• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
momofmiracleson

Please HELP!!! ive tried everything

15 posts in this topic

I have tried everything and i am at wits end. I about 1 1/2 weeks ago did a virus scan and it showed i had trojan.startpage. I did the manual removal with no sucess because i dont know how to fix registery keys and host keys, so i did the auto that norton offers. Then the problems persisted. I then when on MIRC to a site i normally go to begging for help, i was giving the cwsshredder, that worked for all of 24 hours, i also did scan at trendmirco.com and it found a virus like the startpage one, it let me delete it .. and then today homepage messed up again.

it adds porn sites to my favs list, changes my home page, makes some of my programs stop responding, i get blue screened and black out, i have problems getting sites to load on the net, i have had problems loading my msn messenger and get booted out of aol aim. I have also run adware and spybot search and destroy, and always the dso exploit and possible hijack extension come up, they are registery keys, coolwwwsearch comes up avenue a comes up some other sites come up as well. I just dont know what to do anymore to get rid of this thing that has ahold of my computer. I am running win me ( of all programs ) IE 6x i have dial up, and not sure what other info you will need. I can get info needed if i am told what and where and how to get it.

I would soooooo apprecaite anyone that could help me get rid of this menace.

thanks

Momofmiracleson

Share this post


Link to post
Share on other sites

Here is the log file from the hijack scan

 

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:33:10 PM, on 5/26/2004

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\WINOA386.MOD

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\ICAPTURE.DLL

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\MSAW\MSSEARCH.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\WINDOWS\IECJ\IECJ.DLL

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\IECJ\ADVCI32.DLL

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\SDKQH32.DLL,Install

O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\SDKQH32.DLL,Install

O4 - HKLM\..\RunOnce: [delsubmit] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\submit.exe"

O4 - HKCU\..\RunOnce: [updater] rundll32 C:\WINDOWS\IECJ\IECJ.dll,UpdateDll s

O9 - Extra button: AIM (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

O16 - DPF: Sweet Tooth TM by pogo - http://temp80fe.pogo.com/applet/sweettooth...h-ob-assets.cab

O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.2.19/gin/gin-ob-assets.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.1.28/bac...n-ob-assets.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.2.19/w...s-ob-assets.cab

O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet/poppit/poppit-ob-assets.cab

O16 - DPF: Turbo 21 TM by pogo - http://turbo21.pogo.com/applet/turbo21/turbo21-ob-assets.cab

O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab

O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.2.19/ho...m-ob-assets.cab

O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo.com/applet-5.8.1.28/sl...z-ob-assets.cab

O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.com/applet-5.8.1.28/pool...l-ob-assets.cab

O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.8.2.19/jum...e-ob-assets.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.2.19/m...g-ob-assets.cab

O16 - DPF: Dominoes by pogo - http://domino13.pogo.com/applet-5.8.2.19/d...o-ob-assets.cab

O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-5.8.2...g-ob-assets.cab

O16 - DPF: Top Down Baseball Challenge by pogo - http://topdown2.pogo.com/applet-5.8.2.19/t...2-ob-assets.cab

O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.8.2.19/word...p-ob-assets.cab

O16 - DPF: Checkers by pogo - http://checkers.pogo.com/applet-5.8.2.19/c...s-ob-assets.cab

O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.2.19/cribb...e-ob-assets.cab

O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.8.2.19/vid...k-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.3.20/fl...r-ob-assets.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: Pirate's Gold by pogo - http://swashbucks11.pogo.com/applet-5.8.3....d-ob-assets.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.3.20...o-ob-assets.cab

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.8.3.26/euc...e-ob-assets.cab

Share this post


Link to post
Share on other sites

Ran the registrar lite and this is what it said for appinit_dlls value

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

value name default

type reg_sz

type number 00000001

size 1

and nothing in bottom value box

Share this post


Link to post
Share on other sites

shoot just realized that was for NT, I used to have NT on this computer and its still picking up some of the old files even after reformatting when ME and NT conflicted with each other. The info for ME was same only there was also a current version tab, help, html help and ITStorage, as well as default setting. At this pt i think ive gone as far as i can go from reading other posts, please help

Thanks

Share this post


Link to post
Share on other sites

i need to know what those two things are, and if they need to be fixed

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

Possible extension hijack: Default registry file handler (Registry change, nothing done)

HKEY_CLASSES_ROOT\regfile\shell\open\command\!=regedit.exe "%1"

 

Search-Explorer: Interface (IPugiObj) (Registry key, nothing done)

HKEY_LOCAL_MACHINE\Software\Classes\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}

 

 

--- Spybot - Search && Destroy version: 1.3 ---

2004-05-12 Includes\Cookies.sbi

2004-05-12 Includes\Dialer.sbi

2004-05-12 Includes\Hijackers.sbi

2004-05-12 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-05-12 Includes\Malware.sbi

2004-05-12 Includes\Revision.sbi

2004-05-12 Includes\Security.sbi

2004-05-12 Includes\Spybots.sbi

2004-05-12 Includes\Tracks.uti

2004-05-12 Includes\Trojans.sbi

Edited by momofmiracleson

Share this post


Link to post
Share on other sites

Done that already, a friend gave it to me since he was having the same problems.

worked for all of 24 hours :( not happy about it

thanks for the suggestion though

Momofmiracleson

Share this post


Link to post
Share on other sites

sorry just reg faqs and realized i gave info not needed :( was just so happy i might get some help and wanted to give everything and anything to get things done quickly in one shot, so trying to modify my posts

Edited by momofmiracleson

Share this post


Link to post
Share on other sites

StartupList report, 5/26/2004, 9:47:06 PM

StartupList version: 1.52

Started from : C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

Detected: Windows ME (Win9x 4.90.3000)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPSYSDRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\MY DOCUMENTS\MY RECEIVED FILES\HIJACKTHIS.EXE

C:\PROGRAM FILES\REGISTRAR LITE\RL.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\WINDOWS\Start Menu\Programs\StartUp]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

SystemTray = SysTray.Exe

hpsysdrv = c:\windows\system\hpsysdrv.exe

NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe

TaskMonitor = C:\WINDOWS\taskmon.exe

DJRegFix = regedit /s c:\hp\djregfix.reg

Image = rundll32 C:\WINDOWS\SDKQH32.DLL,Install

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

delsubmit = rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\submit.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

NPROTECT = C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe

SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

Updater = rundll32 C:\WINDOWS\IECJ\IECJ.dll,UpdateDll s

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

Image = rundll32 C:\WINDOWS\SDKQH32.DLL,Install

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[setupcPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

 

[AppletsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

 

[PerUser_CVT_Inis]

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

 

[FontsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

 

[PerUser_HNW_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

 

[PerUser_ICW_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[PerUser_moviemaker] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

 

[>PerUser_MSN_Clean] *

StubPath = C:\WINDOWS\msnmgsr1.exe

 

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

 

[PerUser_Msinfo] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

 

[PerUser_Msinfo2] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

 

[MotownMmsysPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

 

[MotownAvivideoPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

 

[PerUser_Base] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

 

[samplerPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf

 

[shellPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

 

[shell2PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

 

[PerUser_winbase_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

 

[PerUser_winapps_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

 

[PerUser_LinkBar_URLs] *

StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

 

[TapiPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

 

[PerUser_MSWordPad_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

 

[PerUserOldLinks] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

 

[MmoptRegisterPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

 

[PerUser_CDPlayer_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

 

[OlsPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

 

[OlsMsnPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

 

[PerUser_PCHealth] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

 

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

[PerUser_Paint_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

 

[PerUser_Calc_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

 

[PerUser_dxxspace_Links] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

 

[PerUser_Enable_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

 

[PerUser_Wingames_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

 

[PerUser_ZoneGame_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

 

[PerUser_PBGame_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

 

[MotownRecPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

 

[PerUser_Vol] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

 

[MotownMPlayPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

 

[PerUser_RNA_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

 

[PerUser_Sysmon_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_Sysmeter_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_netwatch_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_CharMap_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_Onlinelnks_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_Dialer_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

 

[PerUser_ClipBrd_Inis] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

 

[MmoptMusicaPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

 

[MmoptJunglePerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

 

[MmoptRobotzPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

 

[MmoptUtopiaPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

 

[OlsAolPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

 

[OlsAttPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

 

[OlsProdigyPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

 

[OlsEarthlinkPerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf

 

[shell3PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

 

[Theme_MoreWindows_PerUser] *

StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf

 

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM\mscories.dll,Install

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=

run=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=Explorer.exe

SCRNSAVE.EXE=

drivers=mmsystem.dll power.drv

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.INI listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\WININIT.BAK listing:

(Created 26/5/2004, 9:35:36)

 

[Rename]

C:\WINDOWS\SYSTEM\MSI.DLL=C:\WINDOWS\SYSTEM\TBM3234.TMP

 

--------------------------------------------------

 

C:\AUTOEXEC.BAT listing:

 

SET windir=C:\WINDOWS

SET winbootdir=C:\WINDOWS

SET COMSPEC=C:\WINDOWS\COMMAND.COM

SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND

SET PROMPT=$p$g

SET TEMP=C:\WINDOWS\TEMP

SET TMP=C:\WINDOWS\TEMP

 

--------------------------------------------------

 

C:\CONFIG.SYS listing:

 

*File is empty*

 

--------------------------------------------------

 

C:\WINDOWS\WINSTART.BAT listing:

 

*File not found*

 

--------------------------------------------------

 

C:\WINDOWS\DOSSTART.BAT listing:

 

echo off

REM Notes:

REM DOSSTART.BAT is run whenenver you choose "Restart the computer

REM in MS-DOS mode" from the Shutdown menu in Windows. It allows

REM you to load programs that you might not want loaded in Windows,

REM (because they have functional equivalents) but that you do

REM want loaded under MS-DOS. The two primary candidates for

REM this are MSCDEX and a real mode driver for the mouse you ship

REM with your system. Commands that you want present in both Windows

REM and MS-DOS should be placed in the Autoexec.bat in the

REM \Image directory of your reference server. Please note that for

REM MSCDEX you will need to load the corresponding real-mode CD

REM driver in Config.sys. This driver won't be used by Windows 98

REM but will be available prior to and after Windows 98 exits.

REM

REM This file is also helpful if you want to F8 boot into MS-DOS 7.0

REM before Windows loads and access the CD-ROM. All you have to do

REM is press F8 and then run DOSSTART to load MSCDEX and your real

REM mode mouse driver (no need to remember the command line parameters

REM for these two files.

REM

REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.

REM - The string following the /D: statement must explicitly match

REM the string in CONFIG.SYS following your CD-ROM device driver.

REM MSCDEX.EXE /D:OEMCD001 /l:d

REM MOUSE.EXE

mscdex.exe /d:IDECD000 /L:M

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is NOT normal! ()

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check failed!

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\PROGRA~1\MACROE~1\ICAPTURE.DLL - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1}

NAV Helper - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

ShowSearch module - C:\WINDOWS\MSAW\MSSEARCH.DLL - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL - {53707962-6F74-2D53-2644-206D7942484F}

. - C:\WINDOWS\IECJ\IECJ.DLL - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B}

(no name) - C:\WINDOWS\IECJ\ADVCI32.DLL - {FD9BC004-8331-4457-B830-4759FF704C22}

(no name) - C:\PROGRAM FILES\SUBMIT\SUBMITHOOK.DLL - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Tune-up Application Start.job

Maintenance-Defragment programs.job

Maintenance-ScanDisk.job

Maintenance-Disk cleanup.job

Symantec NetDetect.job

Norton SystemWorks One Button Checkup.job

Norton AntiVirus - Scan my computer.job

PCHealth Scheduler for Data Collection.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[sweet Tooth TM by pogo]

CODEBASE = http://temp80fe.pogo.com/applet/sweettooth...h-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Sweet Tooth TM by pogo.osd

 

[Word Whomp Whackdown by pogo]

CODEBASE = http://whackdown2.pogo.com/applet/whackdow...n-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Word Whomp Whackdown by pogo.osd

 

[Jungle Gin by pogo]

CODEBASE = http://gin.pogo.com/applet-5.8.2.19/gin/gin-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Jungle Gin by pogo.osd

 

[Tri-Peaks by pogo]

CODEBASE = http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Tri-Peaks by pogo.osd

 

[backgammon by pogo]

CODEBASE = http://gammon.pogo.com/applet-5.8.1.28/bac...n-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Backgammon by pogo.osd

 

[World Class Solitaire by pogo]

CODEBASE = http://klondike.pogo.com/applet-5.8.2.19/w...s-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\World Class Solitaire by pogo.osd

 

[Poppit TM by pogo]

CODEBASE = http://poppit.pogo.com/applet/poppit/poppit-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Poppit TM by pogo.osd

 

[Turbo 21 TM by pogo]

CODEBASE = http://turbo21.pogo.com/applet/turbo21/turbo21-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Turbo 21 TM by pogo.osd

 

[squelchies by pogo]

CODEBASE = http://squelchies.pogo.com/applet/squelchi...s-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Squelchies by pogo.osd

 

[Texas Hold'em Poker by pogo]

CODEBASE = http://holdem2.pogo.com/applet-5.8.2.19/ho...m-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Texas Hold'em Poker by pogo.osd

 

[showbiz Slots by pogo]

CODEBASE = http://showbiz.pogo.com/applet-5.8.1.28/sl...z-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Showbiz Slots by pogo.osd

 

[High Stakes Pool by pogo]

CODEBASE = http://pool2.pogo.com/applet-5.8.1.28/pool...l-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\High Stakes Pool by pogo.osd

 

[Tumble Bees by pogo]

CODEBASE = http://jumbee.pogo.com/applet-5.8.2.19/jum...e-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Tumble Bees by pogo.osd

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://fpdownload.macromedia.com/pub/shock...ector/swdir.cab

 

[Mah Jong Garden by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://mahjong2.pogo.com/applet-5.8.2.19/m...g-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Mah Jong Garden by pogo.osd

 

[Dominoes by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://domino13.pogo.com/applet-5.8.2.19/d...o-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Dominoes by pogo.osd

 

[Dice Derby by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://checkeredflag.pogo.com/applet-5.8.2...g-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Dice Derby by pogo.osd

 

[Top Down Baseball Challenge by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://topdown2.pogo.com/applet-5.8.2.19/t...2-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Top Down Baseball Challenge by pogo.osd

 

[Word Whomp by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://whomp.pogo.com/applet-5.8.2.19/word...p-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Word Whomp by pogo.osd

 

[Checkers by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://checkers.pogo.com/applet-5.8.2.19/c...s-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Checkers by pogo.osd

 

[Cribbage by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://crib.pogo.com/applet-5.8.2.19/cribb...e-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Cribbage by pogo.osd

 

[buckaroo Blackjack TM by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://vbjack.pogo.com/applet-5.8.2.19/vid...k-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Buckaroo Blackjack TM by pogo.osd

 

[Phlinx by pogo]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://flinger.pogo.com/applet-5.8.3.20/fl...r-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[symantec RuFSI Utility Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[Pirate's Gold by pogo]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL

CODEBASE = http://swashbucks11.pogo.com/applet-5.8.3....d-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Pirate's Gold by pogo.osd

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX

CODEBASE = http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

 

[Fortune Bingo by pogo]

InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX

CODEBASE = http://superbingo.pogo.com/applet-5.8.3.20...o-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Fortune Bingo by pogo.osd

 

[HeartbeatCtl Class]

InProcServer32 = C:\WINDOWS\DOWNLO~1\HRTBEAT.OCX

CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

 

[Euchre by pogo]

InProcServer32 = C:\WINDOWS\DOWNLO~1\HRTBEAT.OCX

CODEBASE = http://euchre.pogo.com/applet-5.8.3.26/euc...e-ob-assets.cab

OSD = C:\WINDOWS\Downloaded Program Files\Euchre by pogo.osd

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll

Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll

Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll

Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll

Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

 

--------------------------------------------------

 

Enumerating Win9x VxD services:

 

VNETSUP: vnetsup.vxd

VPOWERD: *VPOWERD

NDIS: ndis.vxd

JAVASUP: JAVASUP.VXD

CONFIGMG: *CONFIGMG

NTKern: *NTKERN

VWIN32: *VWIN32

VFBACKUP: *VFBACKUP

VCOMM: *VCOMM

COMBUFF: *COMBUFF

IFSMGR: *IFSMGR

IOS: *IOS

MTRR: *MTRR

SPOOLER: *SPOOLER

UDF: *UDF

VFAT: *VFAT

VCACHE: *VCACHE

VCOND: *VCOND

VCDFSD: *VCDFSD

VXDLDR: *VXDLDR

VDEF: *VDEF

VPICD: *VPICD

VTD: *VTD

REBOOT: *REBOOT

VDMAD: *VDMAD

VSD: *VSD

V86MMGR: *V86MMGR

PAGESWAP: *PAGESWAP

DOSMGR: *DOSMGR

VMPOLL: *VMPOLL

SHELL: *SHELL

PARITY: *PARITY

BIOSXLAT: *BIOSXLAT

VMCPD: *VMCPD

VTDAPI: *VTDAPI

PERF: *PERF

VNETBIOS: vnetbios.vxd

VREDIR: vredir.vxd

DFS: dfs.vxd

SYMTDI: SYMTDI.VXD

 

start up list. I keep reading other posts, and look for any other info you might need hopefully can get most if not all done in one shot :)

 

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL

AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

 

--------------------------------------------------

End of report, 30,495 bytes

Report generated in 5.515 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

well im heading off to bed for the night, no responses yet, but i will check back in the morning. Gl to all still trying to get rid of this pesky persistant pest.

Momofmiracleson

Share this post


Link to post
Share on other sites

I have spybot s&d and i run it alot, certain problems keep persisting, thats why i came here. I dont know much if anything about other programs, all i know is i want this pest to go away lol. I have run 2 different antivirus programs, both found trojans and i couldnt fix them but i could delete them. Adware and spybot s&d finds problems and temp fixes them. Shredder worked initally but the problem came back. I just want my homepage to be fixed and my other programs to work right.

Thanks for any help you can give me .. i really apprecaite it.

Momofmiracleson

Share this post


Link to post
Share on other sites

Ok im near tears with frustration, this problem is still persisting, ive called techs asked for help here and have no clue how to get rid of coolwwwsearch. I just spent the last 5 hours in safe mode, doing virus scan thats clean, doing spybot and it found coolwwwsearch there AGAIN!!! i ran shredder again, but spybot keeps finding it, adware is finding problems as well.. i ran everything in safe mode deleted fixed in safe mode.. BUT Its back. I also did full maintence on comp all norton utilities plus scan disk disk clean up and defrag, rebooted and all STILL there :( how do you make it go AWAY???? or can you?

Share this post


Link to post
Share on other sites

I'm getting the same problem.. But for some reason this file keeps coming up for me to download this file and its from the this IP 64.124.210.124. I also keep getting these adware/spyware remover pop-ups. and sometimes when I open IE it says something about sdkqh32.dll and the dll file is 0kb so I have no clue what it is.

 

I ran CWSredder and it didn't find anything but Spybot S&D removed it and I havent seen it since.

Share this post


Link to post
Share on other sites

Ok I don't know if this has anything to do with it but.. Go to C:\Program Files and remove pl.exe (if its there) and also go to your main download folder and look for file1.exe and/or setup.exe (it could also be setup1.exe) then run Spybot S&D and Adware...

 

I removed them and everything seems fine now and I haven't gotten any pop-ups or errors since.

 

EDIT:: I open'd pl.exe in the hex editor just for fun and it said xxxporn dialer in it.

Edited by Deadly

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0