Thread: Adware...it's gotta be here somewhere...
View Single Post
Old 08-21-2005, 09:39 PM   #7 (permalink)
Alex159
I helped the forums.
 
Join Date: Aug 2005
Posts: 11
OS: Win98


Alright so I think I did everything just as you said. The only problem I ran into was when I tried to run TrackQoo1.vbs It gives me this error message:

File name or class name not found during Automation operation: 'GetObject'

After browsing around on the internet for 5-10 minutes I didn't have any signs of the pop ups that I was having before, which is definitely an improvement. Here's the logs you asked for.

Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 10:29:08 PM, on 8/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...LC=0409&c=1c00
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server*;
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/r...c=1c00&lc=0409 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .m4a: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab

--------------------------------------------------------------------------


Panda Active Scan



Incident Status Location

Adware:adware/mediatickets No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaGatewayX.dll
Adware:adware/enhsrch No disinfected C:\WINDOWS\dinst.exe
Adware:adware/apropos No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInst.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\n9058rq5.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Start Menu\Programs\Disabled Startup Items\utrt.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\gvwvv.dat
Adware:Adware/QoolShown No disinfected C:\WINDOWS\fgfggsk.dll
Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\setup_silent_26223.exe
Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\xodooar.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/EnhSrch No disinfected C:\WINDOWS\dinst.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\xdsddp.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\MTE2NzY6ODoxNg.exe
Adware:Adware/eZula No disinfected C:\Program Files\WAV to MP3 Encoder\mm332.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7395.TMP\ProxyStub.dll
Adware:Adware/nCase No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73B5.TMP
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8002.TMP
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20050819175611.zip[RemoveDisplayUtility.exe]
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CAGMGR32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CAMCAT.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CML3d.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CPASPI.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\demasf.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DJRAW16.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DPCPCSVC.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DRRAW.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DWGSIG.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\FANTEXT.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\FCAMEBUF.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\GSOUPPOL.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\Imv16.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\JMVAEE.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\KZRNEL32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\lskrn13n.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mjltus40.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MPCMS.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MRVIDC32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MTRECR40.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MUSHRUI.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mvtext40.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mvwmdm.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mxpmsp.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\RFAPH.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\RKCLTC1.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\RLGWIZC.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\SGDOC401.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\sRge.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\SYDOC401.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\WG2_32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\WZTSECUR.DLL

Incident Status Location

Adware:adware/mediatickets No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaGatewayX.dll
Adware:adware/enhsrch No disinfected C:\WINDOWS\dinst.exe
Adware:adware/apropos No disinfected Windows Registry
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UpdInst.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM\n9058rq5.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Start Menu\Programs\Disabled Startup Items\utrt.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING32.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\gvwvv.dat
Adware:Adware/QoolShown No disinfected C:\WINDOWS\fgfggsk.dll
Adware:Adware/MyDailyHoroscopeNo disinfected C:\WINDOWS\setup_silent_26223.exe
Adware:Adware/Midaddle No disinfected C:\WINDOWS\ru.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\xodooar.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Adware:Adware/EnhSrch No disinfected C:\WINDOWS\dinst.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\xdsddp.exe
Adware:Adware/ISearch No disinfected C:\Program Files\Common Files\SYSTEM\Mapi\1033\95\MTE2NzY6ODoxNg.exe
Adware:Adware/eZula No disinfected C:\Program Files\WAV to MP3 Encoder\mm332.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7395.TMP\ProxyStub.dll
Adware:Adware/nCase No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73B5.TMP
Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8002.TMP
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20050819175611.zip[RemoveDisplayUtility.exe]
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CAGMGR32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CAMCAT.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CML3d.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\CPASPI.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\demasf.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DJRAW16.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DPCPCSVC.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DRRAW.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\DWGSIG.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\FANTEXT.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\FCAMEBUF.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\GSOUPPOL.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\Imv16.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\JMVAEE.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\KZRNEL32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\lskrn13n.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mjltus40.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MPCMS.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MRVIDC32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MTRECR40.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\MUSHRUI.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mvtext40.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mvwmdm.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\mxpmsp.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\RFAPH.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\RKCLTC1.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\RLGWIZC.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\SGDOC401.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\sRge.dll
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\SYDOC401.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\WG2_32.DLL
Adware:Adware/Look2Me No disinfected C:\l2m9xfix\backups\WZTSECUR.DLL
--------------------------------------------------------------------------


Log of L2M9XFix v1

************

Running from directory:
C:\l2m9xfix

************

Files found:

C:\WINDOWS\system\CAGMGR32.DLL
C:\WINDOWS\system\CAGMGR32.DLL
C:\WINDOWS\system\CAGMGR32.DLL
C:\WINDOWS\system\CAGMGR32.DLL
C:\WINDOWS\system\CAMCAT.DLL
C:\WINDOWS\system\CAMCAT.DLL
C:\WINDOWS\system\CAMCAT.DLL
C:\WINDOWS\system\CAMCAT.DLL
C:\WINDOWS\system\CML3d.DLL
C:\WINDOWS\system\CML3d.DLL
C:\WINDOWS\system\CML3d.DLL
C:\WINDOWS\system\CML3d.DLL
C:\WINDOWS\system\CPASPI.DLL
C:\WINDOWS\system\CPASPI.DLL
C:\WINDOWS\system\CPASPI.DLL
C:\WINDOWS\system\CPASPI.DLL
C:\WINDOWS\system\demasf.dll
C:\WINDOWS\system\demasf.dll
C:\WINDOWS\system\demasf.dll
C:\WINDOWS\system\demasf.dll
C:\WINDOWS\system\DJRAW16.DLL
C:\WINDOWS\system\DJRAW16.DLL
C:\WINDOWS\system\DJRAW16.DLL
C:\WINDOWS\system\DJRAW16.DLL
C:\WINDOWS\system\DPCPCSVC.DLL
C:\WINDOWS\system\DPCPCSVC.DLL
C:\WINDOWS\system\DPCPCSVC.DLL
C:\WINDOWS\system\DPCPCSVC.DLL
C:\WINDOWS\system\DRRAW.DLL
C:\WINDOWS\system\DRRAW.DLL
C:\WINDOWS\system\DRRAW.DLL
C:\WINDOWS\system\DRRAW.DLL
C:\WINDOWS\system\DWGSIG.DLL
C:\WINDOWS\system\DWGSIG.DLL
C:\WINDOWS\system\DWGSIG.DLL
C:\WINDOWS\system\DWGSIG.DLL
C:\WINDOWS\system\FANTEXT.DLL
C:\WINDOWS\system\FANTEXT.DLL
C:\WINDOWS\system\FANTEXT.DLL
C:\WINDOWS\system\FANTEXT.DLL
C:\WINDOWS\system\FCAMEBUF.DLL
C:\WINDOWS\system\FCAMEBUF.DLL
C:\WINDOWS\system\FCAMEBUF.DLL
C:\WINDOWS\system\FCAMEBUF.DLL
C:\WINDOWS\system\GSOUPPOL.DLL
C:\WINDOWS\system\GSOUPPOL.DLL
C:\WINDOWS\system\GSOUPPOL.DLL
C:\WINDOWS\system\GSOUPPOL.DLL
C:\WINDOWS\system\Imv16.dll
C:\WINDOWS\system\Imv16.dll
C:\WINDOWS\system\Imv16.dll
C:\WINDOWS\system\Imv16.dll
C:\WINDOWS\system\JMVAEE.DLL
C:\WINDOWS\system\JMVAEE.DLL
C:\WINDOWS\system\JMVAEE.DLL
C:\WINDOWS\system\JMVAEE.DLL
C:\WINDOWS\system\KZRNEL32.DLL
C:\WINDOWS\system\KZRNEL32.DLL
C:\WINDOWS\system\KZRNEL32.DLL
C:\WINDOWS\system\KZRNEL32.DLL
C:\WINDOWS\system\lskrn13n.dll
C:\WINDOWS\system\lskrn13n.dll
C:\WINDOWS\system\lskrn13n.dll
C:\WINDOWS\system\lskrn13n.dll
C:\WINDOWS\system\mjltus40.dll
C:\WINDOWS\system\mjltus40.dll
C:\WINDOWS\system\mjltus40.dll
C:\WINDOWS\system\mjltus40.dll
C:\WINDOWS\system\MPCMS.DLL
C:\WINDOWS\system\MPCMS.DLL
C:\WINDOWS\system\MPCMS.DLL
C:\WINDOWS\system\MPCMS.DLL
C:\WINDOWS\system\MRVIDC32.DLL
C:\WINDOWS\system\MRVIDC32.DLL
C:\WINDOWS\system\MRVIDC32.DLL
C:\WINDOWS\system\MRVIDC32.DLL
C:\WINDOWS\system\MTRECR40.DLL
C:\WINDOWS\system\MTRECR40.DLL
C:\WINDOWS\system\MTRECR40.DLL
C:\WINDOWS\system\MTRECR40.DLL
C:\WINDOWS\system\MUSHRUI.DLL
C:\WINDOWS\system\MUSHRUI.DLL
C:\WINDOWS\system\MUSHRUI.DLL
C:\WINDOWS\system\MUSHRUI.DLL
C:\WINDOWS\system\mvtext40.dll
C:\WINDOWS\system\mvtext40.dll
C:\WINDOWS\system\mvtext40.dll
C:\WINDOWS\system\mvtext40.dll
C:\WINDOWS\system\mvwmdm.dll
C:\WINDOWS\system\mvwmdm.dll
C:\WINDOWS\system\mvwmdm.dll
C:\WINDOWS\system\mvwmdm.dll
C:\WINDOWS\system\mxpmsp.dll
C:\WINDOWS\system\mxpmsp.dll
C:\WINDOWS\system\mxpmsp.dll
C:\WINDOWS\system\mxpmsp.dll
C:\WINDOWS\system\RFAPH.DLL
C:\WINDOWS\system\RFAPH.DLL
C:\WINDOWS\system\RFAPH.DLL
C:\WINDOWS\system\RFAPH.DLL
C:\WINDOWS\system\RKCLTC1.DLL
C:\WINDOWS\system\RKCLTC1.DLL
C:\WINDOWS\system\RKCLTC1.DLL
C:\WINDOWS\system\RKCLTC1.DLL
C:\WINDOWS\system\RLGWIZC.DLL
C:\WINDOWS\system\RLGWIZC.DLL
C:\WINDOWS\system\RLGWIZC.DLL
C:\WINDOWS\system\RLGWIZC.DLL
C:\WINDOWS\system\SGDOC401.DLL
C:\WINDOWS\system\SGDOC401.DLL
C:\WINDOWS\system\SGDOC401.DLL
C:\WINDOWS\system\SGDOC401.DLL
C:\WINDOWS\system\sRge.dll
C:\WINDOWS\system\sRge.dll
C:\WINDOWS\system\sRge.dll
C:\WINDOWS\system\sRge.dll
C:\WINDOWS\system\SYDOC401.DLL
C:\WINDOWS\system\SYDOC401.DLL
C:\WINDOWS\system\SYDOC401.DLL
C:\WINDOWS\system\SYDOC401.DLL
C:\WINDOWS\system\WG2_32.DLL
C:\WINDOWS\system\WG2_32.DLL
C:\WINDOWS\system\WG2_32.DLL
C:\WINDOWS\system\WG2_32.DLL
C:\WINDOWS\system\WZTSECUR.DLL
C:\WINDOWS\system\WZTSECUR.DLL
C:\WINDOWS\system\WZTSECUR.DLL
C:\WINDOWS\system\WZTSECUR.DLL

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{988A8960-0FEE-11DA-A1F4-0001029209D1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\SRGE.DLL"
[HKEY_CLASSES_ROOT\CLSID\{988A8960-0FEE-11DA-A1F4-0001029209D1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\SRGE.DLL"
[HKEY_CLASSES_ROOT\CLSID\{988A8960-0FEE-11DA-A1F4-0001029209D1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\SRGE.DLL"
[HKEY_CLASSES_ROOT\CLSID\{988A8960-0FEE-11DA-A1F4-0001029209D1}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\SRGE.DLL"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F9F62AC0-CDF5-94B7-3FCB-1CCBB2EA42E0}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!


--------------------------------------------------------------------------

WinPFind
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
SAHAgent 8/21/05 3:37:10 PM 7696416 c:\windows\SYSTEM.DAT
winsync 8/21/05 3:37:10 PM 7696416 c:\windows\SYSTEM.DAT
69.59.186.63 8/18/05 11:07:12 PM 46080 c:\windows\fgfggsk.dll
209.66.67.134 8/18/05 11:07:12 PM 46080 c:\windows\fgfggsk.dll
web-nex 8/18/05 11:07:12 PM 46080 c:\windows\fgfggsk.dll
winsync 8/18/05 11:07:12 PM 46080 c:\windows\fgfggsk.dll
UPX! 10/20/04 10:53:10 PM 83178 c:\windows\setup_silent_26223.exe

Items found in c:\windows\hosts

UPX! 7/25/05 4:41:52 PM 113048 c:\windows\invitessk.exe
UPX! 8/18/05 2:28:32 PM 82432 c:\windows\ru.exe
PECompact2 8/18/05 2:24:00 PM 15636721 c:\windows\VPTNFILE.791
qoologic 8/18/05 2:24:00 PM 15636721 c:\windows\VPTNFILE.791
SAHAgent 8/18/05 2:24:00 PM 15636721 c:\windows\VPTNFILE.791
UPX! 5/3/05 11:44:44 AM 25157 c:\windows\RMAgentOutput.dll
69.59.186.63 8/18/05 11:07:14 PM 10240 c:\windows\rbebb.dll
209.66.67.134 8/18/05 11:07:14 PM 10240 c:\windows\rbebb.dll
web-nex 8/18/05 11:07:14 PM 10240 c:\windows\rbebb.dll
winsync 8/18/05 11:07:14 PM 10240 c:\windows\rbebb.dll
UPX! 1/10/05 4:17:24 PM 170053 c:\windows\tsc.exe
PECompact2 8/18/05 2:24:00 PM 15636721 c:\windows\lpt$vpn.791
qoologic 8/18/05 2:24:00 PM 15636721 c:\windows\lpt$vpn.791
SAHAgent 8/18/05 2:24:00 PM 15636721 c:\windows\lpt$vpn.791
UPX! 2/18/05 6:40:14 PM 1044560 c:\windows\vsapi32.dll
aspack 2/18/05 6:40:14 PM 1044560 c:\windows\vsapi32.dll

Checking %System% folder...
Umonitor 8/18/05 1:47:22 PM 405504 c:\windows\SYSTEM\DRRAW.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\DJRAW16.DLL
Umonitor 8/18/05 1:47:22 PM 405504 c:\windows\SYSTEM\DWGSIG.DLL
PEC2 2/14/97 11:24:14 PM 197171 c:\windows\SYSTEM\Dwapilib.tlb
SAHAgent 7/30/05 11:10:42 AM 3503 c:\windows\SYSTEM\n9058rq5.ini
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\WG2_32.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\RKCLTC1.DLL
SAHAgent 7/30/05 10:28:34 AM 35 c:\windows\SYSTEM\msfmg5cg.ini
SAHAgent 6/14/05 8:34:14 AM 203264 c:\windows\SYSTEM\n9058rq5.exe
Umonitor 8/18/05 1:47:22 PM 405504 c:\windows\SYSTEM\MRVIDC32.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\GSOUPPOL.DLL
SAHAgent 7/30/05 10:28:34 AM 35 c:\windows\SYSTEM\84noplkf.ini
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\Imv16.dll
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\lskrn13n.dll
UPX! 2/23/03 5:59:38 PM 77312 c:\windows\SYSTEM\kegbtdvr.exe
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\SYDOC401.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\RLGWIZC.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\CPASPI.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mvtext40.dll
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mvwmdm.dll
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\RFAPH.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\FCAMEBUF.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\SGDOC401.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\FANTEXT.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\DPCPCSVC.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\CAGMGR32.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mjltus40.dll
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\MTRECR40.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\MUSHRUI.DLL
UPX! 8/18/05 5:05:30 PM 68096 c:\windows\SYSTEM\qttexl.exe
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\MPCMS.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mxpmsp.dll
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\JMVAEE.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\KZRNEL32.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\demasf.dll
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\WZTSECUR.DLL
Umonitor 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\CML3d.DLL

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
H 8/21/05 3:42:14 PM 7696416 c:\windows\SYSTEM.DAT
H 8/21/05 3:39:36 PM 1204256 c:\windows\USER.DAT
H 8/20/05 11:40:26 AM 54156 c:\windows\QTFont.qfn
H 8/20/05 11:46:02 PM 14329 c:\windows\ttfCache
SH 8/18/05 2:28:32 PM 82432 c:\windows\ru.exe
H 8/20/05 11:45:58 PM 915901 c:\windows\ShellIconCache
S 8/18/05 1:47:22 PM 405504 c:\windows\SYSTEM\DRRAW.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\DJRAW16.DLL
H 7/16/05 8:10:02 PM 8628 c:\windows\SYSTEM\HPF72t06.GID
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\WG2_32.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\RKCLTC1.DLL
S 8/18/05 1:47:22 PM 405504 c:\windows\SYSTEM\MRVIDC32.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\GSOUPPOL.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\sRge.dll
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\lskrn13n.dll
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\SYDOC401.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\RLGWIZC.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\CPASPI.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mvtext40.dll
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mvwmdm.dll
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\RFAPH.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\FCAMEBUF.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\SGDOC401.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\CAMCAT.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\FANTEXT.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\DPCPCSVC.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\CAGMGR32.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mjltus40.dll
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\MTRECR40.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\MUSHRUI.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\MPCMS.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\mxpmsp.dll
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\JMVAEE.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\KZRNEL32.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\demasf.dll
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\WZTSECUR.DLL
S 8/18/05 1:50:18 PM 405504 c:\windows\SYSTEM\CML3d.DLL
SH 8/21/05 3:36:44 PM 1309 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
H 8/20/05 11:32:40 AM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata00.sqm
H 7/4/05 12:26:02 PM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata01.sqm
H 7/4/05 11:14:00 PM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata02.sqm
H 7/4/05 11:14:02 PM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata03.sqm
H 7/4/05 11:14:16 PM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata04.sqm
H 7/4/05 11:14:36 PM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata05.sqm
H 7/4/05 11:14:42 PM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata06.sqm
H 7/4/05 11:14:52 PM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata07.sqm
H 7/5/05 10:50:10 AM 460 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata08.sqm
H 7/5/05 10:54:02 AM 1096 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata09.sqm
H 7/5/05 10:54:04 AM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata10.sqm
H 7/6/05 1:19:26 PM 472 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata11.sqm
H 7/6/05 1:19:32 PM 424 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata12.sqm
H 7/6/05 1:19:40 PM 412 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata13.sqm
H 7/6/05 1:22:38 PM 340 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata14.sqm
H 7/6/05 1:23:56 PM 1132 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata15.sqm
H 7/6/05 1:23:56 PM 340 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata16.sqm
H 7/7/05 10:28:32 AM 1168 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata17.sqm
H 7/7/05 10:28:32 AM 352 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata18.sqm
H 7/7/05 3:32:22 PM 1120 c:\windows\Application Data\Microsoft\MSN Messenger\2407475068\sqmdata19.sqm
SH 7/25/05 10:27:22 AM 135680 c:\windows\All Users\DRM\drmv2.lic
SH 8/18/05 12:39:32 PM 36352 c:\windows\All Users\DRM\drmv2.sst
SH 7/25/05 10:27:22 AM 16384 c:\windows\All Users\DRM\drmv2.licIndex
H 8/21/05 3:36:34 PM 6 c:\windows\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 60928 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 c:\windows\SYSTEM\POWERCFG.CPL
Microsoft Corporation 10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL
1/27/00 1:18:10 PM 65536 c:\windows\SYSTEM\CPQDIAG.CPL
Microsoft Corporation 2/2/05 7:31:24 PM 41232 c:\windows\SYSTEM\odbccp32.cpl
Microsoft Corporation 2/10/99 3:48:48 AM 40960 c:\windows\SYSTEM\FINDFAST.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
4/23/99 10:22:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 c:\windows\SYSTEM\TIMEDATE.CPL
Compaq Computer Corporation 10/25/99 7:27:44 PM 110592 c:\windows\SYSTEM\UICONFIG.cpl
Compaq Computer Corporation 8/23/99 9:45:08 AM 159744 c:\windows\SYSTEM\OSDCPL.cpl
10/14/99 5:27:06 PM 110592 c:\windows\SYSTEM\cch.cpl
PCtel, Inc. 11/29/99 2:49:10 PM 53760 c:\windows\SYSTEM\PTCTRL.CPL
Apple Computer, Inc. 12/14/03 9:20:50 AM 323072 c:\windows\SYSTEM\QuickTime.cpl
Sun Microsystems, Inc. 12/6/04 9:31:48 PM 49265 c:\windows\SYSTEM\jpicpl32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
8/20/05 6:07:48 PM 8161 C:\WINDOWS\Application Data\dw.log
2/21/05 9:00:18 PM 32440 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06FE5D05-8F11-11d2-804F-00105A133818}
ButtonText = Translate :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06FE5D02-8F11-11d2-804F-00105A133818}
MenuText = &Find Pages Linking to this URL :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06FE5D03-8F11-11d2-804F-00105A133818}
MenuText = Find Other Pages on this &Host :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRAM FILES\AIM\AIM.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SystemTray SysTray.Exe
PTSNOOP ptsnoop.exe
Service Connection c:\cpqs\bwtools\sccenter.exe
TaskMonitor c:\windows\taskmon.exe
LoadQM loadqm.exe
EM_EXEC C:\MOUSE\SYSTEM\EM_EXEC.EXE
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
AVG7_CC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
AVG7_EMC C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
AVG7_AMSVR C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
CountrySelection pctptt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
SchedulingAgent mstask.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/21/05 3:44:09 PM
Alex159 is offline