Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What to get rid off


  • Please log in to reply
36 replies to this topic

#1 jonnyhibbert

jonnyhibbert

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 March 2005 - 02:47 PM

Hi. I have been experiancing some trouble recently, but i now seem to have most of it under control, but ther are stil some problems. I have run adware, Spybot, AGV, and also am now running spyware blaster, yet i keep geting an error that says errorr 137, my pc is infected with viruses and spyware through ports 8080 and 3128, and to patch my PC (Which i have done,..yet im still geting the error) And also, a java aplications runs quite alot with the name Jimm butt, telling me to install somestuff, and it constantly hijacks my IE startpage, and i cant stop it for some reason...Could someone please help me. Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 19:47:42, on 3/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\winnt\Explorer.EXE
C:\winnt\System32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\winnt\System32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\winnt\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Firefox\firefox.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\WINNT\hh.exe
C:\Documents and Settings\Mark Hibbert\Desktop\MY files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTDP Class - {9E6EC32A-7C19-4409-99E8-FC980BCDAF26} - C:\winnt\htass.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Wi32De75] \System\win32rt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sThhxcU5O] C:\documents and settings\mark hibbert\local settings\temp\sThhxcU5O.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMSystem] c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\winnt\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [New Value #2] C:\Documents and Settings\Mark hibbert\desktop\wanadoo
O4 - HKCU\..\Run: [New Value #1] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON32] C:\WINNT\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\WINNT\System32\CSRSSU.EXE
O4 - HKCU\..\Run: [bindmags] C:\DOCUME~1\MARKHI~1\APPLIC~1\SCRDUP~1\Extra sign.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll
O9 - Extra button: Microsoft AntiSpyware helper - {22B798B9-7C50-4C4F-BA9F-EFD1EAEE27E3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22B798B9-7C50-4C4F-BA9F-EFD1EAEE27E3} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O16 - DPF: ChatSpace Full Java Client 3.1.0.246 - http://chat-a4.wanadoo.co.uk/Java/cfs31246.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://www.funtigo.com/funtigo/pictureUplo...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 PM

Posted 09 March 2005 - 06:28 PM

I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot.

Now please create a new Hijackthis Log and post it as a reply.

#3 jonnyhibbert

jonnyhibbert
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 10 March 2005 - 10:28 AM

Ok yeah, i had disabled a couple of programs in startup. here is the updated hijjack thjis. Thankyou for your help by the way, extremley apreciated. :thumbsup:
Logfile of HijackThis v1.99.1
Scan saved at 15:26:43, on 3/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\spoolsv.exe
C:\winnt\System32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\winnt\System32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\winnt\System32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\WinMX\WinMX.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
D:\Firefox\firefox.exe
C:\winnt\System32\wuauclt.exe
C:\Documents and Settings\Mark Hibbert\Desktop\MY files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTDP Class - {9E6EC32A-7C19-4409-99E8-FC980BCDAF26} - C:\winnt\htass.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Wi32De75] \System\win32rt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sThhxcU5O] C:\documents and settings\mark hibbert\local settings\temp\sThhxcU5O.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMSystem] c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\winnt\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [New Value #2] C:\Documents and Settings\Mark hibbert\desktop\wanadoo
O4 - HKCU\..\Run: [New Value #1] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON32] C:\WINNT\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\WINNT\System32\CSRSSU.EXE
O4 - HKCU\..\Run: [bindmags] C:\DOCUME~1\MARKHI~1\APPLIC~1\SCRDUP~1\Extra sign.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll
O9 - Extra button: Microsoft AntiSpyware helper - {22B798B9-7C50-4C4F-BA9F-EFD1EAEE27E3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22B798B9-7C50-4C4F-BA9F-EFD1EAEE27E3} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O16 - DPF: ChatSpace Full Java Client 3.1.0.246 - http://chat-a4.wanadoo.co.uk/Java/cfs31246.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://www.funtigo.com/funtigo/pictureUplo...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 PM

Posted 10 March 2005 - 04:18 PM

Do you know what this?

O4 - HKCU\..\Run: [New Value #2] C:\Documents and Settings\Mark hibbert\desktop\wanadoo



Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R3 - Default URLSearchHook is missing
O2 - BHO: HTDP Class - {9E6EC32A-7C19-4409-99E8-FC980BCDAF26} - C:\winnt\htass.dll (file missing)
O4 - HKLM\..\Run: [Wi32De75] \System\win32rt.exe
O4 - HKLM\..\Run: [sThhxcU5O] C:\documents and settings\mark hibbert\local settings\temp\sThhxcU5O.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [MMSystem] c:\winnt\rundll32.exe "c:\winnt\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\winnt\System32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [CSRSSU] C:\WINNT\System32\CSRSSU.EXE
O4 - HKCU\..\Run: [bindmags] C:\DOCUME~1\MARKHI~1\APPLIC~1\SCRDUP~1\Extra sign.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

c:\windows\System\win32rt.exe
C:\documents and settings\mark hibbert\local settings\temp\sThhxcU5O.exe
c:\winnt\system32\mmsystem.dll
C:\winnt\System32\ctfmon.exe
c:\freescan\
C:\WINNT\System32\CSRSSU.EXE
C:\DOCUME~1\MARKHI~1\APPLIC~1\SCRDUP~1\

Reboot your computer to go back to normal mode and post a new log.

#5 jonnyhibbert

jonnyhibbert
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 10 March 2005 - 04:49 PM

Ok i did all that. The only file that was there was the ctfmon and that was running in processes..So i stoped that running and deleted it. Also a problem now is that when my computer starts it asks me which operating system i want to run...Windows or windows XP, and if i choose windows it fails to load and claims a missing file. Im sorry to be a pain, but the help here is truley outstanding :thumbsup: thankyou for evreything so far :flowers:

Logfile of HijackThis v1.99.1
Scan saved at 21:46:55, on 3/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\Explorer.EXE
C:\winnt\system32\spoolsv.exe
C:\winnt\System32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\winnt\System32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Documents and Settings\Mark Hibbert\Desktop\MY files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [New Value #2] C:\Documents and Settings\Mark hibbert\desktop\wanadoo
O4 - HKCU\..\Run: [New Value #1] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON32] C:\WINNT\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\winnt\System32\ctfmon.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Microsoft AntiSpyware helper - {22B798B9-7C50-4C4F-BA9F-EFD1EAEE27E3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22B798B9-7C50-4C4F-BA9F-EFD1EAEE27E3} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O16 - DPF: ChatSpace Full Java Client 3.1.0.246 - http://chat-a4.wanadoo.co.uk/Java/cfs31246.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://www.funtigo.com/funtigo/pictureUplo...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 PM

Posted 10 March 2005 - 05:32 PM

You didnt answer my question about whether you knew this line or not:


O4 - HKCU\..\Run: [New Value #2] C:\Documents and Settings\Mark hibbert\desktop\wanadoo

Do you run zone alarm on your machine?

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
O4 - HKCU\..\Run: [CTFMON32] C:\WINNT\System32\CTFMON32.EXE
EFD1EAEE27E3} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A80EBD8F-C9CB-4F55-8429-21303C2132A2} - C:\WINNT\System32\intlmain.dll (HKCU)

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)
C:\WINNT\System32\CTFMON32.EXE

Reboot your computer to go back to normal mode and post a new log.

#7 jonnyhibbert

jonnyhibbert
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 11 March 2005 - 11:26 AM

Ok, done that, but Jim but's has come back. And that wanadoo was a IE browser that came with my wanadoo package, but i got rid of that when i downloaded firefox, and yes i do use zonealarm..I've just downloaded an update and made sure its all working as it should as well. Im geting quite desperate now as im geting a pop up evrey 2 or so mins telling me to patch my computer, and then another one telling me about jim butt's and also as i now have to choose which operating system to load(????)...And so it makes me all the more gratefull that i have your help, thankyou. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 16:23:53, on 3/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\winnt\Explorer.EXE
C:\winnt\System32\wfxsnt40.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\winnt\System32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\winnt\System32\wuauclt.exe
D:\Firefox\firefox.exe
C:\Documents and Settings\Mark Hibbert\Desktop\MY files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [New Value #2] C:\Documents and Settings\Mark hibbert\desktop\wanadoo
O4 - HKCU\..\Run: [New Value #1] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://www.funtigo.com/funtigo/pictureUplo...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINNT\system32\ZONELABS\vsmon.exe

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 PM

Posted 11 March 2005 - 01:18 PM

Fix this:

O4 - HKCU\..\Run: [New Value #2] C:\Documents and Settings\Mark hibbert\desktop\wanadoo

Download this file:

http://www.bleepingcomputer.com/files/pv.php

and extract it to c:\pv.

Navigate to that directory and double-click on the runme.bat file. Then press the number 1 when its done it will open a notepad.

Then do the same thing for options 2 and 3. Paste all three logs in here as a reply and let me look it over.

#9 jonnyhibbert

jonnyhibbert
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 12 March 2005 - 10:38 AM

Hi. I have done as you have asked, deleted the wanadoo thing, and then downloaded that file..However, i dont think its working right. I run the program and it opens the notepad like you say for 1 2 and three, but i see no logs anywere..Not in the program its self or in the notepads...However, number 2 opens an IE browser, which just goes to jim buts "Hotstuff.com"..Is ther something im doing wrong?

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 PM

Posted 12 March 2005 - 04:08 PM

Please download Dllcompare from here:

http://www.bleepingcomputer.com/files/dllcompare.php

When it has downlaoded, run the program and click on the Run Locate.com button. When that has completed, click on the compare button. When that completed click on the make log button. Then post the contents of that log as a reply to this post after you do the next step.

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the mark all button.

6. Press the OK button.

7. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

8. Post a copy of the log as a reply to this post.

#11 jonnyhibbert

jonnyhibbert
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 13 March 2005 - 06:26 AM

* DLLCompare Log version(1.0.0.125)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINNT\SYSTEM32\settings.dll Thu 1 Apr 2004 13:39:30 A.SHR 27 0.02 K
________________________________________________

1,414 items found: 1,414 files (1 H/S), 0 directories.
Total of file sizes: 268,303,941 bytes 255.87 M

Administrator Account = True

--------------------End log---------------------


StartDreck (build 2.1.7 public stable) - 2005-03-13 @ 11:24:39 (GMT +00:00)
Platform: Windows XP (Win NT 5.1.2600 )
Internet Explorer: 6.0.2800.1106
Logged in as Mark Hibbert at JONATHON

»Registry
»Run Keys
»Current User
»Run
*Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
*New Value #2=C:\Documents and Settings\Mark hibbert\desktop\wanadoo
*New Value #1=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
*MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
*msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
+New Key #2
+New Key #1
»RunOnce
»Default User
»Run
*internat.exe=internat.exe
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
*^SetupICWDesktop=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
*tscuninstall=%systemroot%\system32\tscupgrd.exe
*RunNarrator=Narrator.exe
»Local Machine
»Run
*WinFaxAppPortStarter=wfxsnt40.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*SpyHunter=C:\Program Files\SpyHunter\SpyHunter.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*Piolet=C:\Program Files\Piolet\Piolet.exe SILENT
*nwiz=nwiz.exe /install
*LifeScape Media Detector=C:\Program Files\Picasa\PicasaMediaDetector.exe
*AVG7_EMC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
*gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
*NvCplDaemon=RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
*Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
*MessengerPlus3="C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" %1
+.exe
*exefile="%1" %*
+.hta
*htafile=
+.htm
*FirefoxHTML=D:\FIREFOX\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=D:\FIREFOX\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mswmp.inf,PerUserStub
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub
+Address Book 5/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\System32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.UnInstall.PerUser
+Fax Provider/{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
*StubPath=rundll32.exe C:\WINNT\System32\Setup\FxsOcm.dll,XP_UninstallProvider
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
+Internet Explorer Access/{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
*StubPath=rundll32 iesetup.dll,IEAccessUserInst
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar1.dll
»Internet Explorer
»Current User
*Local Page=C:\winnt\System32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.jimbutt.com/stuffs/
+SearchUrl
*provider=gogl
*=http://home.microsoft.com/access/autosearch.asp?p=%s
*(Default)=frsv
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://ie.search.msn.com
*Start Page=about:blank
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://www.google.com/ie
»ShellServiceObjectDelayLoad (LM)
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINNT\System32\stobject.dll
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINNT\SYSTEM32\Userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Mark Hibbert\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINNT\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LG SyncManager.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Wireless Optical Mouse Driver.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Wireless Keyboard Driver.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\winnt="Windows XP" /fastdetect
*C:\msdos.sys
*C:\winnt\System32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\winnt\System32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`lh %SystemRoot%\system32\nw16
`lh %SystemRoot%\system32\vwipxspx
*C:\winnt\wininit.ini
`[Rename]
`NUL=C:\PROGRA~1\INTERN~2\sim\bdl14122.exe
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\Corecomp.ini
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\Ctl3d32.dll
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\IsUninst.Exe
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\cat1.wav
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\cat2.wav
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\dog.wav
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\DOGZVE~1.BMP
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\license.txt
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\value.shl
`NUL=C:\WINNT\TEMP\_ISTMP6.DIR\76c352.DLL
`NUL=C:\WINNT\TEMP\_INS5176._MP
`NUL=C:\WINNT\TEMP\ZDataI51.dll
`NUL=C:\WINNT\TEMP\_WUTL951.DLL
*C:\winnt\winstart.bat
`@C:\WINNT\tmpcpyis.bat
*C:\winnt\System32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\winnt\System32\win.com
*C:\winnt\explorer.exe
»%PATH% Companion Files
+C:\winnt\System32\notepad.exe
*C:\winnt\notepad.exe
+C:\winnt\System32\taskman.exe
*C:\winnt\taskman.exe
+C:\winnt\System32\winhlp32.exe
*C:\winnt\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+352=\SystemRoot\System32\smss.exe
*C:\winnt\System32\ntdll.dll
+400=\??\C:\winnt\system32\csrss.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\CSRSRV.dll
*C:\winnt\system32\basesrv.dll
*C:\winnt\system32\winsrv.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\KERNEL32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\System32\sxs.dll
+424=\??\C:\winnt\system32\winlogon.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\AUTHZ.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\MSASN1.dll
*C:\winnt\system32\NDdeApi.dll
*C:\winnt\system32\PROFMAP.dll
*C:\winnt\system32\NETAPI32.dll
*C:\winnt\system32\USERENV.dll
*C:\winnt\system32\PSAPI.DLL
*C:\winnt\system32\REGAPI.dll
*C:\winnt\system32\Secur32.dll
*C:\winnt\system32\SETUPAPI.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\WINSTA.dll
*C:\winnt\system32\WS2_32.dll
*C:\winnt\system32\WS2HELP.dll
*C:\winnt\system32\MSGINA.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\COMCTL32.dll
*C:\winnt\system32\ODBC32.dll
*C:\winnt\system32\comdlg32.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\odbcint.dll
*C:\winnt\system32\SHSVCS.dll
*C:\winnt\system32\sfc.dll
*C:\winnt\system32\sfc_os.dll
*C:\winnt\system32\WINTRUST.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\IMAGEHLP.dll
*C:\winnt\system32\WINSCARD.DLL
*C:\winnt\system32\WTSAPI32.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\system32\WINMM.dll
*C:\winnt\system32\cscdll.dll
*C:\winnt\system32\WlNotify.dll
*C:\winnt\system32\WINSPOOL.DRV
*C:\winnt\system32\MPR.dll
*C:\WINNT\System32\rsaenh.dll
*C:\winnt\system32\SAMLIB.dll
*C:\winnt\system32\msv1_0.dll
*C:\winnt\system32\cscui.dll
*C:\winnt\system32\NTMARTA.DLL
*C:\winnt\system32\WLDAP32.dll
*C:\winnt\system32\sxs.dll
*C:\winnt\system32\wdmaud.drv
*C:\winnt\system32\msacm32.drv
*C:\winnt\system32\MSACM32.dll
*C:\winnt\system32\midimap.dll
*C:\winnt\system32\COMRes.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\CLBCATQ.DLL
+468=C:\winnt\system32\services.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USERENV.dll
*C:\winnt\system32\SCESRV.dll
*C:\winnt\system32\AUTHZ.dll
*C:\winnt\system32\umpnpmgr.dll
*C:\winnt\system32\WINSTA.dll
*C:\winnt\system32\NCObjAPI.DLL
*C:\winnt\system32\secur32.dll
*C:\winnt\system32\eventlog.dll
*C:\winnt\system32\WS2_32.dll
*C:\winnt\system32\WS2HELP.dll
*C:\winnt\system32\PSAPI.DLL
*C:\winnt\system32\wtsapi32.dll
*C:\winnt\system32\netapi32.dll
*C:\winnt\system32\Apphelp.dll
+480=C:\winnt\system32\lsass.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\LSASRV.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\Secur32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\SAMSRV.dll
*C:\winnt\system32\cryptdll.dll
*C:\winnt\system32\DNSAPI.dll
*C:\winnt\system32\WS2_32.dll
*C:\winnt\system32\WS2HELP.dll
*C:\winnt\system32\MSASN1.dll
*C:\winnt\system32\NETAPI32.dll
*C:\winnt\system32\SAMLIB.dll
*C:\winnt\system32\MPR.dll
*C:\winnt\system32\NTDSAPI.dll
*C:\winnt\system32\WLDAP32.dll
*C:\winnt\system32\msprivs.dll
*C:\winnt\system32\kerberos.dll
*C:\winnt\system32\msv1_0.dll
*C:\winnt\system32\netlogon.dll
*C:\winnt\system32\w32time.dll
*C:\winnt\system32\MSVCP60.dll
*C:\winnt\system32\iphlpapi.dll
*C:\winnt\system32\netman.dll
*C:\winnt\system32\MPRAPI.dll
*C:\winnt\system32\ACTIVEDS.dll
*C:\winnt\system32\adsldpc.dll
*C:\winnt\system32\ATL.DLL
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\rtutils.dll
*C:\winnt\system32\SETUPAPI.dll
*C:\winnt\system32\RASAPI32.dll
*C:\winnt\system32\rasman.dll
*C:\winnt\system32\TAPI32.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\WINMM.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\WZCSvc.DLL
*C:\winnt\system32\WMI.dll
*C:\winnt\system32\DHCPCSVC.DLL
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\WTSAPI32.dll
*C:\winnt\system32\WINSTA.dll
*C:\winnt\system32\USERENV.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\schannel.dll
*C:\winnt\system32\wdigest.dll
*C:\WINNT\System32\rsaenh.dll
*C:\winnt\system32\scecli.dll
*C:\winnt\system32\pstorsvc.dll
*C:\winnt\system32\psbase.dll
*C:\winnt\system32\mswsock.dll
*C:\winnt\System32\wshtcpip.dll
*C:\winnt\system32\msapsspc.dll
*C:\winnt\system32\MSVCRT40.dll
*C:\winnt\system32\MSVCIRT.dll
*C:\winnt\system32\msnsspc.dll
*C:\winnt\system32\zwebauth.dll
*C:\winnt\system32\digest.dll
*C:\WINNT\System32\dssenh.dll
+644=C:\winnt\system32\svchost.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*c:\winnt\system32\rpcss.dll
*C:\winnt\system32\msvcrt.dll
*c:\winnt\system32\WS2_32.dll
*c:\winnt\system32\WS2HELP.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*c:\winnt\system32\Secur32.dll
*C:\winnt\system32\userenv.dll
*C:\WINNT\System32\rsaenh.dll
*C:\winnt\system32\mswsock.dll
*C:\winnt\System32\wshtcpip.dll
*C:\winnt\system32\DNSAPI.dll
*C:\winnt\system32\iphlpapi.dll
*C:\winnt\system32\netman.dll
*C:\winnt\system32\MPRAPI.dll
*C:\winnt\system32\ACTIVEDS.dll
*C:\winnt\system32\adsldpc.dll
*C:\winnt\system32\NETAPI32.dll
*C:\winnt\system32\WLDAP32.dll
*C:\winnt\system32\ATL.DLL
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\rtutils.dll
*C:\winnt\system32\SAMLIB.dll
*C:\winnt\system32\SETUPAPI.dll
*C:\winnt\system32\RASAPI32.dll
*C:\winnt\system32\rasman.dll
*C:\winnt\system32\TAPI32.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\WINMM.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\WZCSvc.DLL
*C:\winnt\system32\WMI.dll
*C:\winnt\system32\DHCPCSVC.DLL
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\MSASN1.dll
*C:\winnt\system32\WTSAPI32.dll
*C:\winnt\system32\WINSTA.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\System32\winrnr.dll
*C:\winnt\system32\rasadhlp.dll
*C:\winnt\system32\CLBCATQ.DLL
*C:\winnt\system32\COMRes.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\msv1_0.dll
+696=C:\winnt\System32\svchost.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*c:\winnt\system32\shsvcs.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\shell32.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\System32\WINSTA.dll
*c:\winnt\system32\dhcpcsvc.dll
*c:\winnt\system32\DNSAPI.dll
*c:\winnt\system32\WS2_32.dll
*c:\winnt\system32\WS2HELP.dll
*c:\winnt\system32\iphlpapi.dll
*c:\winnt\system32\netman.dll
*c:\winnt\system32\MPRAPI.dll
*c:\winnt\system32\ACTIVEDS.dll
*c:\winnt\system32\adsldpc.dll
*c:\winnt\system32\NETAPI32.dll
*C:\winnt\system32\WLDAP32.dll
*c:\winnt\system32\ATL.DLL
*C:\winnt\system32\OLEAUT32.dll
*c:\winnt\system32\rtutils.dll
*c:\winnt\system32\SAMLIB.dll
*c:\winnt\system32\SETUPAPI.dll
*c:\winnt\system32\RASAPI32.dll
*c:\winnt\system32\rasman.dll
*c:\winnt\system32\TAPI32.dll
*c:\winnt\system32\WINMM.dll
*c:\winnt\system32\Secur32.dll
*c:\winnt\system32\WZCSvc.DLL
*c:\winnt\system32\WMI.dll
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\MSASN1.dll
*c:\winnt\system32\WTSAPI32.dll
*C:\winnt\System32\UxTheme.dll
*C:\WINNT\System32\rsaenh.dll
*C:\winnt\system32\mswsock.dll
*C:\winnt\System32\wshtcpip.dll
*C:\winnt\System32\rastls.dll
*C:\winnt\System32\SCHANNEL.dll
*C:\winnt\system32\USERENV.dll
*C:\winnt\System32\WinSCard.dll
*C:\winnt\System32\raschap.dll
*C:\winnt\system32\msv1_0.dll
*C:\winnt\System32\NTMARTA.DLL
*C:\winnt\System32\CLBCATQ.DLL
*C:\winnt\System32\COMRes.dll
*C:\winnt\system32\VERSION.dll
*c:\winnt\system32\schedsvc.dll
*c:\winnt\system32\NTDSAPI.dll
*C:\winnt\system32\IMAGEHLP.dll
*C:\winnt\System32\MSIDLE.DLL
*c:\winnt\system32\audiosrv.dll
*c:\winnt\system32\cryptsvc.dll
*c:\winnt\system32\WINTRUST.dll
*c:\winnt\system32\certcli.dll
*c:\winnt\system32\CRYPTUI.dll
*C:\winnt\system32\WININET.dll
*c:\winnt\system32\ESENT.dll
*c:\winnt\system32\ntmssvc.dll
*c:\winnt\system32\NTMSDBA.dll
*c:\winnt\system32\hidserv.dll
*c:\winnt\system32\HID.DLL
*c:\winnt\pchealth\helpctr\binaries\pchsvc.dll
*c:\winnt\system32\es.dll
*c:\winnt\system32\ersvc.dll
*c:\winnt\system32\dmserver.dll
*c:\winnt\system32\srsvc.dll
*c:\winnt\system32\seclogon.dll
*c:\winnt\system32\trkwks.dll
*c:\winnt\system32\w32time.dll
*c:\winnt\system32\MSVCP60.dll
*c:\winnt\system32\wbem\wmisvc.dll
*c:\winnt\system32\wbem\wbemcomn.dll
*C:\winnt\system32\VSSAPI.DLL
*c:\winnt\system32\sens.dll
*c:\winnt\system32\wuauserv.dll
*C:\winnt\System32\wuaueng.dll
*C:\winnt\System32\ADVPACK.dll
*C:\winnt\System32\SHFOLDER.dll
*C:\winnt\System32\WINSPOOL.DRV
*C:\winnt\System32\WINHTTP.dll
*C:\winnt\System32\Cabinet.dll
*C:\winnt\System32\mspatcha.dll
*C:\winnt\System32\sfc.dll
*C:\winnt\System32\sfc_os.dll
*C:\winnt\System32\SXS.DLL
*C:\WINNT\system32\comsvcs.dll
*C:\WINNT\system32\MTXCLU.DLL
*C:\WINNT\system32\WSOCK32.dll
*C:\WINNT\system32\colbact.DLL
*C:\winnt\System32\CLUSAPI.DLL
*C:\winnt\System32\RESUTILS.DLL
*C:\winnt\System32\mtxoci.dll
*c:\winnt\system32\tapisrv.dll
*c:\winnt\system32\PSAPI.DLL
*c:\winnt\system32\rasmans.dll
*c:\winnt\system32\WINIPSEC.DLL
*c:\winnt\system32\netcfgx.dll
*C:\winnt\System32\rastapi.dll
*c:\winnt\system32\termsrv.dll
*c:\winnt\system32\ICAAPI.dll
*c:\winnt\system32\AUTHZ.dll
*c:\winnt\system32\mstlsapi.dll
*C:\winnt\System32\msi.dll
*C:\winnt\System32\REGAPI.dll
*C:\winnt\System32\unimdm.tsp
*C:\winnt\System32\uniplat.dll
*C:\WINNT\system32\NETSHELL.dll
*C:\WINNT\system32\credui.dll
*C:\winnt\System32\RASDLG.dll
*C:\winnt\System32\unimdmat.dll
*C:\winnt\System32\modemui.dll
*C:\winnt\System32\kmddsp.tsp
*C:\WINNT\System32\upnp.dll
*C:\WINNT\System32\SSDPAPI.dll
*C:\winnt\System32\ndptsp.tsp
*C:\winnt\System32\ipconf.tsp
*C:\winnt\System32\h323.tsp
*C:\winnt\System32\hidphone.tsp
*C:\winnt\System32\rasadhlp.dll
*C:\winnt\System32\rasppp.dll
*C:\winnt\System32\ntlsapi.dll
*c:\winnt\system32\rasauto.dll
*C:\winnt\System32\icmp.dll
*C:\winnt\System32\sensapi.dll
*C:\winnt\system32\urlmon.dll
*C:\winnt\System32\winrnr.dll
*C:\WINNT\System32\wups.dll
*C:\WINNT\System32\wbem\wbemcore.dll
*C:\WINNT\System32\wbem\esscli.dll
*C:\WINNT\System32\wbem\FastProx.dll
*C:\WINNT\System32\wbem\wmiutils.dll
*C:\WINNT\System32\wbem\repdrvfs.dll
*C:\WINNT\System32\wbem\wmiprvsd.dll
*C:\winnt\system32\NCObjAPI.DLL
*C:\WINNT\System32\wbem\wbemess.dll
*C:\WINNT\System32\wbem\ncprov.dll
+776=C:\winnt\System32\svchost.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*c:\winnt\system32\dnsrslvr.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*c:\winnt\system32\DNSAPI.dll
*c:\winnt\system32\WS2_32.dll
*c:\winnt\system32\WS2HELP.dll
*c:\winnt\system32\iphlpapi.dll
*c:\winnt\system32\netman.dll
*c:\winnt\system32\MPRAPI.dll
*c:\winnt\system32\ACTIVEDS.dll
*c:\winnt\system32\adsldpc.dll
*c:\winnt\system32\NETAPI32.dll
*C:\winnt\system32\WLDAP32.dll
*c:\winnt\system32\ATL.DLL
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*c:\winnt\system32\rtutils.dll
*c:\winnt\system32\SAMLIB.dll
*c:\winnt\system32\SETUPAPI.dll
*c:\winnt\system32\RASAPI32.dll
*c:\winnt\system32\rasman.dll
*c:\winnt\system32\TAPI32.dll
*C:\winnt\system32\SHLWAPI.dll
*c:\winnt\system32\WINMM.dll
*C:\winnt\system32\SHELL32.dll
*c:\winnt\system32\Secur32.dll
*c:\winnt\system32\WZCSvc.DLL
*c:\winnt\system32\WMI.dll
*c:\winnt\system32\DHCPCSVC.DLL
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\MSASN1.dll
*c:\winnt\system32\WTSAPI32.dll
*c:\winnt\system32\WINSTA.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\mswsock.dll
*C:\winnt\System32\wshtcpip.dll
+852=C:\winnt\System32\svchost.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*c:\winnt\system32\lmhsvc.dll
*C:\winnt\system32\msvcrt.dll
*c:\winnt\system32\iphlpapi.dll
*c:\winnt\system32\netman.dll
*c:\winnt\system32\MPRAPI.dll
*c:\winnt\system32\ACTIVEDS.dll
*c:\winnt\system32\adsldpc.dll
*c:\winnt\system32\NETAPI32.dll
*C:\winnt\system32\WLDAP32.dll
*c:\winnt\system32\ATL.DLL
*C:\winnt\system32\OLEAUT32.dll
*c:\winnt\system32\rtutils.dll
*c:\winnt\system32\SAMLIB.dll
*c:\winnt\system32\SETUPAPI.dll
*c:\winnt\system32\RASAPI32.dll
*c:\winnt\system32\rasman.dll
*c:\winnt\system32\WS2_32.dll
*c:\winnt\system32\WS2HELP.dll
*c:\winnt\system32\TAPI32.dll
*C:\winnt\system32\SHLWAPI.dll
*c:\winnt\system32\WINMM.dll
*C:\winnt\system32\SHELL32.dll
*c:\winnt\system32\Secur32.dll
*c:\winnt\system32\WZCSvc.DLL
*c:\winnt\system32\WMI.dll
*c:\winnt\system32\DHCPCSVC.DLL
*c:\winnt\system32\DNSAPI.dll
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\MSASN1.dll
*c:\winnt\system32\WTSAPI32.dll
*c:\winnt\system32\WINSTA.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*c:\winnt\system32\webclnt.dll
*C:\winnt\system32\WININET.dll
*C:\winnt\System32\wsock32.dll
*c:\winnt\system32\regsvc.dll
*c:\winnt\system32\ssdpsrv.dll
*C:\winnt\system32\mswsock.dll
*C:\winnt\System32\wshtcpip.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\System32\winrnr.dll
*C:\winnt\System32\rasadhlp.dll
*C:\winnt\System32\sensapi.dll
*C:\winnt\system32\urlmon.dll
*C:\winnt\system32\VERSION.dll
+1044=C:\winnt\Explorer.EXE
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\System32\BROWSEUI.dll
*C:\winnt\System32\SHDOCVW.dll
*C:\winnt\System32\UxTheme.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\appHelp.dll
*C:\winnt\System32\CLBCATQ.DLL
*C:\winnt\System32\COMRes.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\System32\cscui.dll
*C:\winnt\System32\CSCDLL.dll
*C:\winnt\System32\themeui.dll
*C:\winnt\System32\Secur32.dll
*C:\winnt\System32\MSIMG32.dll
*C:\winnt\system32\USERENV.dll
*C:\WINNT\System32\actxprxy.dll
*C:\winnt\System32\LINKINFO.dll
*C:\winnt\System32\ntshrui.dll
*C:\winnt\System32\ATL.DLL
*C:\winnt\System32\NETAPI32.dll
*C:\winnt\system32\urlmon.dll
*C:\winnt\System32\mlang.dll
*C:\winnt\System32\mshtml.dll
*C:\winnt\System32\SETUPAPI.dll
*C:\Program Files\Microsoft AntiSpyware\shellextension.dll
*C:\WINNT\system32\NETSHELL.dll
*C:\WINNT\system32\credui.dll
*C:\WINNT\system32\WS2_32.dll
*C:\WINNT\system32\WS2HELP.dll
*C:\WINNT\system32\iphlpapi.dll
*C:\WINNT\system32\netman.dll
*C:\WINNT\system32\MPRAPI.dll
*C:\WINNT\system32\ACTIVEDS.dll
*C:\WINNT\system32\adsldpc.dll
*C:\winnt\system32\WLDAP32.dll
*C:\WINNT\system32\rtutils.dll
*C:\WINNT\system32\SAMLIB.dll
*C:\WINNT\system32\RASAPI32.dll
*C:\WINNT\system32\rasman.dll
*C:\WINNT\system32\TAPI32.dll
*C:\WINNT\system32\WINMM.dll
*C:\WINNT\system32\WZCSvc.DLL
*C:\WINNT\system32\WMI.dll
*C:\WINNT\system32\DHCPCSVC.DLL
*C:\WINNT\system32\DNSAPI.dll
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\MSASN1.dll
*C:\WINNT\system32\WTSAPI32.dll
*C:\WINNT\system32\WINSTA.dll
*C:\winnt\System32\msi.dll
*C:\winnt\system32\WININET.DLL
*C:\winnt\System32\sensapi.dll
*C:\Program Files\Messenger Plus! 3\MsgPlusH.dll
*C:\winnt\system32\comdlg32.dll
*C:\winnt\System32\shdoclc.dll
*C:\WINNT\System32\msimtf.dll
*C:\WINNT\System32\MSCTF.dll
*C:\winnt\System32\MSLS31.DLL
*C:\winnt\System32\browselc.dll
*C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*C:\winnt\System32\SXS.DLL
*C:\winnt\System32\DUSER.dll
*C:\WINNT\System32\stobject.dll
*C:\WINNT\System32\BatMeter.dll
*C:\WINNT\System32\POWRPROF.dll
*C:\winnt\System32\systr.dll
*C:\winnt\System32\CRTDLL.DLL
*C:\winnt\System32\webcheck.dll
*C:\winnt\System32\printui.dll
*C:\winnt\System32\WINSPOOL.DRV
*C:\winnt\System32\CFGMGR32.dll
*C:\winnt\system32\MPR.dll
*C:\winnt\System32\fxsst.dll
*C:\winnt\System32\FXSAPI.dll
*C:\winnt\System32\NTMARTA.DLL
*C:\winnt\System32\drprov.dll
*C:\winnt\System32\davclnt.dll
*C:\WINNT\System32\docprop2.dll
*C:\PROGRA~1\WinZip\WZSHLSTB.DLL
*C:\Program Files\Microsoft Office\Office10\msohev.dll
*C:\winnt\System32\MSGINA.dll
*C:\winnt\System32\ODBC32.dll
*C:\winnt\System32\odbcint.dll
*C:\WINNT\System32\sti.dll
*C:\winnt\System32\wdmaud.drv
*C:\winnt\System32\msacm32.drv
*C:\winnt\System32\MSACM32.dll
*C:\winnt\System32\midimap.dll
+1072=C:\winnt\system32\spoolsv.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\SPOOLSS.DLL
*C:\winnt\system32\WS2_32.dll
*C:\winnt\system32\WS2HELP.dll
*C:\winnt\system32\DNSAPI.dll
*C:\winnt\system32\rasadhlp.dll
*C:\winnt\system32\localspl.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\Secur32.dll
*C:\winnt\system32\sfc_os.dll
*C:\winnt\system32\WINTRUST.dll
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\MSASN1.dll
*C:\winnt\system32\IMAGEHLP.dll
*C:\winnt\system32\USERENV.dll
*C:\winnt\system32\winspool.drv
*C:\winnt\system32\netapi32.dll
*C:\winnt\system32\cnbjmon.dll
*C:\winnt\system32\EBPMON2.DLL
*C:\winnt\system32\pjlmon.dll
*C:\winnt\system32\tcpmon.dll
*C:\winnt\system32\usbmon.dll
*C:\winnt\system32\WFXMNT40.DLL
*C:\winnt\system32\WFXMNTHQ.DLL
*C:\winnt\System32\spool\PRTPROCS\W32X86\wfxpnt40.dll
*C:\winnt\System32\mswsock.dll
*C:\winnt\System32\winrnr.dll
*C:\winnt\system32\WLDAP32.dll
*C:\winnt\system32\inetpp.dll
*C:\winnt\system32\icmp.dll
*C:\winnt\system32\iphlpapi.DLL
*C:\winnt\system32\netman.dll
*C:\winnt\system32\MPRAPI.dll
*C:\winnt\system32\ACTIVEDS.dll
*C:\winnt\system32\adsldpc.dll
*C:\winnt\system32\ATL.DLL
*C:\winnt\system32\rtutils.dll
*C:\winnt\system32\SAMLIB.dll
*C:\winnt\system32\SETUPAPI.dll
*C:\winnt\system32\RASAPI32.dll
*C:\winnt\system32\rasman.dll
*C:\winnt\system32\TAPI32.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\WINMM.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\WZCSvc.DLL
*C:\winnt\system32\WMI.dll
*C:\winnt\system32\DHCPCSVC.DLL
*C:\winnt\system32\WTSAPI32.dll
*C:\winnt\system32\WINSTA.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\CLBCATQ.DLL
*C:\winnt\system32\COMRes.dll
+1204=C:\winnt\System32\wfxsnt40.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\system32\msvcrt.dll
+1240=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\shell32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\System32\SETUPAPI.dll
*C:\winnt\System32\CLBCATQ.DLL
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\System32\COMRes.dll
*C:\winnt\System32\NTMARTA.DLL
*C:\winnt\system32\WLDAP32.dll
+1252=C:\Program Files\QuickTime\qttask.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\uxtheme.dll
+1268=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\MSVCRT.DLL
*C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll
*C:\winnt\System32\WSOCK32.dll
*C:\winnt\System32\WS2_32.dll
*C:\winnt\System32\WS2HELP.dll
*C:\winnt\System32\MSVCR71.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\System32\MSVCP71.dll
*C:\winnt\System32\SHFOLDER.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\System32\CLBCATQ.DLL
*C:\winnt\System32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
*C:\Program Files\Grisoft\AVG Free\avgscan.dll
*C:\Program Files\Grisoft\AVG Free\avgunarc.dll
*C:\winnt\system32\MPR.dll
*C:\winnt\System32\RASAPI32.DLL
*C:\winnt\System32\rasman.dll
*C:\winnt\System32\NETAPI32.dll
*C:\winnt\System32\TAPI32.dll
*C:\winnt\System32\rtutils.dll
*C:\winnt\System32\WINMM.dll
*C:\winnt\System32\SCHANNEL.DLL
*C:\winnt\System32\Secur32.dll
*C:\winnt\system32\MSASN1.dll
*C:\winnt\system32\CRYPT32.dll
*C:\winnt\system32\USERENV.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll
*C:\Program Files\Grisoft\AVG Free\avgmail.dll
*C:\winnt\System32\SensAPI.DLL
*C:\winnt\system32\mswsock.dll
*C:\winnt\System32\wshtcpip.dll
*C:\Program Files\Messenger Plus! 3\MsgPlusH.dll
*C:\winnt\system32\comdlg32.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll
+1276=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\MFC71.DLL
*C:\winnt\System32\MSVCR71.dll
*C:\winnt\system32\COMCTL32.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\System32\MSVFW32.dll
*C:\winnt\System32\WINMM.dll
*C:\winnt\System32\MSVCP71.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\MPR.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll
*C:\winnt\System32\SHFOLDER.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\System32\SETUPAPI.dll
*C:\winnt\System32\CLBCATQ.DLL
*C:\winnt\System32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
*C:\Program Files\Grisoft\AVG Free\avgf.dll
*C:\Program Files\Grisoft\AVG Free\AVGRES.DLL
*C:\Program Files\Grisoft\AVG Free\avgcckrn.dll
*C:\Program Files\Grisoft\AVG Free\avgvault.dll
*C:\Program Files\Grisoft\AVG Free\avgscan.dll
*C:\Program Files\Grisoft\AVG Free\avgunarc.dll
*C:\Program Files\Grisoft\AVG Free\avgrep.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avgemsui.dll
*C:\Program Files\Messenger Plus! 3\MsgPlusH.dll
*C:\winnt\system32\comdlg32.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll
+1300=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\MSVCRT.dll
*C:\winnt\System32\VSUTIL.dll
*C:\winnt\system32\COMCTL32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\System32\WSOCK32.dll
*C:\winnt\System32\WS2_32.dll
*C:\winnt\System32\WS2HELP.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\System32\VSINIT.dll
*C:\winnt\System32\VSPUBAPI.dll
*C:\Program Files\Zone Labs\ZoneAlarm\framewrk.dll
*C:\winnt\system32\comdlg32.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\System32\NTMARTA.DLL
*C:\winnt\system32\WLDAP32.dll
*C:\winnt\System32\Crypt32.dll
*C:\winnt\system32\MSASN1.dll
*C:\WINNT\System32\rsaenh.dll
*C:\winnt\System32\vsdata.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\System32\SETUPAPI.dll
*C:\winnt\system32\appHelp.dll
*C:\winnt\System32\CLBCATQ.DLL
*C:\winnt\System32\COMRes.dll
*C:\winnt\System32\vsmonapi.dll
*C:\winnt\System32\psapi.dll
*C:\winnt\System32\zlcomm.dll
*C:\winnt\System32\ZLCommDB.dll
*C:\winnt\System32\vsxml.dll
*C:\Program Files\Messenger Plus! 3\MsgPlusH.dll
*C:\Program Files\Zone Labs\ZoneAlarm\programs.zap
*C:\Program Files\Zone Labs\ZoneAlarm\security.zap
*C:\Program Files\Zone Labs\ZoneAlarm\alert.zap
*C:\Program Files\Zone Labs\ZoneAlarm\email.zap
*C:\Program Files\Zone Labs\ZoneAlarm\firewall.zap
*C:\Program Files\Zone Labs\ZoneAlarm\filter.zap
*C:\Program Files\Zone Labs\ZoneAlarm\privacy.zap
*C:\Program Files\Zone Labs\ZoneAlarm\idlock.zap
*C:\Program Files\Zone Labs\ZoneAlarm\zav.zap
*C:\winnt\System32\ZoneLabs\camupd.dll
*C:\winnt\System32\ZoneLabs\zlparser.dll
+1308=C:\Program Files\Messenger Plus! 3\MsgPlus.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\Program Files\Messenger Plus! 3\MsgPlusH.dll
*C:\winnt\system32\comdlg32.dll
*C:\winnt\system32\uxtheme.dll
+1376=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\MSVCRT.DLL
*C:\winnt\system32\MSVCP71.dll
*C:\winnt\system32\MSVCR71.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\system32\CLBCATQ.DLL
*C:\winnt\system32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\winnt\system32\SHFOLDER.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\SensAPI.DLL
*C:\winnt\system32\Secur32.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
*C:\Program Files\Grisoft\AVG Free\avgamint.dll
*C:\winnt\system32\WSOCK32.dll
*C:\winnt\system32\WS2_32.dll
*C:\winnt\system32\WS2HELP.dll
*C:\winnt\system32\netapi32.dll
*C:\winnt\system32\Wtsapi32.dll
*C:\winnt\system32\WINSTA.dll
*C:\Program Files\Grisoft\AVG Free\avgamsps.dll
*C:\winnt\system32\Apphelp.dll
+1476=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\MSVCRT.DLL
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\system32\uxtheme.dll
*C:\winnt\system32\CLBCATQ.DLL
*C:\winnt\system32\COMRes.dll
*C:\winnt\system32\VERSION.dll
+1576=C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\WSOCK32.dll
*C:\winnt\system32\WS2_32.dll
*C:\winnt\system32\msvcrt.dll
*C:\winnt\system32\WS2HELP.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\WINSPOOL.DRV
*C:\winnt\System32\mswsock.dll
*C:\winnt\system32\DNSAPI.dll
*C:\winnt\System32\winrnr.dll
*C:\winnt\system32\WLDAP32.dll
*C:\winnt\system32\rasadhlp.dll
*C:\winnt\System32\wshtcpip.dll
*C:\winnt\system32\EBAPI2.DLL
*C:\winnt\system32\MPR.dll
*C:\winnt\system32\COMCTL32.dll
*C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL
*C:\winnt\system32\VERSION.dll
+1616=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ole32.dll
*C:\winnt\system32\GDI32.dll
*C:\winnt\system32\USER32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:\winnt\system32\RPCRT4.dll
*C:\winnt\system32\OLEAUT32.dll
*C:\winnt\system32\MSVCRT.DLL
*C:\winnt\system32\VERSION.dll
*C:\winnt\system32\SHELL32.dll
*C:\winnt\system32\SHLWAPI.dll
*C:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
*C:\winnt\system32\comctl32.dll
*C:\winnt\system32\psapi.dll
*C:\winnt\system32\CLBCATQ.DLL
*C:\winnt\system32\COMRes.dll
+1716=C:\winnt\System32\svchost.exe
*C:\winnt\System32\ntdll.dll
*C:\winnt\system32\kernel32.dll
*C:\winnt\system32\ADVAPI32.dll
*C:�

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 PM

Posted 13 March 2005 - 05:56 PM

I need to get samples of some of your files. Please create a folder called c:\submit. Now copy the following files into that directory:

C:\WINNT\SYSTEM32\settings.dll

To copy the files simply navigate to the directory they are in and right click on them and then click on copy. Then paste these files into the c:\submit directory. Once the files are all copied I need you to zip the folder and rename submit.zip to yourmembername.zip (for example grinler.zip). If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a compressed folder. You will now see a file called submit.zip. If you are using another version of Windows, please download a program called Winzip and zip it using that. Then go to http://www.bleepingcomputer.com/submit-malware.php fill in the required fields, and browse to the file. Then click on the Send File button.


Download RegSrch.zip from here:

http://billsway.com/vbspage/vbsfiles/RegSrch.zip

Unzip it and then double-click on the regsrch.vbs file. When it runs it will prompt you for a string to search for. Enter settings.dll into that field and press enter.

It will run for a while silently and then create a report. Please paste the contents of that report into a reply to this topic.

*Note: If you have Norton script blocking installed, disable it or allow the script to run or this tool won't work!

#13 jonnyhibbert

jonnyhibbert
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 14 March 2005 - 04:14 PM

Ok i sent in the file, and also have now downloaded that script..But there is a slight problem- It doesnt work. I made sure there was nothing stoping it running, and then searched for settings.dll, to no avail, i then searched for Settings.dll, to no avail..I tried moving the file, and moving the program to the file, and still no avail..So is there anything else i should do? Thankyou

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:33 PM

Posted 14 March 2005 - 04:20 PM

Can you also submit this file:

C:\winnt\System32\systr.dll

#15 jonnyhibbert

jonnyhibbert
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 14 March 2005 - 05:46 PM

Done.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users