Hjt Log

TheTerrorist_75

By TheTerrorist_75,
in Malware Removal

 Share Followers 0

Recommended Posts

TheTerrorist_75

TheTerrorist_75

Posted
Posted (edited)

I have manually removed BDE, Ares, Kaaza and some other old P2P programs plus a few items identified as malware using Google. AdAware found 306 items including remnants of BDE, Lop and CoolWeb. This POS isn't on the Internet yet. There's about 2000 bad registry entries to deal with I have been cleaning the rgistry by hand along with jv16. It had every version of AOL fromn 5.0 to 9.0 plus AIM from AIM95. I deleted a lot of music and game downloads. I am going to transfer Avast over to it shortly. AOL and CallWave need to go along with Real Player. Here's what my log looks like so far. :blink:

Logfile of HijackThis v1.99.1

Scan saved at 9:30:01 PM, on 3/26/06

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\SA3DSRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Essdc] essdc.exe

O4 - HKLM\..\Run: [Aureal A3D Interactive Audio Init] A3dInit.exe

O4 - HKLM\..\Run: [CPQSTUTFIX] C:\Windows\stutfix.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Aureal A3D Interactive Audio] sa3dsrv.exe

O4 - HKLM\..\RunOnce: [instMsi1] rundll32.exe C:\WINDOWS\SYSTEM\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Installer\InstMsi0"

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\WWQGV3EE\epl169[1].cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

Edited by TheTerrorist_75
Link to post
Share on other sites
Matt

Matt

Posted
Posted

Not too much left on here.

Scan with HJT and place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\WWQGV3EE\epl169[1].cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab

Then, make sure all broswer windows and other applications are running, and click the Fix Checked button.

If you are able to connect the PC to the internet, do the following:

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HJT log

Link to post
Share on other sites
TheTerrorist_75

TheTerrorist_75

Posted
  • Author
Posted (edited)

I can't get Panda Active Scan to run. I tried HouseCall but it needs Java and Java 1.05_6 doesn't like Win98 Gold. I downloaded and burned Avast to a CD and loaded it. I was able to connect through dial-up and update it. It has found 3 trojans so far and is still running. I also tried to hook up one of my 98SE drives but Compaq must need certain files on the HDD. It would not recognize the new hard drive with 98SE. I think there is a file I need to download and install to the hard drive. 98 Gold isn't going to cut it. I'm still finding downloaded garbage spread throughout C:.

I got rid of AOL through the registry and HJT. Real Player is gone. Most of the major malware is history. There were 8 dialers. I ran jv16 RegCleaner, CCleaner and am now running Registry Healer. There was over 3000 instances of crap in the registry. 15 hours in hades so far. After this scan I am installing Java 1_4_2_11 so I can use HouseCall then I will install SpyBot and see if there are any dregs.

I couldn't believe it when I saw the previous owners tax returns in a folder. How could anybody be that stupid to store private data on a PC that wasn't protected.

Edited by TheTerrorist_75
Link to post
Share on other sites
TheTerrorist_75

TheTerrorist_75

Posted
  • Author
Posted (edited)

I'll check for logs after Registry Healer finishes. Between that, CCleaner and RegClean there was over 3000 items to be addressed. I am still finding garbage throughout the folders/files. SpyBot found nothing. I also ran C.W.Shredder and it found nothing. I still can't get Panda or HouseCall scans to run. I found updates for 98 FE/Gold and will apply them once I get the registry straightened out. My eyes are bugging out using a 14" monitor that will onlly only operate at 60Hz. This PC isn't very fast. 350MHz Celeron with 128MB RAM. Tweak time.

Avast log.

3/27/06 7:31:07 AM Default 4294469309 Sign of "Win32:Small-LJ [Trj]" has been found in "c:\WINDOWS\SYSTEM32\sysinit32m.exe\[uPX]" file.

3/27/06 7:33:18 AM Default 4294469309 Sign of "Win32:Dialer-336 [Trj]" has been found in "c:\WINDOWS\internt.exe" file.

3/27/06 7:33:36 AM Default 4294469309 Sign of "Win32:Small-LJ [Trj]" has been found in "c:\WINDOWS\msxmidi.exe\[uPX]" file.

AdAware log.

ArchiveData(auto-quarantine- 2006-03-26 19-30-24.bckp)

Referencefile : SE1R47 24.05.2005

======================================================

MRU LIST

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[0]=MRU RegReference : .DEFAULT\software\microsoft\clipart gallery\2.0\mrudescription

obj[1]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name

obj[2]=MRU RegReference : software\microsoft\direct3d\mostrecentapplication name

obj[3]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name

obj[4]=MRU RegReference : .DEFAULT\software\microsoft\internet explorer download directory

obj[5]=MRU RegReference : .DEFAULT\software\microsoft\internet explorer\main save directory

obj[6]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\player\recenturllist

obj[7]=MRU RegReference : .DEFAULT\software\microsoft\mediaplayer\radio\mrulist

obj[8]=MRU RegReference : .DEFAULT\software\microsoft\outlook express\recent stationery list

obj[9]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list

obj[10]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list

obj[11]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru

obj[12]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\findcomputermru

obj[13]=MRU RegReference : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru

BRILLIANTDIGITAL

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[14]=Regkey : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}

obj[15]=Regkey : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}

obj[16]=Regkey : s3d_auto_file

obj[23]=Regkey : .DEFAULT\software\brilliant digital entertainment

obj[299]=Regkey : .s3d

COMETSYSTEMS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[17]=Regkey : clsid\{6f2d6a5e-e3e7-4f18-887c-c777650def57}

obj[18]=Regkey : clsid\{7f0f5da7-84cb-11d4-8137-00500487b1c5}

obj[19]=Regkey : clsid\{827a2ece-d76f-4bcc-82ed-d6a287c11211}

obj[20]=Regkey : clsid\{a335d52f-d489-472d-9eaa-d72a40aaf7ca}

obj[21]=Regkey : clsid\{c38fc998-3b1b-4f59-a710-5a6c9cf8bd92}

obj[38]=RegValue : .DEFAULT\software\microsoft\internet explorer\toolbar\Webbrowser "{fe6bc4ef-5676-484b-88ae-883323913256}"

LOP

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[22]=Regkey : protocols\handler\ayb

obj[300]=Regkey : software\microsoft\downloadmanager

obj[301]=RegValue : software\microsoft\internet explorer\toolbar\shellbrowser "{0E5CBF21-D15F-11D0-8301-00AA005B4383}"

ALEXA

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[24]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

obj[25]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar"

obj[26]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"

obj[27]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"

obj[28]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"

obj[29]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"

obj[30]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText"

obj[31]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

COOLWEBSEARCH

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[32]=RegValue : .DEFAULT\software\microsoft\internet explorer\main "HOMEOldSP"

obj[302]=RegValue : software\microsoft\internet explorer\main "Enable Browser Extensions"

obj[303]=RegValue : software\microsoft\internet explorer\main "Use Custom Search URL"

obj[304]=RegValue : software\microsoft\internet explorer\main "Search Bar"

obj[305]=File : C:\WINDOWS\wplog.txt

WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[33]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"

POSSIBLE BROWSER HIJACK ATTEMPT

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[34]=RegData : .DEFAULT\Software\Microsoft\Internet Explorer "SearchURL"

EGROUP DIALER

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[35]=Regkey : software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0

obj[36]=RegValue : software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0 "bhhphijojgfcdocagmhjgjbhmieinfap fkjonmkpfpdedpniogpgdebnflofpdcj"

obj[37]=RegValue : software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0 "ppcimdnnnjbeahepfabjipfginloedkg fhikaj"

TRACKING COOKIE

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

obj[39]=IECache Entry : C:\WINDOWS\Cookies\default@doubleclick(1).txt

obj[40]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[2].txt

obj[41]=IECache Entry : C:\WINDOWS\Cookies\default@flycast(1).txt

obj[42]=IECache Entry : C:\WINDOWS\Cookies\default@valueclick[1].txt

obj[43]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[44]=IECache Entry : C:\WINDOWS\Cookies\default@mediaplex[2].txt

obj[45]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[46]=IECache Entry : C:\WINDOWS\Cookies\default@realmedia[3].txt

obj[47]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[1].txt

obj[48]=IECache Entry : C:\WINDOWS\Cookies\default@targetnet[1].txt

obj[49]=IECache Entry : C:\WINDOWS\Cookies\default@linksynergy[2].txt

obj[50]=IECache Entry : C:\WINDOWS\Cookies\default@excite[2].txt

obj[51]=IECache Entry : C:\WINDOWS\Cookies\default@bfast[1].txt

obj[52]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[1].txt

obj[53]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[54]=IECache Entry : C:\WINDOWS\Cookies\default@gator[1].txt

obj[55]=IECache Entry : C:\WINDOWS\Cookies\default@x10[1].txt

obj[56]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[57]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[58]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[4].txt

obj[59]=IECache Entry : C:\WINDOWS\Cookies\default@flycast[1].txt

obj[60]=IECache Entry : C:\WINDOWS\Cookies\default@x10[3].txt

obj[61]=IECache Entry : C:\WINDOWS\Cookies\default@iwon[1].txt

obj[62]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[63]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[18].txt

obj[64]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[7].txt

obj[65]=IECache Entry : C:\WINDOWS\Cookies\default@bfast[2].txt

obj[66]=IECache Entry : C:\WINDOWS\Cookies\default@adbureau[1].txt

obj[67]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[68]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[3].txt

obj[69]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[4].txt

obj[70]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[71]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[3].txt

obj[72]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[73]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[74]=IECache Entry : C:\WINDOWS\Cookies\default@linksynergy[3].txt

obj[75]=IECache Entry : C:\WINDOWS\Cookies\default@valueclick[3].txt

obj[76]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[77]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[5].txt

obj[78]=IECache Entry : C:\WINDOWS\Cookies\default@casalemedia[2].txt

obj[79]=IECache Entry : C:\WINDOWS\Cookies\default@atdmt[2].txt

obj[80]=IECache Entry : C:\WINDOWS\Cookies\default@sextracker[6].txt

obj[81]=IECache Entry : C:\WINDOWS\Cookies\default@excite[3].txt

obj[82]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[14].txt

obj[83]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[1].txt

obj[84]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[85]=IECache Entry : C:\WINDOWS\Cookies\default@hypercount[1].txt

obj[86]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[87]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[88]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[9].txt

obj[89]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[6].txt

obj[90]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[91]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[92]=IECache Entry : C:\WINDOWS\Cookies\default@mediaplex[1].txt

obj[93]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[1].txt

obj[94]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[95]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[11].txt

obj[96]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[8].txt

obj[97]=IECache Entry : C:\WINDOWS\Cookies\default@mediaplex[4].txt

obj[98]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[2].txt

obj[99]=IECache Entry : C:\WINDOWS\Cookies\default@admonitor[1].txt

obj[100]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[101]=IECache Entry : C:\WINDOWS\Cookies\default@bfast[3].txt

obj[102]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[103]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[6].txt

obj[104]=IECache Entry : C:\WINDOWS\Cookies\default@tripod[1].txt

obj[105]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[106]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[2].txt

obj[107]=IECache Entry : C:\WINDOWS\Cookies\default@x10[2].txt

obj[108]=IECache Entry : C:\WINDOWS\Cookies\default@linksynergy[4].txt

obj[109]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[110]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[111]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[112]=IECache Entry : C:\WINDOWS\Cookies\default@spinbox[1].txt

obj[113]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[2].txt

obj[114]=IECache Entry : C:\WINDOWS\Cookies\default@spinbox[3].txt

obj[115]=IECache Entry : C:\WINDOWS\Cookies\default@bluestreak[1].txt

obj[116]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[117]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[13].txt

obj[118]=IECache Entry : C:\WINDOWS\Cookies\default@realmedia[1].txt

obj[119]=IECache Entry : C:\WINDOWS\Cookies\default@7search[1].txt

obj[120]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[15].txt

obj[121]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[122]=IECache Entry : C:\WINDOWS\Cookies\default@valueclick[2].txt

obj[123]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[124]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[125]=IECache Entry : C:\WINDOWS\Cookies\default@bfast[4].txt

obj[126]=IECache Entry : C:\WINDOWS\Cookies\default@sexlist[2].txt

obj[127]=IECache Entry : C:\WINDOWS\Cookies\default@linksynergy[1].txt

obj[128]=IECache Entry : C:\WINDOWS\Cookies\default@sextracker[1].txt

obj[129]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[4].txt

obj[130]=IECache Entry : C:\WINDOWS\Cookies\default@clickagents[2].txt

obj[131]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[4].txt

obj[132]=IECache Entry : C:\WINDOWS\Cookies\default@paycounter[4].txt

obj[133]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[19].txt

obj[134]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[135]=IECache Entry : C:\WINDOWS\Cookies\default@trafficmp[3].txt

obj[136]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[5].txt

obj[137]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[16].txt

obj[138]=IECache Entry : C:\WINDOWS\Cookies\[email protected][5].txt

obj[139]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[140]=IECache Entry : C:\WINDOWS\Cookies\default@sextracker[4].txt

obj[141]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[142]=IECache Entry : C:\WINDOWS\Cookies\default@admonitor[3].txt

obj[143]=IECache Entry : C:\WINDOWS\Cookies\default@gator[2].txt

obj[144]=IECache Entry : C:\WINDOWS\Cookies\default@x10[4].txt

obj[145]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[146]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[147]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[7].txt

obj[148]=IECache Entry : C:\WINDOWS\Cookies\default@questionmarket[1].txt

obj[149]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[150]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[151]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[152]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[153]=IECache Entry : C:\WINDOWS\Cookies\default@tripod[2].txt

obj[154]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[3].txt

obj[155]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[156]=IECache Entry : C:\WINDOWS\Cookies\default@sexlist[1].txt

obj[157]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[158]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[5].txt

obj[159]=IECache Entry : C:\WINDOWS\Cookies\default@bluestreak[2].txt

obj[160]=IECache Entry : C:\WINDOWS\Cookies\default@paycounter[1].txt

obj[161]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[162]=IECache Entry : C:\WINDOWS\Cookies\default@sextracker[2].txt

obj[163]=IECache Entry : C:\WINDOWS\Cookies\[email protected][4].txt

obj[164]=IECache Entry : C:\WINDOWS\Cookies\default@sexlist[3].txt

obj[165]=IECache Entry : C:\WINDOWS\Cookies\[email protected][4].txt

obj[166]=IECache Entry : C:\WINDOWS\Cookies\default@trafficmp[1].txt

obj[167]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[17].txt

obj[168]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[169]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[170]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[171]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[172]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[173]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[174]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[20].txt

obj[175]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[176]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[177]=IECache Entry : C:\WINDOWS\Cookies\[email protected][6].txt

obj[178]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[179]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[180]=IECache Entry : C:\WINDOWS\Cookies\default@bluestreak[4].txt

obj[181]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[182]=IECache Entry : C:\WINDOWS\Cookies\default@hotlog[1].txt

obj[183]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[184]=IECache Entry : C:\WINDOWS\Cookies\default@dbbsrv[1].txt

obj[185]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[186]=IECache Entry : C:\WINDOWS\Cookies\default@paycounter[3].txt

obj[187]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[22].txt

obj[188]=IECache Entry : C:\WINDOWS\Cookies\default@list[1].txt

obj[189]=IECache Entry : C:\WINDOWS\Cookies\default@sexlist[5].txt

obj[190]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[191]=IECache Entry : C:\WINDOWS\Cookies\[email protected][5].txt

obj[192]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[193]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[194]=IECache Entry : C:\WINDOWS\Cookies\default@toteme[2].txt

obj[195]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[196]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[21].txt

obj[197]=IECache Entry : C:\WINDOWS\Cookies\default@paycounter[2].txt

obj[198]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[199]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[200]=IECache Entry : C:\WINDOWS\Cookies\default@sextracker[5].txt

obj[201]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[202]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[5].txt

obj[203]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[8].txt

obj[204]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[205]=IECache Entry : C:\WINDOWS\Cookies\[email protected][4].txt

obj[206]=IECache Entry : C:\WINDOWS\Cookies\default@valueclick[4].txt

obj[207]=IECache Entry : C:\WINDOWS\Cookies\default@gator[3].txt

obj[208]=IECache Entry : C:\WINDOWS\Cookies\[email protected][5].txt

obj[209]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[7].txt

obj[210]=IECache Entry : C:\WINDOWS\Cookies\[email protected][5].txt

obj[211]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[212]=IECache Entry : C:\WINDOWS\Cookies\default@doubleclick[2].txt

obj[213]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[214]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[215]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[216]=IECache Entry : C:\WINDOWS\Cookies\default@xxxtoolbar[2].txt

obj[217]=IECache Entry : C:\WINDOWS\Cookies\[email protected][7].txt

obj[218]=IECache Entry : C:\WINDOWS\Cookies\default@offshoreclicks[2].txt

obj[219]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[24].txt

obj[220]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[221]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[222]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[23].txt

obj[223]=IECache Entry : C:\WINDOWS\Cookies\default@mediaplex[3].txt

obj[224]=IECache Entry : C:\WINDOWS\Cookies\default@real[2].txt

obj[225]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[226]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[227]=IECache Entry : C:\WINDOWS\Cookies\default@toprefsys[1].txt

obj[228]=IECache Entry : C:\WINDOWS\Cookies\default@xxxcounter[1].txt

obj[229]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[230]=IECache Entry : C:\WINDOWS\Cookies\default@hitbox[7].txt

obj[231]=IECache Entry : C:\WINDOWS\Cookies\[email protected][4].txt

obj[232]=IECache Entry : C:\WINDOWS\Cookies\default@targetnet[3].txt

obj[233]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[234]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[235]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[236]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[237]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[238]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[239]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[26].txt

obj[240]=IECache Entry : C:\WINDOWS\Cookies\[email protected][7].txt

obj[241]=IECache Entry : C:\WINDOWS\Cookies\default@tribalfusion[1].txt

obj[242]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[243]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[244]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[8].txt

obj[245]=IECache Entry : C:\WINDOWS\Cookies\default@euniverseads[2].txt

obj[246]=IECache Entry : C:\WINDOWS\Cookies\[email protected][5].txt

obj[247]=IECache Entry : C:\WINDOWS\Cookies\default@realmedia[2].txt

obj[248]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[249]=IECache Entry : C:\WINDOWS\Cookies\default@zedo[1].txt

obj[250]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[251]=IECache Entry : C:\WINDOWS\Cookies\default@cgi-bin[27].txt

obj[252]=IECache Entry : C:\WINDOWS\Cookies\default@valueclick[5].txt

obj[253]=IECache Entry : C:\WINDOWS\Cookies\default@adrevolver[2].txt

obj[254]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[255]=IECache Entry : C:\WINDOWS\Cookies\default@0[1].txt

obj[256]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[257]=IECache Entry : C:\WINDOWS\Cookies\default@specificclick[1].txt

obj[258]=IECache Entry : C:\WINDOWS\Cookies\default@serving-sys[2].txt

obj[259]=IECache Entry : C:\WINDOWS\Cookies\default@2o7[2].txt

obj[260]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[261]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

obj[262]=IECache Entry : C:\WINDOWS\Cookies\default@hypercount[2].txt

obj[263]=IECache Entry : C:\WINDOWS\Cookies\default@qksrv[1].txt

obj[264]=IECache Entry : C:\WINDOWS\Cookies\[email protected][4].txt

obj[265]=IECache Entry : C:\WINDOWS\Cookies\default@2o7[1].txt

obj[266]=IECache Entry : C:\WINDOWS\Cookies\[email protected][3].txt

obj[267]=IECache Entry : C:\WINDOWS\Cookies\default@apmebf[2].txt

obj[268]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[8].txt

obj[269]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[6].txt

obj[270]=IECache Entry : C:\WINDOWS\Cookies\default@maxserving[1].txt

obj[271]=IECache Entry : C:\WINDOWS\Cookies\default@sextracker[3].txt

obj[272]=IECache Entry : C:\WINDOWS\Cookies\default@xxxcounter[2].txt

obj[273]=IECache Entry : C:\WINDOWS\Cookies\default@trafficmp[2].txt

obj[274]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[275]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[6].txt

obj[276]=IECache Entry : C:\WINDOWS\Cookies\[email protected][2].txt

obj[277]=IECache Entry : C:\WINDOWS\Cookies\default@paycounter[6].txt

obj[278]=IECache Entry : C:\WINDOWS\Cookies\default@tribalfusion[3].txt

obj[279]=IECache Entry : C:\WINDOWS\Cookies\default@paycounter[5].txt

obj[280]=IECache Entry : C:\WINDOWS\Cookies\[email protected][8].txt

obj[281]=IECache Entry : C:\WINDOWS\Cookies\[email protected][4].txt

obj[282]=IECache Entry : C:\WINDOWS\Cookies\default@fastclick[10].txt

obj[283]=IECache Entry : C:\WINDOWS\Cookies\[email protected][5].txt

obj[284]=IECache Entry : C:\WINDOWS\Cookies\default@sextracker[8].txt

obj[285]=IECache Entry : C:\WINDOWS\Cookies\[email protected][4].txt

obj[286]=IECache Entry : C:\WINDOWS\Cookies\default@xxxcounter[3].txt

obj[287]=IECache Entry : C:\WINDOWS\Cookies\default@advertising[10].txt

obj[288]=IECache Entry : C:\WINDOWS\Cookies\default@maxserving[3].txt

obj[289]=IECache Entry : C:\WINDOWS\Cookies\[email protected][9].txt

obj[290]=IECache Entry : C:\WINDOWS\Cookies\default@2o7[4].txt

obj[291]=IECache Entry : C:\WINDOWS\Cookies\default@overture[2].txt

obj[292]=IECache Entry : C:\WINDOWS\Cookies\default@trafficmp[5].txt

obj[293]=IECache Entry : C:\WINDOWS\Cookies\default@adrevolver[1].txt

obj[294]=IECache Entry : C:\WINDOWS\Cookies\default@tribalfusion[4].txt

obj[295]=IECache Entry : C:\WINDOWS\Cookies\default@apmebf[1].txt

obj[296]=IECache Entry : C:\WINDOWS\Cookies\default@qksrv[2].txt

obj[297]=IECache Entry : C:\WINDOWS\Cookies\default@hypercount[3].txt

obj[298]=IECache Entry : C:\WINDOWS\Cookies\[email protected][1].txt

Edited by TheTerrorist_75
Link to post
Share on other sites
Matt

Matt

Posted
Posted

Wow, looks like AdAware found a lot. We're going to kill those three files found by avast just to be sure that infection is gone. From its showing, the PC is looking better.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\WINDOWS\internt.exe

    c:\WINDOWS\SYSTEM32\sysinit32m.exe

    c:\WINDOWS\msxmidi.exe

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

If you get the ability to run Panda ActiveScan, please do that, and post back its report.

Link to post
Share on other sites
TheTerrorist_75

TheTerrorist_75

Posted
  • Author
Posted (edited)

I'll try that a little later. I am just finishing up the Windows updates. There wasn't one update installed on this POS. I would have put a Ehernet card in it and dug out my router, but it would have taken me longer to set it up than downloading the updates by dial-up. I hate Compaq/HP mini cases.

Killbox found nothing. I'm still having problems getting any online scans to run. Somehting isn't working with the ActiveX or Java.

I'm getting Kaspersky's online scan to load. I think the problem with Panda and HouseCall is due to their crappy designed webpages wanting to load tons of graphics. For dial-up users this is BS.

Edited by TheTerrorist_75
Link to post
Share on other sites
TheTerrorist_75

TheTerrorist_75

Posted
  • Author
Posted

KAV gave a clean bill of health. Another Avast scan found nothing. The computer is behaving nicely. No more flashing of the open windows and the buttons. I have Windows fully updated and now it's time to install and update Office. I installed SpywareBlaster, AdWare, SpyBot, Avast and IE-Spyad. This should keep her fairly safe. At least as safe as Win98 FE and dial-up can get without slowing it down. She doesn't surf the net much but constantly uses Office to do her school work. At least now she shouldn't be transferring infected files to the school's computers.

Thanks. :thumbsup:

Link to post
Share on other sites
Matt

Matt

Posted
Posted

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing