Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log - Toloma


  • Please log in to reply
14 replies to this topic

#1 Toloma

Toloma

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 06 June 2005 - 11:53 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:51:12 AM, on 6/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\TANGOMANAGER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\CCHESS\SMENU.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\DAP\DAP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.osk188.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\SYSTEM\NAVIHELPER.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab



Hi thx for reading this. My problem is, most of the time when I open IE a pop up show up. It ad change every few days, but the main address always : http://mms.tjcq2.com/. It's a China site.
Here somthing i copy from right-click-> View Source



<html>
<head>
<title>katong----┐Ę═Ę»┬■¤┬ďě</title>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<style type="text/css">
.greeninput {
BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #ffffff 1px solid; FONT-SIZE: 12px; BORDER-LEFT: #ffffff 1px solid; WIDTH: 100px; COLOR: #000000; BORDER-BOTTOM: #ffffff 1px solid; HEIGHT: 17px; BACKGROUND-COLOR: #f2f8af
}
.zsinput {
BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #ffffff 1px solid; FONT-SIZE: 12px; BORDER-LEFT: #ffffff 1px solid; WIDTH: 80px; COLOR: #ffffff; BORDER-BOTTOM: #ffffff 1px solid; HEIGHT: 17px; BACKGROUND-COLOR: #d383e8
}
.zs2input {
BORDER-RIGHT: #ffffff 1px solid; BORDER-TOP: #ffffff 1px solid; FONT-SIZE: 12px; BORDER-LEFT: #ffffff 1px solid; WIDTH: 100px; COLOR: #ffffff; BORDER-BOTTOM: #ffffff 1px solid; HEIGHT: 17px; BACKGROUND-COLOR: #993300}
a {
font-size: 12px;
}
h1 {
font-size: 12px;
color: #FFFFFF;
}
.style1 {
color: #FFFFFF;
font-size: 12px;
}
</style>

<script LANGUAGE="JavaScript">
<!--
function formCheck()
{
var themobile = document.theform.phone.value
if (themobile == "")
{
alert("ăŰ╠ţđ┤Í╗˙║┼!");
document.theform.phone.focus()
return false;
}
var b2mobile = themobile.substr(0,2)
if(themobile.length != 11 || b2mobile != '13' || !isNumber(themobile))
{
alert("ăŰ╠ţđ┤Ňř╚ĚÁ─Í╗˙║┼!");
document.theform.phone.focus()
return false;
}
return true
}

function isNumber(s) //řÎÍ┼đ¤║»ř
{
var digits = "0123456789";
var i = 0;
var sLength = s.length;

while ((i < sLength))
{
var c = s.charAt(i);
if (digits.indexOf© == -1) return false;
i++;
}

return true;
}
//-->
</SCRIPT>

</head>
<body bgcolor="#ffffff" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" scroll="no">
<table width="300" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><a href="http://www.kt88.net/kt_1.asp" rel="nofollow" target="_blank"><img name="kt_r1_c1" src="image/300x300.gif" width="300" height="270" border="0" alt=""></a></td>
</tr>
<!-- <tr>
<td height="30" background="image/kt_r2_c1.jpg">

<table width="100%" border="0" cellspacing="0" cellpadding="0">
<FORM name="theform" onsubmit="return formCheck();"
action="http://www.kt88.net/ts.asp" method="get" rel="nofollow" target="_blank">
<tr>
<td width="33%" height="23" align="center"><span class="style1"><font color="#FFFF00">ăŰń╚ŰÍ╗˙║┼ú║</font></span></td>
<td width="39%"><input name="phone" type="text" class="zs2input" size="16" maxlength="11"></td>
<td width="28%"><input type="image" src="image/button.gif" width="70" height="20" border="0"></td>
</tr>
</form>
</table>

</td>
</tr>
-->
</table>
</body>
</html>

Edited by Toloma, 06 June 2005 - 12:36 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 AM

Posted 07 June 2005 - 03:52 PM

Download http://www.bleepingcomputer.com/files/grinler/pfind-new.zip

Extract pfind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\pfind and double-click on pfind.bat. When it is done, reboot and post the contents of c:\pfind.txt as a reply to this topic.

#3 Toloma

Toloma
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 09 June 2005 - 03:47 PM

Here's the C:\pfind.txt
Files found with this application may be legitimate.
Only remove files that you know are malware related.


Checking the folder



Checking the folder



Checking the C:\WINDOWS folder



Checking the C:\WINDOWS\SYSTEM folder



Checking all directories under the C:\WINDOWS\SYSTEM\drivers folder



Checking the \Start Menu\programs\Startup\ folder




Checking the \Application Data folder




Checking the \Start Menu\programs\Startup\ folder




Checking the \Application Data folder




Checking the Windows folder for system and hidden files within the last 60 days



correction for my last post, it is not change every few days but have 2 or 3 different ad, show up either one.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 AM

Posted 09 June 2005 - 06:20 PM

Download Silentrunners.zip from:

http://www.silentrunners.org/

Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.

When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.

#5 Toloma

Toloma
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 10 June 2005 - 04:35 AM

Thanks Grinler again^^, here's the Silent Runner log file


"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Taskbar Display Controls" = "RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY" [MS]
"ctfmon.exe" = "ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"NAV Agent" = "C:\PROGRA~1\NORTON~1\NAVAPW32.EXE" ["Symantec Corporation"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"LoadQM" = "loadqm.exe" [MS]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"SSDPSRV" = "C:\WINDOWS\SYSTEM\ssdpsrv.exe" [MS]
"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]
"MDM7" = ""C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"" [MS]
"ScriptBlocking" = ""C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" ["Symantec Corporation"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" ["Yahoo! Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{0000CC75-ACF3-4cac-A0A9-DD3868E06852}\(Default) = "DAPHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\DAP\DAPBHO.DLL" ["Speedbit Ltd."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]
{3E422F49-1566-40D3-B43D-077EF739AC32}\(Default) = "NaviHelperObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\NAVIHELPER.DLL" ["TODO: <___>"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL" ["GuideWorks Pty. Ltd."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\UPNPUI.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALPLAYER\RPSHELL.DLL" ["RealNetworks, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL" ["Yahoo! Inc."]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


WIN.INI & SYSTEM.INI launch points:
-----------------------------------

WIN.INI
[windows]
INFECTION WARNING! "run=C:\WINDOWS\SYSTEM\cmmpu.exe" [null data]

SYSTEM.INI
[boot]
"SCRNSAVE.EXE=C:\WEP\IDLEWILD.EXE" [null data]


Enabled Scheduled Tasks:
------------------------

"Tune-up Application Start" -> launches: "walign" [MS]
"PCHealth Scheduler for Data Collection" -> launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]
"Symantec NetDetect" -> launches: "C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE" ["Symantec Corporation"]
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\WINDOWS\ALLUSE~1\APPLIC~1\SYMANTEC\NORTON~1\TASKS\MYCOMP.SCA" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 - 4
C:\WINDOWS\SYSTEM\msafd.dll [MS], 5 - 7
C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 8 - 9


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "&Yahoo! Companion"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {CLSID}\(Default) = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{62999427-33FC-4BAF-9C9C-BCE6BD127F08}"
-> {CLSID}\(Default) = "DAP Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\DAP\DAPIEBAR.DLL" [" "]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {CLSID}\(Default) = "&Yahoo! Companion"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL" ["Yahoo! Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
-> {CLSID}\(Default) = "&Yahoo! Messenger"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
-> {CLSID}\(Default) = "&Yahoo! Messenger"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{669695BC-A811-4A9D-8CDF-BA8C795F261C}\
"ButtonText" = "Run DAP"
"Exec" = "C:\PROGRA~1\DAP\DAP.EXE" ["SpeedBit Ltd."]

{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8}\
"ButtonText" = "PowerWord"
"CLSIDExtension" = "{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL" ["$"]

{8DE0FCD4-5EB5-11D3-AD25-00002100131B}\
"ButtonText" = "Joyo"
"CLSIDExtension" = "{8DE0FCD4-5EB5-11D3-AD25-00002100131B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL" ["$"]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL" ["Yahoo! Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL" ["GuideWorks Pty. Ltd."]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 AM

Posted 10 June 2005 - 10:13 AM

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the mark all button.

6. Press the OK button.

7. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

8. Post a copy of the log as a reply to this post.

#7 Toloma

Toloma
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 10 June 2005 - 01:13 PM

:thumbsup:

StartDreck (build 2.1.7 public stable) - 2005-06-11 @ 02:18:09 (GMT +08:00)
Platform: Windows ME (Win 4.90.3000 )
Internet Explorer: 6.0.2800.1106
Logged in as WINME at WINME

╗Registry
╗Run Keys
╗Current User
╗Run
*Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
*ctfmon.exe=ctfmon.exe
╗RunOnce
╗Default User
╗Run
*Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
*ctfmon.exe=ctfmon.exe
╗RunOnce
╗Local Machine
╗Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*PCHealth=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*LoadQM=loadqm.exe
*C-Media Mixer=Mixer.exe /startup
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
╗RunOnce
╗RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*SSDPSRV=C:\WINDOWS\SYSTEM\ssdpsrv.exe
**StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
*MDM7="C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
╗RunServicesOnce
╗RunOnceEx
╗RunServicesOnceEx
╗File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
╗Active Setup (LM)
+Windows Setup - Applets/AppletsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - FAT32 Converter/PerUser_CVT_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf
+Windows Setup - Fonts/FontsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf
+Windows Setup - Home Networking Wizard/PerUser_HNW_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf
+PerUser_ICW_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Windows Movie Maker/PerUser_moviemaker
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf
+MSN-Migration/>PerUser_MSN_Clean
*StubPath=C:\WINDOWS\msnmgsr1.exe
+Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06}
*StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
+Windows Setup - System Information/PerUser_Msinfo
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - System Information/PerUser_Msinfo2
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - Multimedia/MotownMmsysPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownAvivideoPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Messaging/PerUser_Base
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf
+CDSAMPLE/SamplerPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf
+Windows Setup - Shell/ShellPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf
+Windows Setup - Color Schemes/Shell2PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf
+Windows Setup - Start Menu/PerUser_winbase_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Start Menu/PerUser_winapps_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Links Bar/PerUser_LinkBar_URLs
*StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe /L
+Windows Setup - Telephony Support/TapiPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf
+Windows Setup - Wordpad/PerUser_MSWordPad_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf
+Windows Setup - More Applets/PerUserOldLinks
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Sound Schemes/MmoptRegisterPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - CD Player/PerUser_CDPlayer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Online Services/OlsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - The Microsoft Network/OlsMsnPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf
+System Restore/PerUser_PCHealth
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Windows Setup - Paint/PerUser_Paint_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - Calculator/PerUser_Calc_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - DriveSpace/PerUser_dxxspace_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf
+Windows Setup - Accessibility/PerUser_Enable_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf
+Windows Setup - Classic Games/PerUser_Wingames_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Internet Games/PerUser_ZoneGame_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Plus! Games/PerUser_PBGame_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Internet Connection Sharing/PerUser_ICS_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICS_Inis 64 C:\WINDOWS\INF\ics.inf
+Windows Setup - Multimedia/MotownRecPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Volume Control/PerUser_Vol
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownMPlayPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Dial-Up Networking/PerUser_RNA_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf
+Windows Setup - Direct Cable Connection/PerUser_DCC_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf
+Windows Setup - System Monitor/PerUser_Sysmon_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - System Meter/PerUser_Sysmeter_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Netwatch/PerUser_netwatch_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Character Map/PerUser_CharMap_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - HyperTerminal/PerUser_Onlinelnks_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Phone Dialer/PerUser_Dialer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Clipboard Viewer/PerUser_ClipBrd_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf
+Windows Setup - Sound Schemes/MmoptMusicaPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptJunglePerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptRobotzPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptUtopiaPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
+Windows Setup - America Online/OlsAolPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - AT&T WorldNet Service/OlsAttPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Prodigy Internet/OlsProdigyPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Earthlink Internet/OlsEarthlinkPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Shell Cursors/Shell3PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf
+Windows Setup -- Themes/Theme_MoreWindows_PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf
+Internet Explorer 6 SP1/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=C:\WINDOWS\SYSTEM\ie4uinit.exe
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
+>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
╗Browser Helper Objects (LM)
*YBIOCtrl.CompanionBHO.4/{02478D38-C3F9-4efb-9B51-7695ECA05670}
`InprocServer32=C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
*DAPBHO.DAPHelper.1/{0000CC75-ACF3-4cac-A0A9-DD3868E06852}
`InprocServer32=C:\PROGRAM FILES\DAP\DAPBHO.DLL
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*NaviHelper.NaviHelperObj.1/{3E422F49-1566-40D3-B43D-077EF739AC32}
`InprocServer32=C:\WINDOWS\SYSTEM\NAVIHELPER.DLL
*PCTools Browser Monitor/{B56A7D7D-6927-48C8-A975-17DF180C71AC}
`InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
*PCTools Site Guard/{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
`InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
╗Internet Explorer
╗Current User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Page=http://home.netscape.com/home/winsearch.html
*Start Page=http://www.osk188.com/
+SearchUrl
*provider=
*=http://keyword.netscape.com/keyword/%s
╗Default User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Page=http://home.netscape.com/home/winsearch.html
*Start Page=http://www.osk188.com/
+SearchUrl
*provider=
*=http://keyword.netscape.com/keyword/%s
╗Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://home.netscape.com/home/winsearch.html
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://home.netscape.com/home/winsearch200.html
*Search Page=http://home.netscape.com/home/winsearch.html
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
╗ShellServiceObjectDelayLoad (LM)
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1}
`InprocServer32=C:\WINDOWS\SYSTEM\UPNPUI.DLL
*AUHook={BCBCD383-3E06-11D3-91A9-00C04F68105C}
`InprocServer32=C:\WINDOWS\SYSTEM\AUHOOK.DLL
╗Special NT Values
╗Current User
*Load=
*Run=
*Programs=
*SHELL=
╗Default User
*Load=
*Run=
*Programs=
*SHELL=
╗Local Machine
*AppInit_DLLs=
*SHELL=
*Userinit=
╗Files
╗Autostart Folders
╗Current User
╗Default User
╗Local Machine
╗INI-Files
╗WIN.INI\[windows]
*LOAD=
*RUN=C:\WINDOWS\SYSTEM\cmmpu.exe
╗SYSTEM.INI\[boot]
*SHELL=Explorer.exe
╗Text Files
*C:\msdos.sys
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
`[Options]
`BootMulti=1
`BootGUI=1
`AutoScan=1
`WinVer=4.90.3000
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
`BootMenu=0
*C:\config.sys
*C:\autoexec.bat
`SET windir=C:\WINDOWS
`SET winbootdir=C:\WINDOWS
`SET COMSPEC=C:\WINDOWS\COMMAND.COM
`SET PATH=C:\WINDOWS\SYSTEM;C:\WINDOWS;C:\WINDOWS\COMMAND
`SET PROMPT=$p$g
`SET TEMP=C:\WINDOWS\TEMP
`SET TMP=C:\WINDOWS\TEMP
*C:\WINDOWS\wininit.bak
`[rename]
`NUL=C:\WINDOWS\TEMP\GLB1A2B.EXE
*C:\WINDOWS\winstart.bat
`@C:\WINDOWS\tmpcpyis.bat
*C:\WINDOWS\command\cmdinit.bat
`@echo off
`doskey /insert > nul
╗Program Files
*C:\io.sys
*C:\WINDOWS\win.com
*C:\WINDOWS\explorer.exe
╗%PATH% Companion Files
+C:\COMMAND.COM
*C:\WINDOWS\COMMAND.PIF
*C:\WINDOWS\COMMAND.COM
╗System/Drivers
╗Running Processes
+FFEFEC1F=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFFFAABB=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE4AB7=C:\WINDOWS\SYSTEM\mmtask.tsk
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE40EB=C:\WINDOWS\SYSTEM\MPREXE.EXE
*C:\WINDOWS\SYSTEM\MSNP32.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MPRSERV.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE319F=C:\WINDOWS\SYSTEM\MSTASK.EXE
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSIDLE.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEF3FB=C:\WINDOWS\SYSTEM\SSDPSRV.EXE
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE16EC7=C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE3E4F=C:\WINDOWS\EXPLORER.EXE
*C:\WINDOWS\SYSTEM\SYNCUI.DLL
*C:\PROGRAM FILES\IZARC\IZARCCM.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\PROGRAM FILES\YAHOO!\COMMON\YMMAPI.DLL
*C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL
*C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*C:\PROGRAM FILES\DAP\DAPBHO.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\DOCPROP2.DLL
*C:\WINDOWS\SYSTEM\AVIFIL32.DLL
*C:\WINDOWS\SYSTEM\MSACM32.DLL
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\WINDOWS\SYSTEM\MSVFW32.DLL
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\DCIMAN32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\BROWSELC.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\WINDOWS\SYSTEM\ES.DLL
*C:\WINDOWS\SYSTEM\SENS.DLL
*C:\WINDOWS\SYSTEM\ESTIER2.DLL
*C:\WINDOWS\SYSTEM\ESSHARED.DLL
*C:\WINDOWS\SYSTEM\UPNP.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\SSDPAPI.DLL
*C:\WINDOWS\SYSTEM\AUHOOK.DLL
*C:\WINDOWS\SYSTEM\UPNPUI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
*C:\WINDOWS\SYSTEM\MSI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE219B=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\MSIDLE.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\SMGR.DLL
*C:\WINDOWS\SYSTEM\SFPDLL.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\ATRACE.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE1B64B=C:\WINDOWS\TASKMON.EXE
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE0151B=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVPROXY.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SYMREDIR.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFALERT.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\APWCMD9X.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\APWUTIL.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE0AA07=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE0077B=C:\WINDOWS\LOADQM.EXE
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\PROGDL.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\QMGR.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE0591F=C:\WINDOWS\MIXER.EXE
*C:\WINDOWS\SYSTEM32\CMNPROP.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE34F0F=C:\WINDOWS\RunDLL.exe
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE34C03=C:\WINDOWS\SYSTEM\CTFMON.EXE
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSUTB.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE3F9E3=C:\CCHESS\SMENU.EXE
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE8370B=C:\WINDOWS\SYSTEM\DDHELP.EXE
*C:\WINDOWS\SYSTEM\DD620_32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE2F43B=C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\TANGOMANAGER.EXE
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\ENIPCINFO.DLL
*C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\PACKETLOG.DLL
*C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\RESMSGENU.DLL
*C:\WINDOWS\SYSTEM\MFC42.DLL
*C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\PINGDNS.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\DSLAPI32.DLL
*C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\NWCNFG.DLL
*C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\PCIAPI32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SNMPAPI.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLEDLG.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE5178F=C:\WINDOWS\SYSTEM\RNAAPP.EXE
*C:\WINDOWS\SYSTEM\RNAUI.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE5C447=C:\WINDOWS\SYSTEM\TAPISRV.EXE
*C:\WINDOWS\SYSTEM\ISDNUI.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\NDSWAN32.DLL
*C:\WINDOWS\SYSTEM\TSP3216L.TSP
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\DIGEST.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\SCHANNEL.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\MSNSSPC.DLL
*C:\WINDOWS\SYSTEM\MSAPSSPC.DLL
*C:\WINDOWS\SYSTEM\MSVCRT40.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE72BE3=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
*C:\WINDOWS\SYSTEM\MSHTMLED.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL
*C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YPUBC.DLL
*C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\PUBMOD.DLL
*C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOHEV.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\IME\SPTIP.DLL
*C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\PENUSA.DLL
*C:\WINDOWS\SYSTEM\MSIMTF.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\PROGRAM FILES\DAP\DAPIE.DLL
*C:\PROGRAM FILES\DAP\MFC42.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IESDSG.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IESDPB.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\NAVIHELPER.DLL
*C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*C:\PROGRAM FILES\DAP\DAPBHO.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\BROWSELC.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE701D3=C:\PROGRAM FILES\DAP\DAP.EXE
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\PROGRAM FILES\DAP\MFC42.DLL
*C:\PROGRAM FILES\DAP\ZLIB.DLL
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\PROGRAM FILES\DAP\RAPTRA30.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFE5F57B=C:\DOWNLOADS\STARTDRECK\STARTDRECK.EXE
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\MSCTF.DLL
*C:\DOWNLOADS\STARTDRECK\VB4DE32.DLL
*C:\DOWNLOADS\STARTDRECK\VB40032.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
╗NT Services
╗NT Kernel- and FS-drivers
╗VMM32Files (LM)
*vdd.vxd=
*vflatd.vxd=
*biosxlat.vxd=
*combuff.vxd=
*configmg.vxd=
*dosmgr.vxd=
*dynapage.vxd=
*ebios.vxd=
*ifsmgr.vxd=
*int13.vxd=
*ios.vxd=
*mtrr.vxd=
*ntkern.vxd=
*pageswap.vxd=
*parity.vxd=
*perf.vxd=
*reboot.vxd=
*shell.vxd=
*spooler.vxd=
*udf.vxd=
*v86mmgr.vxd=
*vcache.vxd=
*vcd.vxd=
*vcdfsd.vxd=
*vcomm.vxd=
*vcond.vxd=
*vdef.vxd=
*vdmad.vxd=
*vfat.vxd=
*vfbackup.vxd=
*vkd.vxd=
*vmcpd.vxd=
*vmouse.vxd=
*vmpoll.vxd=
*vpd.vxd=
*vpicd.vxd=
*vpowerd.vxd=
*vsd.vxd=
*vtd.vxd=
*vtdapi.vxd=
*vwin32.vxd=
*vxdldr.vxd=
*vxdmon.vxd=
*enable.vxd=
╗%System%\VMM32
*C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD
*C:\WINDOWS\SYSTEM\VMM32\MRCI2.VXD
╗%System%\IOSUBSYS
*C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV
*C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVSPACX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\Cdralvsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\Cdr4vsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\Acbhlpr.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\pxhelper.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\SMARTVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\USBMPHLP.PDR
╗Application specific
╗MS Office 97/8.0 STARTUP-PATH
╗Current User
╗Default User
╗Local Machine
╗ICQ NetDetect
╗Current User
╗Default User

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 AM

Posted 10 June 2005 - 10:37 PM

I just do not see anything at all wrong with your system. I am stumped on this one

#9 Toloma

Toloma
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 11 June 2005 - 04:11 AM

hmm...the only found item i not remove is Download Accelerator Plus ads. My DAP is older ver 5.3.9.8.

80% chance it pop up when I first time start IE after start the pc. After that it have <20% chance. It only shows up when I open a new IE window.

Anyway, really thank you for working on my problem :thumbsup:

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 AM

Posted 11 June 2005 - 12:30 PM

Wish I could help you more :thumbsup:

#11 Toloma

Toloma
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 12 June 2005 - 07:53 PM

WIN.INI
[windows]
INFECTION WARNING! "run=C:\WINDOWS\SYSTEM\cmmpu.exe" [null data]

What is this? Should i remove this?
CMMPU.EXE 79,872bytes

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 AM

Posted 13 June 2005 - 09:49 AM

This is what that is:

http://www.bleepingcomputer.com/startups/cmmpu.exe-4607.html

#13 racerx300zx

racerx300zx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 11 July 2005 - 07:21 PM

I don't know if this will help you or not, but, go into your start menu, select run, type "msconfig", no quotes, hit enter, then see if you have an untiltled startup item, I had the same popup, and after diabling this process it went away, hope it helps.

#14 <_Admiral_>

<_Admiral_>

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 11 July 2005 - 08:03 PM

I have the same problem, i think this thing came via e-mail i dont ahve the e-mail left thow sence i knew they wehere bad i deleted them right away but somehow i think something got threw by acsident

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:55 AM

Posted 11 July 2005 - 08:57 PM

Thanks all...but please do not post into hijackthis logs as it can screw up the process our HJT helpers find the unanswered logs. If you need help then please post your own log. On the other hand, if you have some tips or experiences you would like to share, please share it in the AntiVirus, Firewall and Privacy Products and Protection Methods forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users