol133.pogo.c...aploader_v5.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hoovers.webe...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: LotusMenu - http://www.warnaco.c...nu/menudisp.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwea.ops.pl...quicksilver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab

Thanks for all your help! Is my computer clean up impossible?

Edited by HeadHurts, 28 August 2005 - 02:00 PM.

  • 0

#9
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -


O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\xs44px.exe reg_run
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\OEZSLP.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\SYSTEM\DOZTCN.exe


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Delete the files -

C:\WINDOWS\xs44px.exe
C:\WINDOWS\SYSTEM\OEZSLP.exe
C:\WINDOWS\SYSTEM\DOZTCN.exe
C:\Program Files\E2G <---------- Full folder


Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Post the Winpfind log in your next reply
  • 0

#10
HeadHurts

HeadHurts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran the Hijack This scan an 2 items were not there to "Fix".

02 - BHO: CControl Object
04 - HKLM\...Run {winsync}

The other 2 I was able to select on.

I was only able to delete 1 file/folder:

Program iles\E2G

The other 3 files were not found. These were the same files that said they were deleted when I ran KillBox.

Attached is the new WINPFind file:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 8/26/05 7:18:30 PM 82432 c:\MTE2ODI6ODoxNg.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 8/28/05 6:34:40 PM RH 10289184 c:\windows\SYSTEM.DAT
PTech 8/28/05 6:43:10 PM RH 1163296 c:\windows\USER.DAT

Items found in c:\windows\hosts


Checking %System% folder...
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DQLOADER.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DJMSRPCN.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SCM.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mgbsync.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\VZPODBC.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\erhsig.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\IMDKCS32.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\wrdmlog.dll
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\lgfil11n.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MRAWT.DLL
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mfxml3r.dll

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/28/05 3:01:38 PM H 24290 c:\windows\ttfCache
8/28/05 6:34:40 PM RH 10289184 c:\windows\SYSTEM.DAT
8/28/05 6:44:14 PM RH 1163296 c:\windows\USER.DAT
8/28/05 6:28:12 PM H 1467720 c:\windows\ShellIconCache
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DQLOADER.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\DJMSRPCN.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SCM.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\sdnscfg.dll
8/23/05 6:04:02 PM H 23520 c:\windows\SYSTEM\ffastlog.txt
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\SWLWID.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mgbsync.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\VZPODBC.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\erhsig.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\IMDKCS32.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\wrdmlog.dll
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\lgfil11n.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MRAWT.DLL
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\mfxml3r.dll
8/23/05 10:31:40 PM H 3993 c:\windows\All Users\Application Data\AOL\AOLDiag\AOL\ACSD\Win32\3.0.14.1\manifest.bin
8/26/05 2:21:28 PM H 3882 c:\windows\All Users\Application Data\AOL\AOLDiag\AOL\ACSDialer\Win32\3.0.14.1\manifest.bin
8/27/05 3:48:08 PM H 54 c:\windows\Application Data\Microsoft\Office\Recent\index.dat
8/26/05 5:06:02 PM HS 1131 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
8/23/05 9:10:38 AM H 0 c:\windows\Application Data\Microsoft\Word\~WRL2919.tmp
8/23/05 11:28:24 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/23/05 11:29:52 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\UNOJ785C\desktop.ini
8/23/05 11:33:54 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\Q70XA9O3\desktop.ini
8/23/05 11:37:22 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\XPCFS1WK\desktop.ini
8/23/05 11:37:28 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\E54FAXW9\desktop.ini
8/25/05 1:22:56 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\PQRJ234N\desktop.ini
8/25/05 1:23:06 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\2PUTSX8N\desktop.ini
8/23/05 11:38:26 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\GIXQKTEN\desktop.ini
8/25/05 4:08:14 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\AZ8JEVUP\desktop.ini
8/23/05 11:38:30 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\SNC36DG3\desktop.ini
8/25/05 1:23:50 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\XCPTZ993\desktop.ini
8/23/05 11:40:36 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\4ZQ3YTID\desktop.ini
8/25/05 4:12:14 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\OQMWT9GC\desktop.ini
8/23/05 7:29:32 PM H 6 c:\windows\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 60928 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 8/8/99 2:17:12 AM 41232 c:\windows\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 c:\windows\SYSTEM\POWERCFG.CPL
Microsoft Corporation 10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
4/23/99 10:22:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 c:\windows\SYSTEM\TIMEDATE.CPL
9/27/95 19456 c:\windows\SYSTEM\FINDFAST.CPL
Apple Computer, Inc. 1/6/04 4:02:36 PM 323072 c:\windows\SYSTEM\QuickTime.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
8/28/05 4:52:46 PM 3795 C:\WINDOWS\Application Data\dw.log
6/14/05 12:21:58 PM 66168 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F}
IEWatchObj Class = C:\WINDOWS\SYSTEM\IETie.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Comcast Toolbar = C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\SYSTEM\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{CA0B9B71-C2AF-11D3-B376-0800460222F0} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} = Related Page : C:\WINDOWS\SYSTEM\WINNB57.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
USBMMKBD usbmmkbd.exe
HPScanPatch C:\WINDOWS\SYSTEM\HPScanFix.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
HPDJ Taskbar Utility C:\WINDOWS\SYSTEM\hpztsb03.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
THGuard "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
AolAcsDaemon1 "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Encompass_ENCMONTR C:\Program Files\Encompass\ENCMONTR.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ICFO95 C:\WINDOWS\SYSTEM\ICFO95.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/28/05 6:52:45 PM
  • 0

Advertisements


#11
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as fix.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"ICFO95"=-


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

c:\MTE2ODI6ODoxNg.exe
c:\windows\SYSTEM\DQLOADER.DLL
c:\windows\SYSTEM\DJMSRPCN.DLL
c:\windows\SYSTEM\SCM.DLL
c:\windows\SYSTEM\mgbsync.dll
c:\windows\SYSTEM\VZPODBC.DLL
c:\windows\SYSTEM\erhsig.dll
c:\windows\SYSTEM\IMDKCS32.DLL
c:\windows\SYSTEM\wrdmlog.dll
c:\windows\SYSTEM\lgfil11n.DLL
c:\windows\SYSTEM\MRAWT.DLL
c:\windows\SYSTEM\mfxml3r.dll
C:\WINDOWS\SYSTEM\WINNB57.DLL
C:\WINDOWS\SYSTEM\ICFO95.exe
c:\windows\SYSTEM\sdnscfg.dll
c:\windows\SYSTEM\SWLWID.DLL
C:\WINDOWS\Application Data\dw.log


As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"


Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Restart back in Normal Mode and post the fresh WinpFind log!
  • 0

#12
HeadHurts

HeadHurts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
WinPFind File:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 8/28/05 8:07:36 PM RH 10289184 c:\windows\SYSTEM.DAT
PTech 8/28/05 8:21:52 PM RH 1163296 c:\windows\USER.DAT

Items found in c:\windows\hosts


Checking %System% folder...
Umonitor 8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MKJINT32.DLL
Umonitor 8/22/05 10:42:20 PM 405504 c:\windows\SYSTEM\MKLOCUSR.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/28/05 3:01:38 PM H 24290 c:\windows\ttfCache
8/28/05 8:07:36 PM RH 10289184 c:\windows\SYSTEM.DAT
8/28/05 8:21:52 PM RH 1163296 c:\windows\USER.DAT
8/28/05 8:03:22 PM H 1467300 c:\windows\ShellIconCache
8/22/05 10:42:20 PM R S 405504 c:\windows\SYSTEM\MKJINT32.DLL
8/23/05 6:04:02 PM H 23520 c:\windows\SYSTEM\ffastlog.txt
8/23/05 10:31:40 PM H 3993 c:\windows\All Users\Application Data\AOL\AOLDiag\AOL\ACSD\Win32\3.0.14.1\manifest.bin
8/26/05 2:21:28 PM H 3882 c:\windows\All Users\Application Data\AOL\AOLDiag\AOL\ACSDialer\Win32\3.0.14.1\manifest.bin
8/27/05 3:48:08 PM H 54 c:\windows\Application Data\Microsoft\Office\Recent\index.dat
8/26/05 5:06:02 PM HS 1131 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
8/23/05 9:10:38 AM H 0 c:\windows\Application Data\Microsoft\Word\~WRL2919.tmp
8/23/05 11:28:24 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/23/05 11:29:52 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\UNOJ785C\desktop.ini
8/23/05 11:33:54 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\Q70XA9O3\desktop.ini
8/23/05 11:37:22 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\XPCFS1WK\desktop.ini
8/23/05 11:37:28 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\E54FAXW9\desktop.ini
8/25/05 1:22:56 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\PQRJ234N\desktop.ini
8/25/05 1:23:06 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\2PUTSX8N\desktop.ini
8/23/05 11:38:26 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\GIXQKTEN\desktop.ini
8/25/05 4:08:14 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\AZ8JEVUP\desktop.ini
8/23/05 11:38:30 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\SNC36DG3\desktop.ini
8/25/05 1:23:50 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\XCPTZ993\desktop.ini
8/23/05 11:40:36 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\4ZQ3YTID\desktop.ini
8/25/05 4:12:14 PM HS 67 c:\windows\Local Settings\Temporary Internet Files\Content.IE5\OQMWT9GC\desktop.ini
8/23/05 7:29:32 PM H 6 c:\windows\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 60928 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 8/8/99 2:17:12 AM 41232 c:\windows\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 c:\windows\SYSTEM\POWERCFG.CPL
Microsoft Corporation 10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
4/23/99 10:22:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 c:\windows\SYSTEM\TIMEDATE.CPL
9/27/95 19456 c:\windows\SYSTEM\FINDFAST.CPL
Apple Computer, Inc. 1/6/04 4:02:36 PM 323072 c:\windows\SYSTEM\QuickTime.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
6/14/05 12:21:58 PM 66168 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9527D42F-D666-11D3-B8DD-00600838CD5F}
IEWatchObj Class = C:\WINDOWS\SYSTEM\IETie.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
Comcast Toolbar = C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\SYSTEM\Shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{CA0B9B71-C2AF-11D3-B376-0800460222F0} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{4982D40A-C53B-4615-B15B-B5B5E98D167C} = AOL Toolbar : C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} = Comcast Toolbar : C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} = Related Page : C:\WINDOWS\SYSTEM\WINNB57.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
USBMMKBD usbmmkbd.exe
HPScanPatch C:\WINDOWS\SYSTEM\HPScanFix.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
HPDJ Taskbar Utility C:\WINDOWS\SYSTEM\hpztsb03.exe
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
THGuard "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
AolAcsDaemon1 "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
Encompass_ENCMONTR C:\Program Files\Encompass\ENCMONTR.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/28/05 8:30:58 PM
  • 0

#13
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download L2m9xfix here:
http://www.geekstogo...ds/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#14
HeadHurts

HeadHurts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 12:50:30 PM, on 8/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1101082309\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1101082309\EE\AOLSERVICEHOST.EXE
C:\UNZIPPED\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol133.pogo.c...aploader_v5.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsu...oad/tgctlcm.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://hoovers.webe...bex/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: LotusMenu - http://www.warnaco.c...nu/menudisp.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://vapwea.ops.pl...quicksilver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab

log.text File:

Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\MKJINT32.DLL
C:\WINDOWS\system\MKJINT32.DLL
C:\WINDOWS\system\MKJINT32.DLL
C:\WINDOWS\system\MKJINT32.DLL
C:\WINDOWS\system\MKLOCUSR.DLL
C:\WINDOWS\system\MKLOCUSR.DLL
C:\WINDOWS\system\MKLOCUSR.DLL
C:\WINDOWS\system\MKLOCUSR.DLL

************

Registry entries found:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{EDC8FCC1-D193-C356-4072-3AA7FC4ED556}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
  • 0

#15
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

These two logs look great !!!!


How is your PC behaving now ???
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP