Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - smoochyleigh

Pages: [1]
1
Tech Clinic / Getting Overrun with Pop-ups
« on: August 25, 2005, 05:16:45 PM »
Hi,

Everything seems to be running smoothly.

I want to thank you for all the help you've given me.  This is a great service you provide.  Hopefully, soon, they will make adware/spyware illegal!

Keep up the good work.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Who sponsors this website?  Is it run on donations?

-Leigh

2
Tech Clinic / Getting Overrun with Pop-ups
« on: August 23, 2005, 04:23:33 PM »
Thanks for getting back to me so quickly.  You're help is greatly appreciated!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Here are the logs you requested:

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 1:52:40 PM, on 8/23/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RunDLL.exe
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [Spam Shredder] "C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE" -tray
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - User Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - User Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.255.102/activex/AxisCamControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409


Find Qoologic Log

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
* KavSvc  C:\WINDOWS\HWINFO.DAT
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»  

 
»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Profiles\DON\Start Menu\Programs\StartUp



RunThis.bat log

Log of L2M9XFix v1
 
************
 
Running from directory:  
C:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix
 
************
 
Files found:
 
 
************
 
Registry entries found:
 
 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 
************
 
Killing Explorer
Done!
 
Killing Rundll32
Done!
 
Removing malicious CLSID(s)
Done!
 
Restarting Explorer
Done!
 
Deleting malicious files
Done!
 
 
Finished!


When this machine is clean do you have any suggestions on how to keep it that way?  

-Leigh

3
Tech Clinic / Getting Overrun with Pop-ups
« on: August 23, 2005, 12:57:10 AM »
Hi,

Here are all the reports you asked for:

WPFind Log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98    Version: 4.10.1998
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
KavSvc               7/4/05 3:19:30 AM      6373408    C:\SYSTEM.1ST

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
KavSvc               7/4/05 3:25:26 AM      249888     C:\WINDOWS\HWINFO.DAT
KavSvc               8/22/05 10:05:58 PM    6516768    C:\WINDOWS\SYSTEM.DAT
winsync              8/22/05 10:05:58 PM    6516768    C:\WINDOWS\SYSTEM.DAT
UPX!                 12/11/02 4:13:36 PM    44032      C:\WINDOWS\unwash.exe
UPX!                 9/29/03 4:09:26 PM     161792     C:\WINDOWS\UnPopUpWasher.exe

Items found in C:\WINDOWS\hosts


Checking %System% folder...
PEC2                 7/11/97                163384     C:\WINDOWS\SYSTEM\ODBCJET.HLP

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
H                    8/22/05 10:31:48 PM    585760     C:\WINDOWS\USER.DAT
H                    7/4/05 3:25:26 AM      249888     C:\WINDOWS\HWINFO.DAT
H                    8/22/05 10:05:58 PM    6516768    C:\WINDOWS\SYSTEM.DAT
H                    7/4/05 3:24:32 AM      12746      C:\WINDOWS\folder.htt
H                    7/4/05 3:24:32 AM      266        C:\WINDOWS\desktop.ini
H                    8/22/05 10:03:02 PM    828262     C:\WINDOWS\ShellIconCache
H                    8/18/05 12:11:54 AM    38068      C:\WINDOWS\ttfCache
H                    7/4/05 3:24:32 AM      12746      C:\WINDOWS\SYSTEM\folder.htt
H                    7/4/05 3:24:32 AM      266        C:\WINDOWS\SYSTEM\desktop.ini
H                    7/4/05 3:24:32 AM      12746      C:\WINDOWS\SYSTEM32\folder.htt
H                    7/4/05 3:24:32 AM      266        C:\WINDOWS\SYSTEM32\desktop.ini
H                    7/7/05 3:35:44 PM      9793       C:\WINDOWS\HELP\windows.GID
H                    7/4/05 2:43:34 AM      8628       C:\WINDOWS\HELP\SECAUTH.GID
H                    7/4/05 3:24:32 AM      19600      C:\WINDOWS\WEB\WVLOGO.GIF
H                    7/4/05 3:24:32 AM      4204       C:\WINDOWS\WEB\CONTROLP.HTT
H                    7/4/05 3:24:32 AM      11530      C:\WINDOWS\WEB\FOLDER.HTT
H                    7/4/05 3:24:32 AM      4988       C:\WINDOWS\WEB\MYCOMP.HTT
H                    7/4/05 3:24:32 AM      5044       C:\WINDOWS\WEB\PRINTERS.HTT
H                    7/4/05 3:24:32 AM      855        C:\WINDOWS\WEB\webview.css
H                    7/4/05 3:24:32 AM      14258      C:\WINDOWS\WEB\default.htt
H                    7/4/05 3:24:32 AM      5403       C:\WINDOWS\WEB\nethood.htt
H                    7/4/05 3:24:32 AM      8088       C:\WINDOWS\WEB\recycle.htt
H                    7/4/05 3:24:32 AM      5495       C:\WINDOWS\WEB\schedule.htt
H                    7/4/05 3:24:32 AM      5521       C:\WINDOWS\WEB\dialup.htt
H                    7/4/05 3:24:32 AM      44686      C:\WINDOWS\WEB\wvleft.bmp
H                    7/4/05 3:24:32 AM      840        C:\WINDOWS\WEB\wvline.gif
SH                   8/17/05 11:20:20 PM    1092       C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
SH                   6/30/05 12:34:48 PM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
SH                   6/30/05 12:34:50 PM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\8TAZKX2N\desktop.ini
SH                   8/18/05 12:40:38 AM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\G5MJIZ85\desktop.ini
SH                   6/30/05 12:38:36 PM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\54D1R5H3\desktop.ini
SH                   8/18/05 12:48:02 AM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\QSY1BX80\desktop.ini
SH                   6/30/05 2:08:34 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\9STUDEXP\desktop.ini
SH                   6/30/05 4:33:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\1IGECFY0\desktop.ini
SH                   6/30/05 5:33:34 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\82VP70OO\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\QLU3UDS9\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\WHYJETIP\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\DLKZPP6K\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\4P69ONIL\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\0LIP618L\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\WTY7C1Q7\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\K7CFOREN\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\GDQVC96V\desktop.ini
H                    8/22/05 10:00:50 PM    6          C:\WINDOWS\Tasks\SA.DAT
H                    8/22/05 10:03:40 PM    843808     C:\WINDOWS\Profiles\DON\USER.DAT
SH                   8/17/05 10:35:42 PM    1092       C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Internet Explorer\Desktop.htt

Checking for CPL files...
Microsoft Corporation          5/11/98 8:01:00 PM     72192      C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     221280     C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation          8/29/02                292352     C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     58880      C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     138752     C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     103424     C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     420864     C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     93248      C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     14448      C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     47104      C:\WINDOWS\SYSTEM\PASSWORD.CPL
                               5/11/98 8:01:00 PM     70656      C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     385104     C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     57856      C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     44720      C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     14848      C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     15360      C:\WINDOWS\SYSTEM\THEMES.CPL
Microsoft Corporation          8/8/99 2:17:12 AM      41232      C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation          7/11/97                53520      C:\WINDOWS\SYSTEM\MLCFG32.CPL
                               7/11/97                22528      C:\WINDOWS\SYSTEM\FINDFAST.CPL
Sun Microsystems, Inc.         6/3/05 3:52:54 AM      49265      C:\WINDOWS\SYSTEM\jpicpl32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
                     8/17/05 11:06:08 PM    423        C:\WINDOWS\Start Menu\Programs\StartUp\PerfectPrint.LNK

Checking files in %USERPROFILE%\Application Data folder...
                     12/12/02 1:35:48 PM    0          C:\WINDOWS\Application Data\dm.ini
                     7/8/04 3:31:48 PM      844        C:\WINDOWS\Application Data\dw.log
                     4/22/04 7:44:52 AM     784        C:\WINDOWS\Application Data\mpauth.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
   {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}    = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83bD3F}
       = shellwp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
   {6D78EC20-5AA6-101B-8681-366FBD64CEB9}    = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
   {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}    = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QuickFinderMenu
   {CD949A20-BDC8-11CE-8919-00608C39D066}    = C:\COREL\OFFICE7\SHARED\QFINDER7\PFSE70.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
   {CD949A20-BDC8-11CE-8919-00608C39D066}    = C:\COREL\OFFICE7\SHARED\QFINDER7\PFSE70.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
   CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
   Web Offer Bar = C:\WINDOWS\SYSTEM\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
   Web Offer Bar = C:\WINDOWS\SYSTEM\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}    = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
   Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   ScanRegistry   C:\WINDOWS\scanregw.exe /autorun
   TaskMonitor   C:\WINDOWS\taskmon.exe
   SystemTray   SysTray.Exe
   CHotKey   mHotkey.exe
   POINTER   point32.exe
   iamapp   C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
   LoadPowerProfile   Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
   NAV Agent   C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
   QuickFinder Scheduler   C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
   autoupdate   rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
   winsync   C:\WINDOWS\l4spxs.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
   ScriptBlocking   "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
   nisserv   C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
   LoadPowerProfile   Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
   SchedulingAgent   C:\WINDOWS\SYSTEM\mstask.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   Taskbar Display Controls   RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
   washindex   C:\Program Files\Washer\washidx.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
   HideSharePwds   

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/22/05 10:34:45 PM



HiJack This

Logfile of HijackThis v1.99.1
Scan saved at 10:38:51 PM, on 8/22/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\L4SPXS.EXE
C:\WINDOWS\RunDLL.exe
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\l4spxs.exe reg_run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [Spam Shredder] "C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE" -tray
O4 - HKCU\..\Run: [Opao] C:\Program Files\puhs\loes.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - User Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - User Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.255.102/activex/AxisCamControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409


Results for A-squared


a² Report
Filename    Diagnosis
c:\WINDOWS\SYSTEM\datadx.dll    Trojan-Downloader.Win32.Qoologic.p
c:\WINDOWS\SYSTEM\UpdInst.exe    Adware.Look2Me.ag
c:\WINDOWS\SYSTEM\VB3.exe    Trojan-Dropper.Win32.Agent.hl
c:\WINDOWS\SYSTEM\s030109.Stub.exe    Trojan-Dropper.Win32.Agent.hl
c:\WINDOWS\SYSTEM\web2_212.exe    Trojan-Downloader.Win32.Qoologic.v
c:\WINDOWS\SYSTEM\ezstub.exe    Adware.EZula.ap
c:\WINDOWS\SYSTEM\ezPopStub.exe    Adware.EZula.av
c:\WINDOWS\SYSTEM\Osaka.exe    Adware.PurityScan.w
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\BUOWSELC.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\CFMCTL32.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\CVUSALGO.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DADRG56X.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DLDRGBXF.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DNDRM16F.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DQDRAMPF.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DR16GT.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DSGSIG.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DXDIM.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\DXTACLEN.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\ECYD7US.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\EFYSH7.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\FU20ENU.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\FUAMEBUF.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\GEDEF.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\HGHEIMG0.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\HHAGENT.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\HOP95EN.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\HPAGENT.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\hypamon0.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\IHETCPLC.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\IJRNONCE.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\ITMFILTER.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\IWS.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\jwsd400.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\madmo.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MESYSTEM.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MFCI.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MIXDM.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MKLTUS40.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MKR.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\mmdxmlc.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MOPI.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MQCI.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MQVBVM50.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MRREPL35.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MSFMIG32.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\mtcrlrev.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MUDAMG9X.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MVI.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MWIMUSIC.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MXAWT.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MXPCIC.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MYTCP.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\MZR2C.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\OJBCTRAC.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\OUESVR32.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\OWDIS400.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\PPSPL.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\PSSPL.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\RFCLTCCM.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\RJCNS4.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\RTCLTCCM.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\SULSTR.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\TCPIUI.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\TIID_P3D.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\TLD32.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\tPembed.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\TPPIUI.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\UNL.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\WE32DLL.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\wkpui.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\WLNMM.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\WSNNET16.DLL    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\wxerrenu.dll    Adware.Look2Me.ag
c:\WINDOWS\Desktop\Leigh's Stuff\l2m9xfix\backups\WYN32S16.DLL    Adware.Look2Me.ag
c:\WINDOWS\Downloaded Program Files\pcs_0026.exe    Adware.Pacer.j
c:\WINDOWS\VB3.exe    Trojan-Dropper.Win32.Agent.hl
c:\WINDOWS\shopinst.exe    Trojan-Downloader.Win32.Small.apm
c:\WINDOWS\s030109.Stub.exe    Trojan-Dropper.Win32.Agent.hl
c:\WINDOWS\cxtpls_loader.exe    Trojan-Downloader.Win32.Apropo.ae
c:\WINDOWS\dist006.exe    Trojan-Downloader.Win32.Agent.qg
c:\WINDOWS\Osaka.exe    Adware.PurityScan.w
c:\WINDOWS\98_Ventura5_4_0_3_7.exe    Adware.PurityScan.w
c:\WINDOWS\installer_MARKETING58.exe    Trojan-Downloader.Win32.Adload.a
c:\WINDOWS\baslnhvx.exe    Adware.BookedSpace.e
c:\WINDOWS\ezStub.exe    Adware.EZula.ar
c:\WINDOWS\etb\pokapoka61.exe    Trojan-Dropper.Win32.Agent.qz
c:\WINDOWS\etb\xud2f.dll    Adware.ToolBar.EliteBar.am
c:\WINDOWS\eZinstall.exe    Adware.EZula.ak
c:\Program Files\Hijack this\backups\backup-20050818-000634-266.dll    Adware.Look2Me.ag
c:\sbackup\robert\Radmin\RADMIN22.EXE    Riskware.RemoteAdmin.Win32.RAdmin.22

find-qoologic report

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
* winsync   C:\WINDOWS\SKFSFSG.DLL
* winsync   C:\WINDOWS\JOEAR.DLL
* KavSvc  C:\WINDOWS\HWINFO.DAT
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»  

 
»»»»»»»»»»»»»»»»»»»»»»»»» startup files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* exe  C:\WINDOWS\startm~1\programs\startup\NPRA.EXE

»»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»


Global Startup:
problem locating dir

User Startup:
C:\WINDOWS\Profiles\DON\Start Menu\Programs\StartUp


After last normal startup I received an error message:

error loading windows\system\datadx.dll


I think we almost have it!   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

I was having problems loading pages with internet explorer so I downloaded a new browser - Mozilla Foxfire.  I read that it was a pretty good alternative to IE.

-Leigh

4
Tech Clinic / Getting Overrun with Pop-ups
« on: August 18, 2005, 02:46:04 AM »
Hi Again,

I ran through everything you asked.  I do have a question though.  When I went into safe mode, I couldn't find anything that was on my desktop.  I realized that because I use a logon name and password, windows keeps that info separate in a profile folder.  I was able to get to everything I needed to run your steps but I noticed that different things showed up in the HJT log file depending on how I was logged on.  How do I compensate for this?  There is only one person who uses this computer so there really isn't a need for a logon.

Here are the logs you requested:

WinPfind.txt

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98    Version: 4.10.1998
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
KavSvc               7/4/05 3:19:30 AM      6373408    C:\SYSTEM.1ST

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
KavSvc               7/4/05 3:25:26 AM      249888     C:\WINDOWS\HWINFO.DAT
KavSvc               8/18/05 12:06:56 AM    6516768    C:\WINDOWS\SYSTEM.DAT
winsync              8/18/05 12:06:56 AM    6516768    C:\WINDOWS\SYSTEM.DAT
qoologic             7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
aspack               7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
KavSvc               7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
69.59.186.63         7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
209.66.67.134        7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
66.63.167.97         7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
66.63.167.77         7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
web-nex              7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
yourkey              7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
rec2_run             7/4/05 4:04:28 AM      172032     C:\WINDOWS\web2_212.exe
UPX!                 12/11/02 4:13:36 PM    44032      C:\WINDOWS\unwash.exe
UPX!                 9/29/03 4:09:26 PM     161792     C:\WINDOWS\UnPopUpWasher.exe
UPX!                 6/18/04 8:03:46 AM     278016     C:\WINDOWS\unshred1.exe

Items found in C:\WINDOWS\hosts

UPX!                 8/11/05 9:42:30 PM     46080      C:\WINDOWS\InstallAPS.exe
UPX!                 7/4/05 3:58:24 AM      65024      C:\WINDOWS\thin-144-1-x-x.exe
UPX!                 7/4/05 12:57:28 PM     65024      C:\WINDOWS\thin-144-1-5-8-8.exe
UPX!                 7/5/05 12:17:26 AM     65024      C:\WINDOWS\thin-178-1-2-x.exe
UPX!                 7/5/05 12:23:26 AM     65024      C:\WINDOWS\thin-175-1-x-x.exe
qoologic             7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
aspack               7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
KavSvc               7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
69.59.186.63         7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
209.66.67.134        7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
66.63.167.97         7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
66.63.167.77         7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
web-nex              7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
yourkey              7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
rec2_run             7/5/05 6:42:30 AM      200192     C:\WINDOWS\seedcorn_2_215.exe
PTech                7/7/05 3:08:00 PM      5632       C:\WINDOWS\pi1_60.exe
UPX!                 7/8/05 12:00:30 AM     223232     C:\WINDOWS\Pop2.exe
UPX!                 8/17/05 11:22:56 PM    82432      C:\WINDOWS\ru.exe
UPX!                 7/28/05 3:48:04 PM     17408      C:\WINDOWS\icont.exe
69.59.186.63         8/17/05 11:23:08 PM    46080      C:\WINDOWS\skfsfsg.dll
209.66.67.134        8/17/05 11:23:08 PM    46080      C:\WINDOWS\skfsfsg.dll
web-nex              8/17/05 11:23:08 PM    46080      C:\WINDOWS\skfsfsg.dll
winsync              8/17/05 11:23:08 PM    46080      C:\WINDOWS\skfsfsg.dll
69.59.186.63         8/17/05 11:23:08 PM    10240      C:\WINDOWS\joear.dll
209.66.67.134        8/17/05 11:23:08 PM    10240      C:\WINDOWS\joear.dll
web-nex              8/17/05 11:23:08 PM    10240      C:\WINDOWS\joear.dll
winsync              8/17/05 11:23:08 PM    10240      C:\WINDOWS\joear.dll

Checking %System% folder...
WinShutDown          6/28/96 7:00:00 AM     69120      C:\WINDOWS\SYSTEM\WPAUTO.DLL
WinShutDown          6/28/96 7:00:00 AM     61952      C:\WINDOWS\SYSTEM\PRAUTO.DLL
WinShutDown          6/28/96 7:00:00 AM     57856      C:\WINDOWS\SYSTEM\PFAUTO.DLL
WinShutDown          6/28/96 7:00:00 AM     61952      C:\WINDOWS\SYSTEM\QPAUTO.DLL
PEC2                 7/11/97                163384     C:\WINDOWS\SYSTEM\ODBCJET.HLP
qoologic             6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
aspack               6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
KavSvc               6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
69.59.186.63         6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
209.66.67.134        6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
66.63.167.97         6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
66.63.167.77         6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
web-nex              6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
yourkey              6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
rec2_run             6/30/05 4:09:22 PM     172032     C:\WINDOWS\SYSTEM\web2_212.exe
aspack               7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
KavSvc               7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
69.59.186.63         7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
209.66.67.134        7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
66.63.167.97         7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
66.63.167.77         7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
web-nex              7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
yourkey              7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
rec2_run             7/4/05 4:04:28 AM      29184      C:\WINDOWS\SYSTEM\supdate.dll
PTech                8/5/05 3:05:28 PM      5632       C:\WINDOWS\SYSTEM\snuninst.exe
UPX!                 8/5/05 5:37:28 PM      25105      C:\WINDOWS\SYSTEM\MTE2NzY6ODoxNg.exe
UPX!                 8/5/05 3:05:30 PM      66048      C:\WINDOWS\SYSTEM\hphi_c.exe
UPX!                 8/17/05 11:11:50 AM    68096      C:\WINDOWS\SYSTEM\ddahex.exe
UPX!                 8/17/05 11:22:54 PM    82432      C:\WINDOWS\SYSTEM\loes.exe

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
H                    8/18/05 12:06:54 AM    585760     C:\WINDOWS\USER.DAT
H                    7/4/05 3:25:26 AM      249888     C:\WINDOWS\HWINFO.DAT
H                    8/18/05 12:06:56 AM    6516768    C:\WINDOWS\SYSTEM.DAT
H                    7/4/05 3:24:32 AM      12746      C:\WINDOWS\folder.htt
H                    7/4/05 3:24:32 AM      266        C:\WINDOWS\desktop.ini
H                    8/17/05 11:33:48 PM    738082     C:\WINDOWS\ShellIconCache
H                    8/17/05 11:19:04 PM    38068      C:\WINDOWS\ttfCache
SH                   8/17/05 11:22:56 PM    82432      C:\WINDOWS\ru.exe
H                    7/4/05 3:24:32 AM      12746      C:\WINDOWS\SYSTEM\folder.htt
H                    7/4/05 3:24:32 AM      266        C:\WINDOWS\SYSTEM\desktop.ini
S                    7/21/05 2:04:12 PM     135168     C:\WINDOWS\SYSTEM\mjidntld.dll
S                    7/21/05 2:04:12 PM     45056      C:\WINDOWS\SYSTEM\WYOCK32.DLL
S                    7/21/05 2:04:12 PM     57344      C:\WINDOWS\SYSTEM\HOHBXTR0.DLL
S                    7/21/05 2:04:12 PM     4096       C:\WINDOWS\SYSTEM\IKONLIB.DLL
SH                   8/17/05 11:22:54 PM    82432      C:\WINDOWS\SYSTEM\loes.exe
H                    7/4/05 3:24:32 AM      12746      C:\WINDOWS\SYSTEM32\folder.htt
H                    7/4/05 3:24:32 AM      266        C:\WINDOWS\SYSTEM32\desktop.ini
H                    7/7/05 3:35:44 PM      9793       C:\WINDOWS\HELP\windows.GID
H                    7/4/05 2:43:34 AM      8628       C:\WINDOWS\HELP\SECAUTH.GID
H                    7/4/05 3:24:32 AM      19600      C:\WINDOWS\WEB\WVLOGO.GIF
H                    7/4/05 3:24:32 AM      4204       C:\WINDOWS\WEB\CONTROLP.HTT
H                    7/4/05 3:24:32 AM      11530      C:\WINDOWS\WEB\FOLDER.HTT
H                    7/4/05 3:24:32 AM      4988       C:\WINDOWS\WEB\MYCOMP.HTT
H                    7/4/05 3:24:32 AM      5044       C:\WINDOWS\WEB\PRINTERS.HTT
H                    7/4/05 3:24:32 AM      855        C:\WINDOWS\WEB\webview.css
H                    7/4/05 3:24:32 AM      14258      C:\WINDOWS\WEB\default.htt
H                    7/4/05 3:24:32 AM      5403       C:\WINDOWS\WEB\nethood.htt
H                    7/4/05 3:24:32 AM      8088       C:\WINDOWS\WEB\recycle.htt
H                    7/4/05 3:24:32 AM      5495       C:\WINDOWS\WEB\schedule.htt
H                    7/4/05 3:24:32 AM      5521       C:\WINDOWS\WEB\dialup.htt
H                    7/4/05 3:24:32 AM      44686      C:\WINDOWS\WEB\wvleft.bmp
H                    7/4/05 3:24:32 AM      840        C:\WINDOWS\WEB\wvline.gif
SH                   8/17/05 11:20:20 PM    1092       C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
SH                   6/30/05 12:34:48 PM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
SH                   6/30/05 12:34:50 PM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\8TAZKX2N\desktop.ini
SH                   6/30/05 12:38:36 PM    67         C:\WINDOWS\Temporary Internet Files\Content.IE5\54D1R5H3\desktop.ini
SH                   6/30/05 2:08:34 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\9STUDEXP\desktop.ini
SH                   6/30/05 4:33:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\1IGECFY0\desktop.ini
SH                   6/30/05 5:33:34 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\82VP70OO\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\QLU3UDS9\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\WHYJETIP\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\DLKZPP6K\desktop.ini
SH                   8/1/05 10:14:36 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\4P69ONIL\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\0LIP618L\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\WTY7C1Q7\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\K7CFOREN\desktop.ini
SH                   8/12/05 3:03:58 PM     67         C:\WINDOWS\Temporary Internet Files\Content.IE5\GDQVC96V\desktop.ini
H                    8/17/05 11:22:46 PM    6          C:\WINDOWS\Tasks\SA.DAT
SH                   8/17/05 11:22:58 PM    178        C:\WINDOWS\Tasks\RUTASK.job
H                    8/17/05 11:30:02 PM    843808     C:\WINDOWS\Profiles\DON\USER.DAT
SH                   8/17/05 10:35:42 PM    1092       C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Internet Explorer\Desktop.htt

Checking for CPL files...
Microsoft Corporation          5/11/98 8:01:00 PM     72192      C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     221280     C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation          8/29/02                292352     C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     58880      C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     138752     C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     103424     C:\WINDOWS\SYSTEM\MAIN.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     420864     C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     93248      C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     14448      C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     47104      C:\WINDOWS\SYSTEM\PASSWORD.CPL
                               5/11/98 8:01:00 PM     70656      C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     385104     C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     57856      C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     44720      C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     14848      C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation          5/11/98 8:01:00 PM     15360      C:\WINDOWS\SYSTEM\THEMES.CPL
Microsoft Corporation          8/8/99 2:17:12 AM      41232      C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation          7/11/97                53520      C:\WINDOWS\SYSTEM\MLCFG32.CPL
                               7/11/97                22528      C:\WINDOWS\SYSTEM\FINDFAST.CPL
                               8/15/05 1:32:06 PM     28672      C:\WINDOWS\SYSTEM\conres.cpl
Sun Microsystems, Inc.         6/3/05 3:52:54 AM      49265      C:\WINDOWS\SYSTEM\jpicpl32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
                     8/17/05 11:23:08 PM    91648      C:\WINDOWS\Start Menu\Programs\StartUp\npra.exe
                     8/17/05 11:06:08 PM    423        C:\WINDOWS\Start Menu\Programs\StartUp\PerfectPrint.LNK

Checking files in %USERPROFILE%\Application Data folder...
                     12/12/02 1:35:48 PM    0          C:\WINDOWS\Application Data\dm.ini
                     7/8/04 3:31:48 PM      844        C:\WINDOWS\Application Data\dw.log
                     4/22/04 7:44:52 AM     784        C:\WINDOWS\Application Data\mpauth.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
   {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}    = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83bD3F}
       = shellwp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
   {6D78EC20-5AA6-101B-8681-366FBD64CEB9}    = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
   {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}    = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QuickFinderMenu
   {CD949A20-BDC8-11CE-8919-00608C39D066}    = C:\COREL\OFFICE7\SHARED\QFINDER7\PFSE70.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
   {E0D79304-84BE-11CE-9641-444553540000}    = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
   {CD949A20-BDC8-11CE-8919-00608C39D066}    = C:\COREL\OFFICE7\SHARED\QFINDER7\PFSE70.DLL

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
   CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
   Web Offer Bar = C:\WINDOWS\SYSTEM\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
   Web Offer Bar = C:\WINDOWS\SYSTEM\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}    = Norton AntiVirus   : C:\Program Files\Norton AntiVirus\NavShExt.dll
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\SYSTEM\MSDXM.OCX

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
   Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
   History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : C:\WINDOWS\SYSTEM\BROWSEUI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   ScanRegistry   C:\WINDOWS\scanregw.exe /autorun
   TaskMonitor   C:\WINDOWS\taskmon.exe
   SystemTray   SysTray.Exe
   CHotKey   mHotkey.exe
   POINTER   point32.exe
   iamapp   C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
   LoadPowerProfile   Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
   NAV Agent   C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
   QuickFinder Scheduler   C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
   ScriptBlocking   "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
   nisserv   C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
   LoadPowerProfile   Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
   SchedulingAgent   C:\WINDOWS\SYSTEM\mstask.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   Taskbar Display Controls   RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
   washindex   C:\Program Files\Washer\washidx.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
   HideSharePwds   

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   •
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/18/05 12:11:16 AM


Track qoo log file

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"CHotKey"="mHotkey.exe"
"POINTER"="point32.exe"
"iamapp"="C:\\Program Files\\Norton Internet Security Professional\\IAMAPP.EXE"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\NAVAPW32.EXE"
"QuickFinder Scheduler"="C:\\COREL\\OFFICE7\\SHARED\\QFINDER7\\QFSCHED.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll

Subkey --- {B95057E0-44DB-11CE-A5D1-00608C83bD3F}

shellwp.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey ---


==============================


==============================
C:\WINDOWS\Profiles\DON\Start Menu\Programs\StartUp

Corel Desktop Application Director.LNK
PerfectPrint.LNK
Microsoft Office.lnk
==============================
C:\WINDOWS\SYSTEM cpl files


APPWIZ.CPL                    Microsoft Corporation
DESK.CPL                      Microsoft Corporation
INETCPL.CPL                   Microsoft Corporation
INTL.CPL                      Microsoft Corporation
JOY.CPL                       Microsoft Corporation
MAIN.CPL                      Microsoft Corporation
MMSYS.CPL                     Microsoft Corporation
MODEM.CPL                     Microsoft Corporation
NETCPL.CPL                    Microsoft Corporation
PASSWORD.CPL                  Microsoft Corporation
STICPL.CPL                    
SYSDM.CPL                     Microsoft Corporation
TIMEDATE.CPL                  Microsoft Corporation
POWERCFG.CPL                  Microsoft Corporation
TELEPHON.CPL                  Microsoft Corporation
THEMES.CPL                    Microsoft Corporation
ODBCCP32.CPL                  Microsoft Corporation
MLCFG32.CPL                   Microsoft Corporation
FINDFAST.CPL                  Microsoft Corporation
conres.cpl                    
jpicpl32.cpl                  Sun Microsystems, Inc.


HJT log file

Logfile of HijackThis v1.99.1
Scan saved at 12:27:07 AM, on 8/18/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RunDLL.exe
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\PUHS\LOES.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [Spam Shredder] "C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE" -tray
O4 - HKCU\..\Run: [Opao] C:\Program Files\puhs\loes.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - User Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - User Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.255.102/activex/AxisCamControl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409


I'm so glad that you can make sense of all this!

-Leigh

5
Tech Clinic / Getting Overrun with Pop-ups
« on: August 15, 2005, 04:35:15 PM »
By the way,

One of those things I had unchecked in the start-up processes is really nasty.  After I had allowed all processes to start up, one of them altered my paradox program so I was not able to load any databases or create any new databases.  It actually took away the New, Open & Close options under File.  They weren't even listed.  I had to go back in and uncheck all suspicious processes again to get paradox to work properly.

-Leigh

6
Tech Clinic / Getting Overrun with Pop-ups
« on: August 15, 2005, 04:00:20 PM »
Hi,

I tried to uninstall the programs but only viewpoint manager & media player were listed.  Many of the items listed in the HJ list were not present in the list windows gave me.  The ones highlighted in red are not present in my add/remove programs selection:

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager (Remove Only)
AnyTime Deluxe Edition
[color=\"red\"]Corel Remove Program[/color]
Display Utility
[color=\"red\"]E2give Plug-in[/color]
[color=\"red\"]HijackThis 1.99.1[/color]
HP LaserJet 1200 Uninstaller
Internet Explorer Q834707
[color=\"red\"]LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)[/color]
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 4.0
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 97, Professional Edition
Microsoft Outlook Express 6
Microsoft Publisher 2002
Microsoft VGX Q833989
Microsoft Web Publishing Wizard 1.6
Multimedia keyboard driver uninstall
NetMeeting 3.01
[color=\"red\"]Norton Internet Security Professional
OIN[/color]
Outlook Express Q837009
[color=\"red\"]Paradox 7
Spybot - Search & Destroy 1.4[/color]
System Files Update
The Food Processor
VIA Tech KLE/PLE Display Driver and Utilities
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows Media Player 7.1
WinZip

Here is the requested log.txt file:

Log of L2M9XFix v1
 
************
 
Running from directory:  
C:\WINDOWS\Profiles\DON\Desktop\l2m9xfix
 
************
 
Files found:
 
C:\WINDOWS\system\BUOWSELC.DLL
C:\WINDOWS\system\BUOWSELC.DLL
C:\WINDOWS\system\BUOWSELC.DLL
C:\WINDOWS\system\BUOWSELC.DLL
C:\WINDOWS\system\CEYPTNET.DLL
C:\WINDOWS\system\CEYPTNET.DLL
C:\WINDOWS\system\CEYPTNET.DLL
C:\WINDOWS\system\CEYPTNET.DLL
C:\WINDOWS\system\CFMCTL32.DLL
C:\WINDOWS\system\CFMCTL32.DLL
C:\WINDOWS\system\CFMCTL32.DLL
C:\WINDOWS\system\CFMCTL32.DLL
C:\WINDOWS\system\CVUSALGO.DLL
C:\WINDOWS\system\CVUSALGO.DLL
C:\WINDOWS\system\CVUSALGO.DLL
C:\WINDOWS\system\CVUSALGO.DLL
C:\WINDOWS\system\DADRG56X.DLL
C:\WINDOWS\system\DADRG56X.DLL
C:\WINDOWS\system\DADRG56X.DLL
C:\WINDOWS\system\DADRG56X.DLL
C:\WINDOWS\system\DLDRGBXF.DLL
C:\WINDOWS\system\DLDRGBXF.DLL
C:\WINDOWS\system\DLDRGBXF.DLL
C:\WINDOWS\system\DLDRGBXF.DLL
C:\WINDOWS\system\DNDRM16F.DLL
C:\WINDOWS\system\DNDRM16F.DLL
C:\WINDOWS\system\DNDRM16F.DLL
C:\WINDOWS\system\DNDRM16F.DLL
C:\WINDOWS\system\DQDRAMPF.DLL
C:\WINDOWS\system\DQDRAMPF.DLL
C:\WINDOWS\system\DQDRAMPF.DLL
C:\WINDOWS\system\DQDRAMPF.DLL
C:\WINDOWS\system\DR16GT.DLL
C:\WINDOWS\system\DR16GT.DLL
C:\WINDOWS\system\DR16GT.DLL
C:\WINDOWS\system\DR16GT.DLL
C:\WINDOWS\system\DSGSIG.DLL
C:\WINDOWS\system\DSGSIG.DLL
C:\WINDOWS\system\DSGSIG.DLL
C:\WINDOWS\system\DSGSIG.DLL
C:\WINDOWS\system\DXDIM.DLL
C:\WINDOWS\system\DXDIM.DLL
C:\WINDOWS\system\DXDIM.DLL
C:\WINDOWS\system\DXDIM.DLL
C:\WINDOWS\system\DXTACLEN.DLL
C:\WINDOWS\system\DXTACLEN.DLL
C:\WINDOWS\system\DXTACLEN.DLL
C:\WINDOWS\system\DXTACLEN.DLL
C:\WINDOWS\system\ECYD7US.DLL
C:\WINDOWS\system\ECYD7US.DLL
C:\WINDOWS\system\ECYD7US.DLL
C:\WINDOWS\system\ECYD7US.DLL
C:\WINDOWS\system\EFYSH7.DLL
C:\WINDOWS\system\EFYSH7.DLL
C:\WINDOWS\system\EFYSH7.DLL
C:\WINDOWS\system\EFYSH7.DLL
C:\WINDOWS\system\FU20ENU.DLL
C:\WINDOWS\system\FU20ENU.DLL
C:\WINDOWS\system\FU20ENU.DLL
C:\WINDOWS\system\FU20ENU.DLL
C:\WINDOWS\system\FUAMEBUF.DLL
C:\WINDOWS\system\FUAMEBUF.DLL
C:\WINDOWS\system\FUAMEBUF.DLL
C:\WINDOWS\system\FUAMEBUF.DLL
C:\WINDOWS\system\GEDEF.DLL
C:\WINDOWS\system\GEDEF.DLL
C:\WINDOWS\system\GEDEF.DLL
C:\WINDOWS\system\GEDEF.DLL
C:\WINDOWS\system\HGHEIMG0.DLL
C:\WINDOWS\system\HGHEIMG0.DLL
C:\WINDOWS\system\HGHEIMG0.DLL
C:\WINDOWS\system\HGHEIMG0.DLL
C:\WINDOWS\system\HHAGENT.DLL
C:\WINDOWS\system\HHAGENT.DLL
C:\WINDOWS\system\HHAGENT.DLL
C:\WINDOWS\system\HHAGENT.DLL
C:\WINDOWS\system\HOP95EN.DLL
C:\WINDOWS\system\HOP95EN.DLL
C:\WINDOWS\system\HOP95EN.DLL
C:\WINDOWS\system\HOP95EN.DLL
C:\WINDOWS\system\HPAGENT.DLL
C:\WINDOWS\system\HPAGENT.DLL
C:\WINDOWS\system\HPAGENT.DLL
C:\WINDOWS\system\HPAGENT.DLL
C:\WINDOWS\system\hypamon0.dll
C:\WINDOWS\system\hypamon0.dll
C:\WINDOWS\system\hypamon0.dll
C:\WINDOWS\system\hypamon0.dll
C:\WINDOWS\system\IHETCPLC.DLL
C:\WINDOWS\system\IHETCPLC.DLL
C:\WINDOWS\system\IHETCPLC.DLL
C:\WINDOWS\system\IHETCPLC.DLL
C:\WINDOWS\system\IJRNONCE.DLL
C:\WINDOWS\system\IJRNONCE.DLL
C:\WINDOWS\system\IJRNONCE.DLL
C:\WINDOWS\system\IJRNONCE.DLL
C:\WINDOWS\system\ITMFILTER.DLL
C:\WINDOWS\system\ITMFILTER.DLL
C:\WINDOWS\system\ITMFILTER.DLL
C:\WINDOWS\system\ITMFILTER.DLL
C:\WINDOWS\system\IWS.DLL
C:\WINDOWS\system\IWS.DLL
C:\WINDOWS\system\IWS.DLL
C:\WINDOWS\system\IWS.DLL
C:\WINDOWS\system\jwsd400.dll
C:\WINDOWS\system\jwsd400.dll
C:\WINDOWS\system\jwsd400.dll
C:\WINDOWS\system\jwsd400.dll
C:\WINDOWS\system\madmo.dll
C:\WINDOWS\system\madmo.dll
C:\WINDOWS\system\madmo.dll
C:\WINDOWS\system\madmo.dll
C:\WINDOWS\system\MESYSTEM.DLL
C:\WINDOWS\system\MESYSTEM.DLL
C:\WINDOWS\system\MESYSTEM.DLL
C:\WINDOWS\system\MESYSTEM.DLL
C:\WINDOWS\system\MFCI.DLL
C:\WINDOWS\system\MFCI.DLL
C:\WINDOWS\system\MFCI.DLL
C:\WINDOWS\system\MFCI.DLL
C:\WINDOWS\system\MIXDM.DLL
C:\WINDOWS\system\MIXDM.DLL
C:\WINDOWS\system\MIXDM.DLL
C:\WINDOWS\system\MIXDM.DLL
C:\WINDOWS\system\MKLTUS40.DLL
C:\WINDOWS\system\MKLTUS40.DLL
C:\WINDOWS\system\MKLTUS40.DLL
C:\WINDOWS\system\MKLTUS40.DLL
C:\WINDOWS\system\MKR.DLL
C:\WINDOWS\system\MKR.DLL
C:\WINDOWS\system\MKR.DLL
C:\WINDOWS\system\MKR.DLL
C:\WINDOWS\system\mmdxmlc.dll
C:\WINDOWS\system\mmdxmlc.dll
C:\WINDOWS\system\mmdxmlc.dll
C:\WINDOWS\system\mmdxmlc.dll
C:\WINDOWS\system\MOPI.DLL
C:\WINDOWS\system\MOPI.DLL
C:\WINDOWS\system\MOPI.DLL
C:\WINDOWS\system\MOPI.DLL
C:\WINDOWS\system\MQCI.DLL
C:\WINDOWS\system\MQCI.DLL
C:\WINDOWS\system\MQCI.DLL
C:\WINDOWS\system\MQCI.DLL
C:\WINDOWS\system\MQVBVM50.DLL
C:\WINDOWS\system\MQVBVM50.DLL
C:\WINDOWS\system\MQVBVM50.DLL
C:\WINDOWS\system\MQVBVM50.DLL
C:\WINDOWS\system\MRREPL35.DLL
C:\WINDOWS\system\MRREPL35.DLL
C:\WINDOWS\system\MRREPL35.DLL
C:\WINDOWS\system\MRREPL35.DLL
C:\WINDOWS\system\MSFMIG32.DLL
C:\WINDOWS\system\MSFMIG32.DLL
C:\WINDOWS\system\MSFMIG32.DLL
C:\WINDOWS\system\MSFMIG32.DLL
C:\WINDOWS\system\mtcrlrev.dll
C:\WINDOWS\system\mtcrlrev.dll
C:\WINDOWS\system\mtcrlrev.dll
C:\WINDOWS\system\mtcrlrev.dll
C:\WINDOWS\system\MUDAMG9X.DLL
C:\WINDOWS\system\MUDAMG9X.DLL
C:\WINDOWS\system\MUDAMG9X.DLL
C:\WINDOWS\system\MUDAMG9X.DLL
C:\WINDOWS\system\MVI.DLL
C:\WINDOWS\system\MVI.DLL
C:\WINDOWS\system\MVI.DLL
C:\WINDOWS\system\MVI.DLL
C:\WINDOWS\system\MWIMUSIC.DLL
C:\WINDOWS\system\MWIMUSIC.DLL
C:\WINDOWS\system\MWIMUSIC.DLL
C:\WINDOWS\system\MWIMUSIC.DLL
C:\WINDOWS\system\MXAWT.DLL
C:\WINDOWS\system\MXAWT.DLL
C:\WINDOWS\system\MXAWT.DLL
C:\WINDOWS\system\MXAWT.DLL
C:\WINDOWS\system\MXCPXL32.DLL
C:\WINDOWS\system\MXCPXL32.DLL
C:\WINDOWS\system\MXCPXL32.DLL
C:\WINDOWS\system\MXCPXL32.DLL
C:\WINDOWS\system\MXPCIC.DLL
C:\WINDOWS\system\MXPCIC.DLL
C:\WINDOWS\system\MXPCIC.DLL
C:\WINDOWS\system\MXPCIC.DLL
C:\WINDOWS\system\MYTCP.DLL
C:\WINDOWS\system\MYTCP.DLL
C:\WINDOWS\system\MYTCP.DLL
C:\WINDOWS\system\MYTCP.DLL
C:\WINDOWS\system\MZR2C.DLL
C:\WINDOWS\system\MZR2C.DLL
C:\WINDOWS\system\MZR2C.DLL
C:\WINDOWS\system\MZR2C.DLL
C:\WINDOWS\system\OJBCTRAC.DLL
C:\WINDOWS\system\OJBCTRAC.DLL
C:\WINDOWS\system\OJBCTRAC.DLL
C:\WINDOWS\system\OJBCTRAC.DLL
C:\WINDOWS\system\OUESVR32.DLL
C:\WINDOWS\system\OUESVR32.DLL
C:\WINDOWS\system\OUESVR32.DLL
C:\WINDOWS\system\OUESVR32.DLL
C:\WINDOWS\system\OWDIS400.DLL
C:\WINDOWS\system\OWDIS400.DLL
C:\WINDOWS\system\OWDIS400.DLL
C:\WINDOWS\system\OWDIS400.DLL
C:\WINDOWS\system\PPSPL.DLL
C:\WINDOWS\system\PPSPL.DLL
C:\WINDOWS\system\PPSPL.DLL
C:\WINDOWS\system\PPSPL.DLL
C:\WINDOWS\system\PSSPL.DLL
C:\WINDOWS\system\PSSPL.DLL
C:\WINDOWS\system\PSSPL.DLL
C:\WINDOWS\system\PSSPL.DLL
C:\WINDOWS\system\RFCLTCCM.DLL
C:\WINDOWS\system\RFCLTCCM.DLL
C:\WINDOWS\system\RFCLTCCM.DLL
C:\WINDOWS\system\RFCLTCCM.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RJCNS4.DLL
C:\WINDOWS\system\RTCLTCCM.DLL
C:\WINDOWS\system\RTCLTCCM.DLL
C:\WINDOWS\system\RTCLTCCM.DLL
C:\WINDOWS\system\RTCLTCCM.DLL
C:\WINDOWS\system\SULSTR.DLL
C:\WINDOWS\system\SULSTR.DLL
C:\WINDOWS\system\SULSTR.DLL
C:\WINDOWS\system\SULSTR.DLL
C:\WINDOWS\system\TCPIUI.DLL
C:\WINDOWS\system\TCPIUI.DLL
C:\WINDOWS\system\TCPIUI.DLL
C:\WINDOWS\system\TCPIUI.DLL
C:\WINDOWS\system\TIID_P3D.DLL
C:\WINDOWS\system\TIID_P3D.DLL
C:\WINDOWS\system\TIID_P3D.DLL
C:\WINDOWS\system\TIID_P3D.DLL
C:\WINDOWS\system\TLD32.DLL
C:\WINDOWS\system\TLD32.DLL
C:\WINDOWS\system\TLD32.DLL
C:\WINDOWS\system\TLD32.DLL
C:\WINDOWS\system\tPembed.dll
C:\WINDOWS\system\tPembed.dll
C:\WINDOWS\system\tPembed.dll
C:\WINDOWS\system\tPembed.dll
C:\WINDOWS\system\TPPIUI.DLL
C:\WINDOWS\system\TPPIUI.DLL
C:\WINDOWS\system\TPPIUI.DLL
C:\WINDOWS\system\TPPIUI.DLL
C:\WINDOWS\system\UNL.DLL
C:\WINDOWS\system\UNL.DLL
C:\WINDOWS\system\UNL.DLL
C:\WINDOWS\system\UNL.DLL
C:\WINDOWS\system\WE32DLL.DLL
C:\WINDOWS\system\WE32DLL.DLL
C:\WINDOWS\system\WE32DLL.DLL
C:\WINDOWS\system\WE32DLL.DLL
C:\WINDOWS\system\WKI.DLL
C:\WINDOWS\system\WKI.DLL
C:\WINDOWS\system\WKI.DLL
C:\WINDOWS\system\WKI.DLL
C:\WINDOWS\system\wkpui.dll
C:\WINDOWS\system\wkpui.dll
C:\WINDOWS\system\wkpui.dll
C:\WINDOWS\system\wkpui.dll
C:\WINDOWS\system\WLNMM.DLL
C:\WINDOWS\system\WLNMM.DLL
C:\WINDOWS\system\WLNMM.DLL
C:\WINDOWS\system\WLNMM.DLL
C:\WINDOWS\system\WSNNET16.DLL
C:\WINDOWS\system\WSNNET16.DLL
C:\WINDOWS\system\WSNNET16.DLL
C:\WINDOWS\system\WSNNET16.DLL
C:\WINDOWS\system\wxerrenu.dll
C:\WINDOWS\system\wxerrenu.dll
C:\WINDOWS\system\wxerrenu.dll
C:\WINDOWS\system\wxerrenu.dll
C:\WINDOWS\system\WYN32S16.DLL
C:\WINDOWS\system\WYN32S16.DLL
C:\WINDOWS\system\WYN32S16.DLL
C:\WINDOWS\system\WYN32S16.DLL
 
************
 
Registry entries found:
 
[HKEY_CLASSES_ROOT\CLSID\{5EBECAE0-E95E-11D9-AB8F-0010DC3CBE2C}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MKR.DLL"
[HKEY_CLASSES_ROOT\CLSID\{5EBECAE0-E95E-11D9-AB8F-0010DC3CBE2C}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MKR.DLL"
[HKEY_CLASSES_ROOT\CLSID\{5EBECAE0-E95E-11D9-AB8F-0010DC3CBE2C}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MKR.DLL"
[HKEY_CLASSES_ROOT\CLSID\{5EBECAE0-E95E-11D9-AB8F-0010DC3CBE2C}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MKR.DLL"
 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{33F9A507-F9A3-92AC-724D-2A38EB4E3BBF}"=""

 
************
 
Killing Explorer
Done!
 
Killing Rundll32
Done!
 
Removing malicious CLSID(s)
Done!
 
Restarting Explorer
Done!
 
Deleting malicious files
Done!
 
 
Finished!


Here is the new HJ file:

Logfile of HijackThis v1.99.1
Scan saved at 1:36:27 PM, on 8/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\CSSRD2.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\WEB OFFER\WO.EXE
C:\WINDOWS\SYSTEM\INICCU32.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\WINDOWS\SYSTEM\CSSRD2.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\WINDOWS\JAPNQB.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SDWin32 Class - {87DD96A0-0389-11DA-AB8F-0010DC3CBE2C} - C:\WINDOWS\SYSTEM\KDCUN.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\rnhalp.exe reg_run
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
O4 - HKLM\..\Run: [exp] C:\WINDOWS\SYSTEM\exp
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [kdcunc] C:\WINDOWS\SYSTEM\kdcunc.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\japnqb.exe reg_run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [CSSRD2] C:\WINDOWS\SYSTEM\CSSRD2.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Opao] C:\Program Files\puhs\loes.exe
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [Spam Shredder] "C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE" -tray
O4 - HKCU\..\Run: [Ypr7RWepR] INICCU32.EXE
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\TEMP\STUBINSTALLER6480.EXE"
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [CSSRD2] C:\WINDOWS\SYSTEM\CSSRD2.exe
O4 - HKCU\..\RunServices: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\RunServices: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\RunServices: [Opao] C:\Program Files\puhs\loes.exe
O4 - HKCU\..\RunServices: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\RunServices: [Spam Shredder] "C:\PROGRAM FILES\WEBROOT\SHREDDER\SPSHREDDER.EXE" -tray
O4 - HKCU\..\RunServices: [Ypr7RWepR] INICCU32.EXE
O4 - HKCU\..\RunServices: [180ClientStubInstall] "C:\TEMP\STUBINSTALLER6480.EXE"
O4 - HKCU\..\RunOnce: [CSSRD2] C:\WINDOWS\SYSTEM\CSSRD2.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O4 - User Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - User Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - User Startup: Microsoft Office.lnk = C:\WINDOWS\Profiles\DON\Application Data\Microsoft\Installer\{90190409-6000-11D3-8CFE-0050048383C9}\misc.exe
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...tall_popup.pl?2
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.255.102/activex/AxisCamControl.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409


There may be a few more things listed in the HJ log file.  I realized I had the selective start-up checked to try to make the pop-ups go away.  I thought you might need to have everything load to get everything off the system so I changed it back to full start-up.

Look forward to the next step in the process.

-Leigh

7
Tech Clinic / Getting Overrun with Pop-ups
« on: August 12, 2005, 03:42:48 PM »
Hi,

Here are the two scans you requested:

HijackThis

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager (Remove Only)
AnyTime Deluxe Edition
Corel Remove Program
Display Utility
E2give Plug-in
HijackThis 1.99.1
HP LaserJet 1200 Uninstaller
Internet Explorer Q834707
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 4.0
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 97, Professional Edition
Microsoft Outlook Express 6
Microsoft Publisher 2002
Microsoft VGX Q833989
Microsoft Web Publishing Wizard 1.6
Multimedia keyboard driver uninstall
NetMeeting 3.01
Norton Internet Security Professional
OIN
Outlook Express Q837009
Paradox 7
Spybot - Search & Destroy 1.4
System Files Update
The Food Processor
VIA Tech KLE/PLE Display Driver and Utilities
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows Media Player 7.1
WinZip


Jotti's Online Malware Scan

Service load:  0%        100%  
 
File:  cssrd2.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  9a20560922f0a94d44807b5356dc877a  
Packers detected:  UPX
Scanner results  
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found BackDoor.Generic.923  
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found Trojan-Spy.Win32.VB.eh  
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found Trojan-Spy.Win32.VB.eh  


I was trying to figure out what that file was too.  When you go to properties of that file, the company is Ptech, internal and original file name is skytown.exe.  I don't know if that helps you or not.  

-Leigh

8
Tech Clinic / Getting Overrun with Pop-ups
« on: August 11, 2005, 11:54:45 PM »
Hi,

I have run and re-run ad-aware and spy-bot repeatedly on this machine and the adware/spyware keeps appearing.  It's effecting productivity and makes this computer almost unusable.  I could really use some help fixing this.

Thank you in advance.

Here is a current HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:53:09 PM, on 8/11/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\NISUM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\SYMPXSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY PROFESSIONAL\IAMAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\CSSRD2.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\WEB OFFER\WO.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\WINDOWS\SYSTEM\CSSRD2.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.langloisfoods.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SDWin32 Class - {87DD96A0-0389-11DA-AB8F-0010DC3CBE2C} - C:\WINDOWS\SYSTEM\KDCUN.DLL
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [CSSRD2] C:\WINDOWS\SYSTEM\CSSRD2.exe
O4 - HKCU\..\Run: [Opao] C:\Program Files\puhs\loes.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\RunOnce: [CSSRD2] C:\WINDOWS\SYSTEM\CSSRD2.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - User Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - User Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...tall_popup.pl?2
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://24.234.255.102/activex/AxisCamControl.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

Thanks for any help you can give me,

Leigh

Pages: [1]