Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

expdvd.dll


  • Please log in to reply

#61
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Excellent work yesteday,what great persistence you have!

Lets have an Online Scan at the site below
http://support.f-sec.../home/ols.shtml

Save any results from the Online Scan and then go into Safe Mode and Scan once more with WinPFind!

Post back with both those results!
  • 0

Advertisements


#62
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Finished: 64 viruses found

Scanned files: 58753 Warning: 64 file(s) still infected!


C:\!Submit\expdvd.dll Trojan.Win32.Crypt.o

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\05854438 Trojan-Downloader.Win32.IstBar.go

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058C1831 Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\058F422D Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06161D51 Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A76D24 Email-Worm.Win32.Sober.p

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0748231C.exe Trojan-Downloader.Win32.IstBar.gn

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07503C8B Trojan-Downloader.Win32.Dyfuca.dp

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07561084 Trojan-Downloader.Win32.Agent.br

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07593A80 Trojan-Downloader.Win32.IstBar.go

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\075D647C Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07633875 Trojan-Downloader.Win32.TSUpdate.f

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0E5425F8 Trojan-Downloader.Win32.Swizzor.br

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\161533DA Email-Worm.Win32.Bagle.gen

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\195B3E23 Trojan-Downloader.Win32.Agent.bt

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A1051F0 Trojan-Downloader.Win32.IstBar.er

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A243AFB Trojan-Dropper.Win32.Small.of

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D25599D Trojan-Downloader.Win32.VB.ez

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\22C13C37 Email-Worm.Win32.Sober.p

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24452B99 Trojan-Downloader.Win32.Agent.br

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\24EC7A22 Trojan-Downloader.Win32.VB.ez

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28F8697E Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28FB137A Trojan-Downloader.Win32.IstBar.go

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2F6F78AA Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\330D106F Trojan-Downloader.Win32.Agent.br

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\334E5D85 Trojan-Downloader.Win32.Agent.br

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F1F2742 Email-Worm.Win32.Bagle.gen

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\429F1AC3 Email-Worm.Win32.Bagle.gen

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\456F68F4 Trojan-Downloader.Win32.Dyfuca.dp

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4B5D7990 Trojan-Clicker.Win32.VB.ei

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4C903AF0 Trojan-Downloader.Win32.Agent.bt

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F36617B Trojan-Downloader.Win32.IstBar.fn

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55B95A3F Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55BF2E37 Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56197EB3 Trojan-Downloader.Win32.IstBar.gen

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562626A5 Trojan-Downloader.Win32.IstBar.gen

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562950A1 Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\562D7A9D Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56334E96 Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\563D4C8B Trojan-Downloader.Win32.IstBar.er

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57866E21 Trojan-Downloader.Win32.Dyfuca.dp

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64317919.exe Trojan-Downloader.Win32.IstBar.gn

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6AB45821 Trojan-Downloader.Win32.Dyfuca.gen

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6DBA784B Trojan-Clicker.Win32.VB.ei

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\732918AC Trojan-Downloader.Win32.Swizzor.dt

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A4D4101 Trojan-Downloader.Win32.IstBar.gm

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAA368C.exe Trojan-Downloader.Win32.IstBar.gn

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DAD6088.exe Trojan-Downloader.Win32.IstBar.gn

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DB75E7D.exe Trojan-Downloader.Win32.IstBar.gn

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DBA087A.exe Trojan-Downloader.Win32.IstBar.gn

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044400.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044401.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044402.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044403.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0044404.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046498.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046499.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP635\A0046500.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047584.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047585.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047586.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047587.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0047589.dll Trojan.Win32.Crypt.o

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP636\A0049611.dll Trojan.Win32.Crypt.o



Up | Down | Top | Bottom
New scan
Close

Step 1

Step 2

Step 3

Step 4
  • 0

#63
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,all those are easily fixed!

Click the Norton Antivirus Icon by the clock-> Click Reports-> Next to Quaratined Items-> Click View Reports

If you get a prompt to repair or clean anything Select NO!

Select everything in the list and click the Delete tab!


You can delete C:\!Submit<- Folder from Killbox!


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm
or
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Post back with the log from WinPFind and a fresh HijackThis log!
  • 0

#64
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 1/8/2005 5:30:04 PM 162885 C:\WINDOWS\tsc.exe
PECompact2 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
qoologic 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
SAHAgent 1/8/2005 5:30:04 PM 11869492 C:\WINDOWS\VPTNFILE.335
UPX! 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll
aspack 1/8/2005 5:30:04 PM 1036800 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 3/10/2005 10:48:10 AM 269312 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/9/2005 8:29:40 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
10/9/2005 8:29:28 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/9/2005 8:30:04 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/9/2005 8:29:42 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/9/2005 8:30:54 AM H 61440 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/9/2005 8:29:40 AM H 909312 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
10/2/2005 10:30:46 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/25/2005 9:23:06 PM S 558 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
9/25/2005 9:23:06 PM S 144 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XUJ45QJ\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JWM5LXBL\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SPMZ41QB\desktop.ini
10/7/2005 7:08:52 PM HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WTU7K167\desktop.ini
9/27/2005 1:49:14 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\2003e0b3-decd-4738-99f9-a4d8ea285ec9
9/27/2005 1:49:14 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/9/2005 8:00:02 AM H 248 C:\WINDOWS\Tasks\AF392B239196A2CB.job
10/9/2005 8:26:48 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 8:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
9/18/2003 4:18:00 AM R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 1/23/2005 10:33:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 3/17/2004 7:39:38 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 3/12/2004 4:53:44 PM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 2/10/2004 11:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
1/8/2005 3:58:44 PM 715 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
5/23/2005 3:07:38 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\DESKTOP.INI
2/23/2005 3:13:22 PM 676 C:\Documents and Settings\Laurie Eckerty\Start Menu\Programs\Startup\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Laurie Eckerty\Application Data\DESKTOP.INI
3/28/2004 5:50:28 PM 0 C:\Documents and Settings\Laurie Eckerty\Application Data\dm.ini
11/19/2004 8:10:10 PM 59448 C:\Documents and Settings\Laurie Eckerty\Application Data\GDIPFONTCACHEV1.DAT
10/5/2005 10:24:58 AM 29248 C:\Documents and Settings\Laurie Eckerty\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{321354B2-DABE-4FA1-A3C2-FAADF1BF837E} = C:\WINDOWS\system32\AJAAMON.DLL
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Dell AIO Printer A940 "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/9/2005 8:36:29 AM
  • 0

#65
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I'm going to get ready for church. I will try the fix as soon as I get home.
  • 0

#66
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
nothing i quarantined, but there are 82 back up items. do you want me to delete all those?
  • 0

#67
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
See if you can locate this file

C:\WINDOWS\system32\AJAAMON.DLL

If you find it-> Right Click and Select properties!

See if by clicking on all the tabs in the properties box,you can associate this with something on the PC!

Next,get the file scanned here

http://virusscan.jotti.org/
and
http://www.virustota...h/index_en.html


Let me know the results and try not to restart the PC since the CLSID numbers are changing in the registry!
  • 0

#68
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Sorry,missed you last post!

Yes delete all the backups,they are all infected and doing you no good!
  • 0

#69
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
which program should i use to open winhelp2002 host file? the default is acrobat, but it won't open it.
  • 0

#70
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
on spyware blaster, explorer and files aren't enables, what specific setting do you recomend?
  • 0

Advertisements


#71
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmmm,I usually just use the default settings with Spyware Blaster,update it and click on enable all protection

Unless a brand new version has been released!

Ill check it out!

As for the Hosts File,use this link
http://www.mvps.org/...2002/hosts2.htm

1.Click on hosts.zip and download the Zip to your desktop!

2.Right Click the Zip folder and Select "Extract All"

3.Look inside the newly Unzipped folder and Right Click HOST
and Select Copy

4.Navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC and open the ETC folder

5.Right Click once inside the ETC folder and Select Paste

6.Confirm you want to replace the existing hosts file

7.Close out all windows and get rid of the host folder on you desktop


How bout that file I asked you about?
  • 0

#72
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
ok, hold on a minute. i delted c:\!submit from killbox, but when searching on c for ajaamon.dll i saw it, so deleted there.
installed spywareblaster, but have not enabled.
sucessfully (hopefully) put winhelp host file in folder, delted from desktop.
i disables system restore.

couldn't find ajaamon.dll

will look again.

do i need to restart computer after system restore?
  • 0

#73
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
found a file in c windows system 32 called aaaamon.dll, but none that say ajaamon.dll
  • 0

#74
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Dont Restart just yet!

Copy the text below to a blank notepad page and save it to the desktop as Find.bat


dir \AJAAMON.DLL /a h /s > File.txt


Double Click Find.bat and wait for the Notepad page to pop up


Post the contents of that notepad page back here
  • 0

#75
lauriejk

lauriejk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
dir \AJAAMON.DLL /a h /s > File.txt
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP