Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help a gal with Winfixer, qoologic, searc-h.com [CLOSED]

Started by jaime99 , Sep 02 2005 06:19 PM

  • This topic is locked This topic is locked

#1
jaime99
Posted 02 September 2005 - 06:19 PM

jaime99

    New Member

  • Member
  • Pip
  • 4 posts
thank you in advance....

-----

Logfile of HijackThis v1.99.1
Scan saved at 7:20:24 PM, on 9/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QDOFCC45\HIJACKTHIS[1].EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [SUNASDTSERV] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O15 - Trusted Zone: http://download.pestpatrol.com
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab


----
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------


Volume in drive C is HP_PAVILION
Volume Serial Number is 0C3B-190A
Directory of C:\WINDOWS\SYSTEM

5,757.14 MB free

------- Hidden Files in System Directory -------


Volume in drive C is HP_PAVILION
Volume Serial Number is 0C3B-190A
Directory of C:\WINDOWS\SYSTEM

VSCONFIG XML 890 08-31-05 9:51p vsconfig.xml
ZLLICTBL DAT 4,212 10-25-04 6:17p zllictbl.dat
FOLDER HTT 13,122 08-30-99 9:04a folder.htt
DESKTOP INI 266 08-30-99 9:04a desktop.ini
4 file(s) 18,490 bytes
0 dir(s) 5,757.14 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
vsconfig.xml Wed Aug 31 2005 9:51:14p A..H. 890 0.87 K

1 item found: 1 file, 0 directories.
Total of file sizes: 890 bytes 0.87 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.P
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.N
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.I
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.H
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.E
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.D
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.G
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.C
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.B
C:\WINDOWS\VPTNFILE.803: TROJ_QOOLOGIC.A
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.P
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.N
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.I
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.H
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.E
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.D
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.G
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.C
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.B
C:\WINDOWS\lpt$vpn.803: TROJ_QOOLOGIC.A
C:\WINDOWS\WIN386.SWP: Win32.TrojanDownloader.Qoologic

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGEMC.EXE"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"PestPatrol Control Center"="C:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"SUNASDTSERV"="C:\\PROGRAM FILES\\SUNBELT SOFTWARE\\COUNTERSPY CLIENT\\SUNASDTSERV.exe"
"sunasServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"



  • 0

Advertisements

#2
jaime99
Posted 02 September 2005 - 07:06 PM

jaime99

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
P.S> I followed all the FAQ steps... running Win98 so I can't run a couple of them, I added Counter Spy for good measure.
  • 0

#3
Excal
Posted 03 September 2005 - 07:06 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please Download the following tools to assist us in removing this infection!
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#4
jaime99
Posted 03 September 2005 - 07:52 PM

jaime99

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you Excal for taking up my lost cause

----

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
abetterinternet.com 8/25/05 11:39:28 PM 785813 c:\crash.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com 9/3/05 8:41:08 PM RH 524320 c:\windows\USER.DAT
PECompact2 8/25/05 1:35:16 PM 15677649 c:\windows\VPTNFILE.803
qoologic 8/25/05 1:35:16 PM 15677649 c:\windows\VPTNFILE.803
SAHAgent 8/25/05 1:35:16 PM 15677649 c:\windows\VPTNFILE.803
PECompact2 8/25/05 1:35:16 PM 15677649 c:\windows\lpt$vpn.803
qoologic 8/25/05 1:35:16 PM 15677649 c:\windows\lpt$vpn.803
SAHAgent 8/25/05 1:35:16 PM 15677649 c:\windows\lpt$vpn.803

Items found in c:\windows\hosts

UPX! 5/3/05 11:44:44 AM 25157 c:\windows\RMAgentOutput.dll
UPX! 1/10/05 4:17:24 PM 170053 c:\windows\tsc.exe
UPX! 2/18/05 6:40:14 PM 1044560 c:\windows\vsapi32.dll
aspack 2/18/05 6:40:14 PM 1044560 c:\windows\vsapi32.dll

Checking %System% folder...

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/3/05 8:42:12 PM RH 524320 c:\windows\USER.DAT
9/3/05 8:41:08 PM RH 4653088 c:\windows\SYSTEM.DAT
9/1/05 9:42:02 PM H 7613 c:\windows\ttfCache
9/3/05 8:39:04 PM H 336571 c:\windows\ShellIconCache
8/28/05 10:30:20 PM HS 1092 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
8/29/05 7:18:30 AM HS 67 c:\windows\Temporary Internet Files\desktop.ini
8/29/05 7:18:30 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\desktop.ini
8/30/05 7:13:12 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\K1UBWT2B\desktop.ini
8/30/05 7:13:14 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\2E4M6ZV6\desktop.ini
8/30/05 7:13:18 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\6Y0RBBET\desktop.ini
8/30/05 7:13:20 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\09G7XHEG\desktop.ini
8/30/05 7:13:20 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\09Q7OLEZ\desktop.ini
8/30/05 7:13:26 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\QDOFCC45\desktop.ini
8/30/05 7:14:10 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\G88GRO43\desktop.ini
8/30/05 7:15:58 AM HS 67 c:\windows\Temporary Internet Files\Content.IE5\OPCR3B1S\desktop.ini
8/30/05 7:16:28 AM H 6 c:\windows\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 60928 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 138752 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 7952 c:\windows\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 c:\windows\SYSTEM\POWERCFG.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
4/23/99 10:22:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 c:\windows\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 15360 c:\windows\SYSTEM\THEMES.CPL
RealNetworks, Inc. 8/30/99 9:39:12 AM 24576 c:\windows\SYSTEM\prefscpl.cpl
Sun Microsystems 6/3/04 10:05:06 PM 61555 c:\windows\SYSTEM\jpicpl32.cpl
Intel Corporation 8/8/00 2:09:26 PM 84480 c:\windows\SYSTEM\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
2/21/05 5:52:32 PM 371 C:\WINDOWS\Application Data\dw.log
UPX! 3/5/05 1:44:48 PM RHS 82432 C:\WINDOWS\Application Data\eotd.exe

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\SYSTEM\MSJAVA.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
RealGuide = C:\WINDOWS\SYSTEM\Shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
AVG7_EMC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
AVG7_AMSVR C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
PestPatrol Control Center C:\PROGRA~1\PESTPA~1\PPControl.exe
PPMemCheck C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
SUNASDTSERV C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.exe
sunasServ C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/3/05 8:49:53 PM
  • 0

#5
jaime99
Posted 03 September 2005 - 07:55 PM

jaime99

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I got a "runtime error" when I ran the second thing. Filename or classname not found.

Here is what it put on my desktop

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGCC.EXE /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGEMC.EXE"
"AVG7_AMSVR"="C:\\PROGRA~1\\GRISOFT\\AVGFRE~1\\AVGAMSVR.EXE"
"PestPatrol Control Center"="C:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"SUNASDTSERV"="C:\\PROGRAM FILES\\SUNBELT SOFTWARE\\COUNTERSPY CLIENT\\SUNASDTSERV.exe"
"sunasServ"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"

-----------------
  • 0

#6
Excal
Posted 04 September 2005 - 12:00 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please download the Killbox.

Please run Killbox.
  • Select "Delete on Reboot".
  • Copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\WINDOWS\Application Data\eotd.exe
    c:\windows\RMAgentOutput.dll


  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
  • Let the system reboot.
Your not showing anything in your log, what kind of symptoms are you having?

:tazz:

Excal
  • 0

#7
Excal
Posted 21 September 2005 - 07:31 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP