Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware/Spyware [RESOLVED]


  • This topic is locked This topic is locked

#1
Beefy1

Beefy1

    New Member

  • Member
  • Pip
  • 6 posts
Hi... I have encountered some malicious malware that I cannot seem to eliminate. I have run AdwareSE, Spybot S&D, CWShredder, TrojanHunter and while they find things and supposedly clean them, the popups and other abnormal behaviour continues. I have battled trying to solve this for several days on my on without success...PLEASE HELP!!! Thank you...

My HiJackThis log is:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:49 AM, on 08/27/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\LEXAR MEDIA\USB CARD READER DRIVER V2.1G\DISK_MONITOR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SPSD4X.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\WINDOWS\ETB\POKAPOKA63.EXE
C:\WINDOWS\SYSTEM\MEDGS1.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\SMARTEK\WORDSMART\TRAYICON.EXE
C:\PROGRAM FILES\WEBSCENE\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBMktSol\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Rd2.exe] C:\WINDOWS\TEMP\RD2.EXE
O4 - HKLM\..\Run: [apicomc] C:\WINDOWS\SYSTEM\apicomc.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\SYSTEM\PSof1.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [2kKNA5] "C:\WINDOWS\SYSTEM\SAV2.EXE" /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\spsd4x.exe reg_run
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\ETB\POKAPOKA63.EXE
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\SYSTEM\MEDGS1.exe
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\DESKTOP\INFAMOUS_DOWNLOADER.EXE
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - Startup: WordSmart Tray Icon.lnk = C:\Program Files\Smartek\WordSmart\trayicon.exe
O4 - Startup: iaic.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webscene\WebshotsTray.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Yadio Media Player.lnk = C:\Program Files\Yadio Media Player\YadioStart.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Dialpad Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: {5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F} - http://www.iwon.com/...slot1,0,1,3.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: Yahoo! Hearts - http://yog6.yahoo.com/yog/y/hp0_x.cab
O16 - DPF: Yahoo! Blackjack - http://yog14.yahoo.com/yog/y/jp0_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...n/bin/cabsa.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.103...etzip/RdxIE.cab
O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.bright...bin/actxcab.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0006.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp

Download LQfix.zip
Unzip it and save it to your desktop, don't use it yet!!

2. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKLM\..\Run: [Rd2.exe] C:\WINDOWS\TEMP\RD2.EXE
O4 - HKLM\..\Run: [apicomc] C:\WINDOWS\SYSTEM\apicomc.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\SYSTEM\PSof1.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [2kKNA5] "C:\WINDOWS\SYSTEM\SAV2.EXE" /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2 /PC=CP.SAV2
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\ETB\POKAPOKA63.EXE
O4 - HKLM\..\Run: [MedGS] C:\WINDOWS\SYSTEM\MEDGS1.exe
O4 - HKLM\..\Run: [Media Gateway] C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\DESKTOP\INFAMOUS_DOWNLOADER.EXE
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - Startup: iaic.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F} - http://www.iwon.com/...slot1,0,1,3.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.103...etzip/RdxIE.cab
O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.bright...bin/actxcab.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0006.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...MARKETING32.cab


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

3. Delete Rogue files

Doubleclick LQfix.bat that you saved on your desktop before.
A doswindow will open and close again, this is normal.

Run CleanUp and delete all temp files including temporary internet files

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

Media Gateway
VBouncer
Virtual Bouncer


Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\WINDOWS\SYSTEM\VIDCTRL
C:\WINDOWS\ETB
C:\PROGRAM FILES\MEDIA GATEWAY
C:\PROGRAM FILES\VBOUNCER
C:\Program Files\Cas

Files
C:\WINDOWS\TEMP\RD2.EXE
C:\WINDOWS\SYSTEM\apicomc.exe
C:\WINDOWS\SYSTEM\PSof1.exe
C:\WINDOWS\SYSTEM\DATADX.DLL
C:\WINDOWS\SYSTEM\SAV2.EXE
C:\WINDOWS\SYSTEM\MEDGS1.exe
C:\WINDOWS\DESKTOP\INFAMOUS_DOWNLOADER.EXE
C:\WINDOWS\SYSTEM\exp.exe
C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe

iaic.exe
(Search for this file using the Windows Search function)


Reboot the PC in Normal Mode.

Please visit Panda and do an online scan. Save the scan report.

Run Hijack This and post a fresh HJT log along with Panda scan report.
  • 0

#3
Beefy1

Beefy1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay, I did the suggested steps and here is the notes/results:

In Step 3)

-- I didn't find the MediaGateway, VBouncer, or Virtual Bouncer files to uninstall them. I think I remember uninstalling them as part of earlier efforts on my own.

-- The following folders didn't exist (probably because I had already deleted them)
C:\WINDOWS\ETB
C:\PROGRAM FILES\VBOUNCER

-- The following files couldn't be found (again, likely from my earlier efforts)
C:\WINDOWS\TEMP\RD2.EXE
C:\WINDOWS\SYSTEM\apicomc.exe
C:\WINDOWS\DESKTOP\INFAMOUS_DOWNLOADER.EXE
C:\WINDOWS\SYSTEM\exp.exe

All other suggested steps were taken.

The Panda Scan took forever and in the end was running extremely slowly.
I am talking about 5-10 minutes to scan each file. I finally gave up and stopped
it after it finished drive C:

Below are the results of the latest HiJackThis Log and the Panda scan:
Logfile of HijackThis v1.99.1
Scan saved at 4:31:24 PM, on 08/27/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\LEXAR MEDIA\USB CARD READER DRIVER V2.1G\DISK_MONITOR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SPSD4X.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\SMARTEK\WORDSMART\TRAYICON.EXE
C:\PROGRAM FILES\WEBSCENE\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBMktSol\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\spsd4x.exe reg_run
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - Startup: WordSmart Tray Icon.lnk = C:\Program Files\Smartek\WordSmart\trayicon.exe
O4 - Startup: iaic.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webscene\WebshotsTray.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Yadio Media Player.lnk = C:\Program Files\Yadio Media Player\YadioStart.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Dialpad Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: Yahoo! Hearts - http://yog6.yahoo.com/yog/y/hp0_x.cab
O16 - DPF: Yahoo! Blackjack - http://yog14.yahoo.com/yog/y/jp0_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...n/bin/cabsa.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab


And the Panda Scan:


Incident Status Location

Adware:Adware/QoolShown No disinfected C:\WINDOWS\SPSD4X.EXE
Adware:Adware/QoolShown No disinfected C:\WINDOWS\SSSDKFG.DLL
Adware:adware/delfinmedia No disinfected C:\PROGRAM FILES\COMMON FILES\UNINSTALL INFORMATION\RemoveDisplayUtility.exe
Adware:adware/virtualbouncer No disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\VBouncer
Adware:adware/addestroyer No disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\AdDestroyer
Adware:adware/savenow No disinfected C:\WINDOWS\ALL USERS\APPLICATION DATA\nsv
Adware:adware/elitebar No disinfected C:\WINDOWS\FAVORITES\Casino & Carrers
Adware:adware/afaenhance No disinfected Windows Registry
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Adware:adware/mediatickets No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\RECYCLED\DC0\vidctrl.exe
Adware:Adware/Pacimedia No disinfected C:\RECYCLED\DC3.TCF
Adware:Adware/ClkOptimizer No disinfected C:\RECYCLED\DC4.DLL
Adware:Adware/QoolShown No disinfected C:\RECYCLED\DC8.EXE
Dialer:Dialer.Gen No disinfected C:\WINDOWS\SYSTEM\Panyhose-uninstall.exe
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\SYSTEM\uci.exe.tcf
Adware:Adware/WUpd No disinfected C:\WINDOWS\SYSTEM\Pop1A.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\SYSTEM\supdate.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM\QBUninstaller.exe
Virus:Trj/Clicker.FV Disinfected C:\WINDOWS\SYSTEM\jlkdtcww.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\SYSTEM\MTE2ODM6ODoxNg.exe
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\SYSTEM\SSK3_B5 Seedcorn 4.exe.tcf
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\SYSTEM\dist001.exe.tcf
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pavF135.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pavF395.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Desktop\backups\backup-20050827-123830-459-iaic.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\Desktop\backups\backup-20050827-123833-248
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Start Menu\Programs\StartUp\iaic.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\kukyb.dat
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\aaako.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\SSSDKFG.DLL
Adware:Adware/QoolShown No disinfected C:\WINDOWS\spsd4x.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\mamqrxo.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Virus:Trj/Downloader.DGM Disinfected C:\command.exe
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#5
Beefy1

Beefy1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the quick reply.

I downloaded both programs as suggested and followed the
steps.

The WinPFind.txt file is appended below. However, after
rebooting into Normal Mode and running the Trackqoo1.vbs, (and allowing
scripts) I only get a Windows error box. The Windows box has the following
information in it:

Script: C:\WINDOWS\Desktop\Track qoo 1.vbs
Line: 16
Char: 1
Error: File name or class name not found during Automation operation: 'GetObject'
Code: 800A01B0
Source: Microsoft VBScript runtime error

The WinPFind.txt file is below:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.1998
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
aspack 06/08/2004 6:15:30 AM 656552 c:\s3vvi293.1l

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
winsync 08/23/2005 10:40:08 PM RH 299040 c:\windows\HWINFO.DAT
winsync 08/27/2005 5:29:52 PM RH 6967328 c:\windows\SYSTEM.DAT
69.59.186.63 08/27/2005 4:34:18 PM 10240 c:\windows\aaako.dll
209.66.67.134 08/27/2005 4:34:18 PM 10240 c:\windows\aaako.dll
web-nex 08/27/2005 4:34:18 PM 10240 c:\windows\aaako.dll
winsync 08/27/2005 4:34:18 PM 10240 c:\windows\aaako.dll

Items found in c:\windows\hosts

69.59.186.63 08/27/2005 4:34:14 PM 46080 c:\windows\SSSDKFG.DLL
209.66.67.134 08/27/2005 4:34:14 PM 46080 c:\windows\SSSDKFG.DLL
web-nex 08/27/2005 4:34:14 PM 46080 c:\windows\SSSDKFG.DLL
winsync 08/27/2005 4:34:14 PM 46080 c:\windows\SSSDKFG.DLL

Checking %System% folder...
PTech 03/18/1999 5:02:42 PM 363260 c:\windows\SYSTEM\3DFX16V3.DRV
WinShutDown 08/08/1997 8:00:00 AM 72192 c:\windows\SYSTEM\WPAUTO8.DLL
WinShutDown 08/08/1997 8:00:00 AM 68096 c:\windows\SYSTEM\PRAUTO8.DLL
WinShutDown 08/08/1997 8:00:00 AM 64000 c:\windows\SYSTEM\PFAUTO8.DLL
WinShutDown 08/08/1997 8:00:00 AM 68096 c:\windows\SYSTEM\QPAUTO8.DLL
PEC2 07/11/1997 163384 c:\windows\SYSTEM\ODBCJET.HLP
UPX! 12/02/2000 2:00:30 AM 45056 c:\windows\SYSTEM\Panyhose-uninstall.exe
UPX! 08/26/2005 12:40:52 PM 116381 c:\windows\SYSTEM\Pop1A.exe
UPX! 08/22/2005 5:15:52 PM 65024 c:\windows\SYSTEM\thin-138-1-x-x.exe
aspack 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
KavSvc 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
69.59.186.63 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
209.66.67.134 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
66.63.167.97 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
66.63.167.77 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
web-nex 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
yourkey 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
rec2_run 08/22/2005 5:21:28 PM 29184 c:\windows\SYSTEM\supdate.dll
PTech 08/03/2005 10:33:42 AM 520456 c:\windows\SYSTEM\LegitCheckControl.DLL
UPX! 08/23/2005 10:07:58 AM 25105 c:\windows\SYSTEM\MTE2ODM6ODoxNg.exe
UPX! 08/23/2005 5:11:58 PM 121433 c:\windows\SYSTEM\mc-110-12-0000079.exe.tcf

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
08/27/2005 5:29:52 PM RH 1064992 c:\windows\USER.DAT
08/23/2005 10:40:08 PM RH 299040 c:\windows\HWINFO.DAT
08/27/2005 5:29:52 PM RH 6967328 c:\windows\SYSTEM.DAT
08/27/2005 1:02:38 PM H 19169 c:\windows\ttfCache
08/27/2005 5:27:32 PM H 1002233 c:\windows\ShellIconCache
08/27/2005 4:34:50 PM H 24087 c:\windows\SYSTEM\FFASTLOG.TXT
08/23/2005 7:59:40 PM HS 67 c:\windows\Temporary Internet Files\desktop.ini
08/23/2005 7:59:40 PM HS 113 c:\windows\History\desktop.ini
08/27/2005 2:54:06 PM H 336 c:\windows\Tasks\{8D36B2E0-9318-11D8-BE35-00C0F0546739}_Basil.job

Checking for CPL files...
Microsoft Corporation 05/11/1998 8:01:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 58880 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 44720 c:\windows\SYSTEM\POWERCFG.CPL
05/11/1998 8:01:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 385104 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 12/04/1998 8:00:00 PM 58368 c:\windows\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 05/01/2002 6:51:36 PM 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Microsoft Corporation 05/11/1998 8:01:00 PM 15360 c:\windows\SYSTEM\THEMES.CPL
Apple Computer, Inc. 06/20/2001 4:34:36 PM 287232 c:\windows\SYSTEM\QuickTime.cpl
RealNetworks, Inc. 08/18/2002 5:12:46 PM 24576 c:\windows\SYSTEM\prefscpl.cpl
Apple Computer, Inc. 08/26/1996 2:12:00 AM R 341504 c:\windows\SYSTEM\QTW32.CPL
Quadrant International, Inc. 01/29/1999 11:46:20 AM 207360 c:\windows\SYSTEM\qiswcine.cpl
3dfx Interactive, Inc. 03/18/1999 6:10:20 PM 73728 c:\windows\SYSTEM\3dfxCpa.cpl
Microsoft Corporation 07/11/1997 53520 c:\windows\SYSTEM\MLCFG32.CPL
07/11/1997 22528 c:\windows\SYSTEM\FINDFAST.CPL
Microsoft Corporation 08/29/2002 292352 c:\windows\SYSTEM\INETCPL.CPL
The LEGO Group 01/16/2001 7:05:58 AM R 53248 c:\windows\SYSTEM\LTower.cpl
Microsoft Corporation 12/24/2004 3:20:06 PM 41232 c:\windows\SYSTEM\odbccp32.cpl
Sun Microsystems, Inc. 03/04/2005 3:36:44 AM 49265 c:\windows\SYSTEM\jpicpl32.cpl
08/22/2005 7:37:04 PM 31232 c:\windows\SYSTEM\conres.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
08/23/2005 6:20:42 PM 507 C:\WINDOWS\All Users\Start Menu\Programs\StartUp\Yadio Media Player.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
08/27/2005 4:34:12 PM 91648 C:\WINDOWS\Start Menu\Programs\StartUp\iaic.exe
04/03/2005 7:51:58 AM 432 C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk
04/03/2005 7:51:58 AM 421 C:\WINDOWS\Start Menu\Programs\StartUp\Office Startup.lnk
08/23/2005 7:14:30 PM 401 C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk
04/03/2005 7:51:52 AM 428 C:\WINDOWS\Start Menu\Programs\StartUp\WordSmart Tray Icon.lnk

Checking files in %USERPROFILE%\Application Data folder...
08/21/2005 8:01:06 PM 4992 C:\WINDOWS\Application Data\dw.log

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc=ventura5 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton AntiVirus\navshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\COREL\SUITE8\PROGRAMS\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Norton AntiVirus\navshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\COREL\SUITE8\PROGRAMS\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\CONTMENU.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Links
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry c:\windows\scanregw.exe /autorun
TaskMonitor c:\windows\taskmon.exe
SystemTray SysTray.Exe
EnsoniqMixer starter.exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SBWatchDog.EXE C:\WINDOWS\SYSTEM\SBMktSol\SBWatchDog.EXE /l
LoadQM loadqm.exe
EM_EXEC C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
QuickTime Task C:\WINDOWS\SYSTEM\QTTASK.EXE
InCD C:\Program Files\Ahead\InCD\InCD.exe
PE2CKFNT SE C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
Gene USB Monitor c:\windows\SYSTEM\USBMonit.exe
Norton eMail Protect C:\Program Files\Norton AntiVirus\POPROXY.EXE
Disk Monitor C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
mdac_runonce C:\WINDOWS\SYSTEM\runonce.exe
Norton Auto-Protect C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
winsync C:\WINDOWS\spsd4x.exe reg_run
THGuard "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
WinTask driver C:\WINDOWS\SYSTEM\wintask.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
ScriptBlocking "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
SchedulingAgent mstask.exe
KB891711 c:\windows\SYSTEM\KB891711\KB891711.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Reminder
Spyware Begone C:\FREESCAN\FREESCAN.EXE -FastScan

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
jlkdtcww.exe C:\WINDOWS\SYSTEM\jlkdtcww.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 08/27/2005 5:40:44 PM
  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"jlkdtcww.exe"=-


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\SPSD4X.EXE
C:\WINDOWS\SSSDKFG.DLL
C:\WINDOWS\ALL USERS\APPLICATION DATA\VBouncer
C:\WINDOWS\ALL USERS\APPLICATION DATA\AdDestroyer
C:\WINDOWS\ALL USERS\APPLICATION DATA\nsv
C:\WINDOWS\FAVORITES\Casino & Carrers
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
C:\WINDOWS\SYSTEM\Panyhose-uninstall.exe
C:\WINDOWS\SYSTEM\uci.exe.tcf
C:\WINDOWS\SYSTEM\Pop1A.exe
C:\WINDOWS\SYSTEM\supdate.dll
C:\WINDOWS\SYSTEM\QBUninstaller.exe
C:\WINDOWS\SYSTEM\jlkdtcww.exe
C:\WINDOWS\SYSTEM\MTE2ODM6ODoxNg.exe
C:\WINDOWS\SYSTEM\SSK3_B5 Seedcorn 4.exe.tcf
C:\WINDOWS\SYSTEM\dist001.exe.tcf
C:\WINDOWS\TEMP\pavF135.TMP
C:\WINDOWS\TEMP\pavF395.TMP
C:\WINDOWS\Start Menu\Programs\StartUp\iaic.exe
C:\WINDOWS\kukyb.dat
C:\WINDOWS\aaako.dll
C:\WINDOWS\mamqrxo.exe
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\command.exe
c:\windows\SYSTEM\thin-138-1-x-x.exe
c:\windows\SYSTEM\mc-110-12-0000079.exe.tcf
C:\WINDOWS\SYSTEM\wintask.exe
c:\windows\SYSTEM\conres.cpl
c:\s3vvi293.1l


As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"


Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\spsd4x.exe reg_run
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe

Now close all windows other than HiJackThis, then click Fix Checked.

Restart back in Normal Mode and Post a fresh HijackThis log!
  • 0

#7
Beefy1

Beefy1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Truly appreciate all your help.....

Ok I followed the steps as described below:

I opened Killbox and went through each file as prescribed.
Then Rebooted into SafeMode, opened Killbox and went
back through each file a second time. When I exited Killbox,
my desktop was blank and I had to re-boot windows (in SafeMode).
Then I ran the KillQoo.reg file, ran the HJT and "fixed" the
appropriate files and then rebooted into Normal mode and
ran HJT.

The HJT log is below:

Logfile of HijackThis v1.99.1
Scan saved at 3:23:25 PM, on 08/28/2005
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\LEXAR MEDIA\USB CARD READER DRIVER V2.1G\DISK_MONITOR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\SMARTEK\WORDSMART\TRAYICON.EXE
C:\PROGRAM FILES\WEBSCENE\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBWatchDog.EXE] C:\WINDOWS\SYSTEM\SBMktSol\SBWatchDog.EXE /l
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Gene USB Monitor] c:\windows\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Lexar Media\USB Card Reader Driver v2.1g\Disk_Monitor.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - Startup: WordSmart Tray Icon.lnk = C:\Program Files\Smartek\WordSmart\trayicon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webscene\WebshotsTray.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Yadio Media Player.lnk = C:\Program Files\Yadio Media Player\YadioStart.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: Dialpad Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.c...et/src/vscp.cab
O16 - DPF: Yahoo! Hearts - http://yog6.yahoo.com/yog/y/hp0_x.cab
O16 - DPF: Yahoo! Blackjack - http://yog14.yahoo.com/yog/y/jp0_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v43/yacscom.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.nor...n/bin/cabsa.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi

Your log looks fine.

Do you have any issues with your PC ????
  • 0

#9
Beefy1

Beefy1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Unfortunately, I do. Ever since the popups/malware incidents began a couple of days ago, I have had a trouble with Outlook98. I am not sure if this is a result of the Malware or if I have done something incorrectly in the removal process.

The issue is opening a received email. When I try to open an email header,
the window opens as normal with the correct information in the To:/From:/Subject: etc.... but the body of the text never appears. The wonderful
windows hourglass just sits and spins forever. I am sure it is waiting for some file to open or close or whatever, but it never happens. I can close the window fine. It doesn't have to be a new email, it could be one that I have actually read from earlier. However, I can no longer can view the actual email contents. I have no
trouble sending generating and sending emails...just opening them.

This may not be a topic for this forum, but for the OS forum, what is your thoughts?

BTW- I am VERY THANKFUL FOR YOU HELP!!!
  • 0

#10
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi

your PC is clean of malware.

Unfortunately I havent used Outlook much and am not totally familiar with it. Can you post the issue in our Software section. Somebody should be able to help you out there.
  • 0

#11
Beefy1

Beefy1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there :tazz:

Thank you for all the help.

I have basically resolved the issue with Outlook Express.

If there is a way to close this message thread, it is fine
to close it - I AM VERY HAPPY :)!!!!!

THANKS SO VERY, VERY MUCH!!!!
  • 0

#12
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


CONGRATULATIONS !!!!!!!!!!! Your PC is clean now :tazz:



I would recommend the following steps to keep your PC clean –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0

#13
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP