Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - pcproblem


  • Please log in to reply
15 replies to this topic

#1 pcproblem

pcproblem

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 16 July 2005 - 02:52 PM

hi. i'm really thankful to this site for the help that u are offering. my problem is that i have this spyware virus on my computer called hotoffers spyware. the hijacker simply trys to connect to "hot offers.com" about every minute. Its really irritating cos i cant delete it from my computer using anti-spyware scans. Is there anyway that u can help. Thanks a lot.

Logfile of HijackThis v1.99.1
Scan saved at 12:35:42 AM, on 7/15/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgoods.info/ad/ad0162/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 17 July 2005 - 02:37 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgoods.info/ad/ad0162/
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\wx.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\wx.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

c:\eied_s7.cab
c:\wx.cab
c:\wx.cab
c:\ied_s7.cab

Reboot your computer to go back to normal mode.

Download http://www.bleepingcomputer.com/files/winpfind.php

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic along with a new hijackthis log.

#3 pcproblem

pcproblem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 20 July 2005 - 02:33 PM

thanks a lot for the help. i really appreciate u taking the time to help me.
i did the scan on winPFind.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/20/2005 10:36:58 PM 5156896 CLASSES.DAT
7/20/2005 10:36:58 PM 688160 USER.DAT
7/20/2005 10:35:10 PM 2396192 SYSTEM.DAT
7/20/2005 10:27:38 PM 9266 ttfCache
7/12/2005 7:37:46 PM 8628 hpf69t07.GID
5/23/2005 7:08:00 PM 8628 hpf69h07.GID
7/20/2005 10:16:56 PM 2778 HelpSessionHistory.stream
7/20/2005 10:29:04 PM 6 SA.DAT
6/26/2005 11:27:32 PM 499 ffastlog.txt
6/10/2005 2:24:38 PM 3104768 Install_MSN_Messenger.exe.0000.aut
7/20/2005 10:31:58 PM 4340 Desktop.htt
6/15/2005 2:53:56 PM 59556 Doremi.ttf

»»»»»»»»»»»»»»»»»»»»»»»» Checking Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...
1/25/2005 11:07:48 AM 627 C:\WINDOWS\Start Menu\Programs\StartUp\Logitech Desktop Messenger.lnk
7/4/2005 3:25:16 PM 410 C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk

Checking files in %USERPROFILE%\Application Data folder...
7/9/2005 7:27:16 PM 1403 C:\WINDOWS\Application Data\dw.log

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = C:\WINDOWS\SYSTEM\SHELL32.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
PCHealth C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM loadqm.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Program Files\Logitech\Video\LogiTray.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
LVComs C:\WINDOWS\SYSTEM\LVComS.exe
B'sCLiP C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMON.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
MSFS
MAPI
IMAIL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
Spyware Doctor "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\Web Folders\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.0.0.15 - Log file written to "WinPFind.Txt" in the WinPFind folder.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 20 July 2005 - 02:52 PM

Download Silentrunners.zip from:

http://www.silentrunners.org/

Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.

When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.

#5 pcproblem

pcproblem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 21 July 2005 - 03:50 PM

hi. thanks again for ur help. I'm really grateful :thumbsup:

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows Me (Millennium Edition)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = "C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet" ["Yahoo! Inc."]
"Spyware Doctor" = ""C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q" ["PCTools"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
"TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
"PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
"SystemTray" = "SysTray.Exe" [MS]
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"LoadQM" = "loadqm.exe" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"LVComs" = "C:\WINDOWS\SYSTEM\LVComS.exe" ["Logitech Inc."]
"B'sCLiP" = "C:\PROGRA~1\B'SCLI~1\BSCLIP.exe" ["B.H.A Corporation."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMON.EXE" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
"LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
"SchedulingAgent" = "mstask.exe" [MS]
"*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]
"Machine Debug Manager" = "C:\WINDOWS\SYSTEM\MDM.EXE" [MS]
"ccEvtMgr" = ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
"ScriptBlocking" = ""C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg" ["Symantec Corporation"]
"StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS]

HKLM\Software\Microsoft\Active Setup\Installed Components\
PerUser_CVT_Inis\(Default) = "Windows Setup - FAT32 Converter"
\StubPath = "rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf" [MS]

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 24 July 2005 - 01:38 PM

Are you still having problems as I do not see anything else wrong here

#7 pcproblem

pcproblem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 24 July 2005 - 03:29 PM

hi.
i'm still having problems with my pc.
1. the homepage keeps changing to http://www.specialgoods.info against my will.
2. error messages keep popping up every 5 minutes.
3. while i'm on a site, it keeps changing to www.specialgoods.info
do u know what's wrong with my pc? i really appreciate ur help. thanx

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 24 July 2005 - 08:51 PM

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the mark all button.

6. Press the OK button.

7. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

8. Post a copy of the log as a reply to this post.

#9 pcproblem

pcproblem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 25 July 2005 - 06:03 PM

hi. thanks again for the help.

StartDreck (build 2.1.7 public stable) - 2005-07-26 @ 02:52:58 (GMT +04:00)
Platform: Windows ME (Win 4.90.3000 )
Internet Explorer: 6.0.2600.0000
Logged in as User at USER

»Registry
»Run Keys
»Current User
»Run
*Yahoo! Pager=C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
*Spyware Doctor="C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
»RunOnce
»Default User
»Run
*Yahoo! Pager=C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
*Spyware Doctor="C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*PCHealth=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*LoadQM=loadqm.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
*LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*ccRegVfy="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
*LVComs=C:\WINDOWS\SYSTEM\LVComS.exe
*B'sCLiP=C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMON.EXE
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
**StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
*Machine Debug Manager=C:\WINDOWS\SYSTEM\MDM.EXE
*ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Windows Setup - Applets/AppletsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - FAT32 Converter/PerUser_CVT_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf
+Windows Setup - Fonts/FontsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf
+Windows Setup - Home Networking Wizard/PerUser_HNW_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf
+PerUser_ICW_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Windows Movie Maker/PerUser_moviemaker
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf
+MSN-Migration/>PerUser_MSN_Clean
*StubPath=C:\WINDOWS\msnmgsr1.exe
+Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06}
*StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
+Windows Setup - System Information/PerUser_Msinfo
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - System Information/PerUser_Msinfo2
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - Multimedia/MotownMmsysPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownAvivideoPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Messaging/PerUser_Base
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf
+CDSAMPLE/SamplerPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf
+Windows Setup - Shell/ShellPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf
+Windows Setup - Color Schemes/Shell2PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf
+Windows Setup - Start Menu/PerUser_winbase_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Start Menu/PerUser_winapps_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Links Bar/PerUser_LinkBar_URLs
*StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe /L
+Windows Setup - Telephony Support/TapiPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf
+Windows Setup - Wordpad/PerUser_MSWordPad_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf
+Windows Setup - More Applets/PerUserOldLinks
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Sound Schemes/MmoptRegisterPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - CD Player/PerUser_CDPlayer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Online Services/OlsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - The Microsoft Network/OlsMsnPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf
+System Restore/PerUser_PCHealth
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf
+Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
+Microsoft Windows Media Player 7/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Windows Setup - Paint/PerUser_Paint_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - Calculator/PerUser_Calc_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - DriveSpace/PerUser_dxxspace_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf
+Windows Setup - Accessibility/PerUser_Enable_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf
+Windows Setup - Classic Games/PerUser_Wingames_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Internet Games/PerUser_ZoneGame_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Plus! Games/PerUser_PBGame_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Multimedia/MotownRecPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Volume Control/PerUser_Vol
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownMPlayPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Dial-Up Networking/PerUser_RNA_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf
+Windows Setup - System Monitor/PerUser_Sysmon_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - System Meter/PerUser_Sysmeter_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Netwatch/PerUser_netwatch_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Character Map/PerUser_CharMap_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Phone Dialer/PerUser_Dialer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Clipboard Viewer/PerUser_ClipBrd_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf
+Windows Setup - Sound Schemes/MmoptMusicaPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptJunglePerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptRobotzPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptUtopiaPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
+Windows Setup - Shell Cursors/Shell3PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf
+Windows Setup -- Themes/Theme_MoreWindows_PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf
+Web Publishing Wizard/{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=C:\WINDOWS\SYSTEM\ie4uinit.exe
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
*PCTools Browser Monitor/{B56A7D7D-6927-48C8-A975-17DF180C71AC}
`InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
*PCTools Site Guard/{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
`InprocServer32=C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.specialgoods.info/ad/ad0162/
+SearchUrl
*provider=
»Default User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.specialgoods.info/ad/ad0162/
+SearchUrl
*provider=
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*AUHook={BCBCD383-3E06-11D3-91A9-00C04F68105C}
`InprocServer32=C:\WINDOWS\SYSTEM\AUHOOK.DLL
»Special NT Values
»Current User
*Load=
*Run=
*Programs=
*SHELL=
»Default User
*Load=
*Run=
*Programs=
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=
*Userinit=
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Logitech Desktop Messenger.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Webshots.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Logitech Desktop Messenger.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=C:\WINDOWS\SYSTEM\cmmpu.exe
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
`[Options]
`BootMulti=1
`BootGUI=1
`AutoScan=1
`WinVer=4.90.3000
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
*C:\config.sys
*C:\autoexec.bat
`SET windir=C:\WINDOWS
`SET winbootdir=C:\WINDOWS
`SET COMSPEC=C:\WINDOWS\COMMAND.COM
`SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
`SET PROMPT=$p$g
`SET TEMP=C:\WINDOWS\TEMP
`SET TMP=C:\WINDOWS\TEMP
*C:\WINDOWS\wininit.bak
`[Rename]
*C:\WINDOWS\winstart.bat
`@C:\WINDOWS\tmpcpyis.bat
*C:\WINDOWS\command\cmdinit.bat
`@echo off
`doskey /insert > nul
»Program Files
*C:\io.sys
*C:\WINDOWS\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\command.com
*C:\WINDOWS\COMMAND.COM
+C:\WINDOWS\SYSTEM\HH.EXE
*C:\WINDOWS\HH.EXE
»System/Drivers
»Running Processes
+FFEF1567=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFFFD3DB=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE7837=C:\WINDOWS\SYSTEM\MPREXE.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSNP32.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MPRSERV.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEE603=C:\WINDOWS\SYSTEM\MSTASK.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSIDLE.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEC6EF=C:\WINDOWS\SYSTEM\MDM.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\MSDBGEN.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFED7BF=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVT.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVEVENT.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\MSVCIRT.DLL
*C:\WINDOWS\SYSTEM\SYMSTORE.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\CCTRUST.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE874B=C:\WINDOWS\SYSTEM\STIMON.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\WIAVUSD.DLL
*C:\WINDOWS\SYSTEM\WIASERVC.DLL
*C:\WINDOWS\SYSTEM\MSCMS.DLL
*C:\WINDOWS\SYSTEM\STI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\IPROP.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE3407=C:\WINDOWS\SYSTEM\mmtask.tsk
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFDB9DB=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\MSIDLE.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\SMGR.DLL
*C:\WINDOWS\SYSTEM\SFPDLL.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\ATRACE.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFD4EE3=C:\WINDOWS\EXPLORER.EXE
*C:\WINDOWS\SYSTEM\MSADP32.ACM
*C:\WINDOWS\SYSTEM\MSACM32.DLL
*C:\WINDOWS\SYSTEM\IMGUTIL.DLL
*C:\WINDOWS\SYSTEM\MSTASK.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL
*C:\WINDOWS\SYSTEM\BROWSELC.DLL
*C:\WINDOWS\SYSTEM\SYNCUI.DLL
*C:\WINDOWS\SYSTEM\WIASHEXT.DLL
*C:\WINDOWS\SYSTEM\STI.DLL
*C:\WINDOWS\SYSTEM\IPROP.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\WIASTATD.DLL
*C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\WINDOWS\SYSTEM\CCTRUST.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\PROGRAM FILES\WINZIP\WZSHLSTB.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\AUHOOK.DLL
*C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
*C:\WINDOWS\SYSTEM\MSI.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM32\PARAM32.DLL
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RNAUI.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFCC16B=C:\WINDOWS\SYSTEM\CMMPU.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SMIDI32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFC92CB=C:\WINDOWS\TASKMON.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB4573=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\WMI.DLL
*C:\WINDOWS\SYSTEM\BATMETER.DLL
*C:\WINDOWS\SYSTEM\POWRPROF.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB2C9B=C:\WINDOWS\LOADQM.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\PROGDL.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\QMGR.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB036F=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB61F7=C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\LVCOMC.DLL
*C:\WINDOWS\TWAIN_32\QUICKCAM\HPORTAL.DLL
*C:\WINDOWS\TWAIN_32\QUICKCAM\LHPORTAL.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\PROGRAM FILES\LOGITECH\VIDEO\LLOGTRAY.DLL
*C:\PROGRAM FILES\LOGITECH\VIDEO\QCUI2.DLL
*C:\PROGRAM FILES\LOGITECH\VIDEO\LQCUI2.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\MFC42.DLL
*C:\PROGRAM FILES\LOGITECH\VIDEO\LTWVC12N.DLL
*C:\WINDOWS\SYSTEM\MSIMG32.DLL
*C:\WINDOWS\SYSTEM\AVIFIL32.DLL
*C:\WINDOWS\SYSTEM\MSACM32.DLL
*C:\WINDOWS\SYSTEM\MSVFW32.DLL
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\DCIMAN32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFBD0C3=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\MSTASK.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVEMAIL.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\APWCMD9X.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVEVENT.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\APWUTIL.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\SAVRT32.DLL
*C:\WINDOWS\SYSTEM\CCPASSWD.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFALERT.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\CCIMSCAN.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCREGMON.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVT.DLL
*C:\WINDOWS\SYSTEM\CCTRUST.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEMLPXY.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCERRDSP.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\SYMREDIR.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPPHLP.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SYMSTORE.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFBACAB=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WMICORE.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFA51CF=C:\WINDOWS\SYSTEM\LVCOMS.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\LVCOMC.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFA2C0F=C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WNASPI32.DLL
*C:\PROGRAM FILES\B'S CLIP\RES.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFA825F=C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SITEGUARD.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SCHEDULER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\REGSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\REFDB.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\PSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\PROCESSGUARD.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\POPUPBLOCKER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\MEMORY.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\LSPSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KEYLOGGERGUARD.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\ITOOLLIB.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IMMUNIZER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IESDSG.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IESDPB.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\IEMONITOR.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\HOSTSSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\GENSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\DISKSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\COOKIESCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\BROWSERSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\BHOSCANNER.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\ACTSTARTUP.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\ACTCOOKIE.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\CHILKATXML.DLL
*C:\WINDOWS\SYSTEM\VBSCRIPT.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL
*C:\WINDOWS\SYSTEM\MSSCRIPT.OCX
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\HHCTRL.OCX
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\VCL70.BPL
*C:\WINDOWS\SYSTEM\OLEDLG.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\PROGRAM FILES\SPYWARE DOCTOR\RTL70.BPL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\MSVBVM60.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\INETMIB1.DLL
*C:\WINDOWS\SNMPAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFF946DF=C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\PROGRAM FILES\WEBSHOTS\LANGUAGES\ENGLISH.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFF846AB=C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\PROGRAM FILES\YAHOO!\MESSENGER\RES_MSGR.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFF63CD3=C:\WINDOWS\SYSTEM\RNAAPP.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\WINDOWS\SYSTEM\RNAUI.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFF695D3=C:\WINDOWS\SYSTEM\TAPISRV.EXE
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\WINDOWS\SYSTEM\UMDM32.DLL
*C:\WINDOWS\SYSTEM\TSP3216L.TSP
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\DIGEST.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\SCHANNEL.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\MSNSSPC.DLL
*C:\WINDOWS\SYSTEM\MSAPSSPC.DLL
*C:\WINDOWS\SYSTEM\MSVCRT40.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFF3E043=C:\WINDOWS\SYSTEM\DDHELP.EXE
*C:\WINDOWS\SYSTEM\DD326_32.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFF3CFA3=C:\WINDOWS\SYSTEM\PSTORES.EXE
*C:\WINDOWS\SYSTEM\PSBASE.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\PSTORERC.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\SWPG.DAT
*C:\PROGRAM FILES\SPYWARE DOCTOR\TOOLS\KLG.DAT
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
+FFF4E11B=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
*C:\WINDOWS\SYSTEM\RSVPSP.DLL
*C:\WINDOWS\SYSTEM\RAPILIB.DLL
*C:\WINDOWS\SYSTEM\MSWSOSP.DLL
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\RNAUI.DLL
*C:\WINDOWS\SYSTEM\PLUGIN.OCX
*C:\WINDOWS\SYSTEM\MSHTMLED.DLL
*C:\WINDOWS\SYSTEM\DDRAWEX.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
*C:\WINDOWS\SYSTEM\VBSCRIPT.DLL
*C:\WINDOWS\SYSTEM\IMGUTIL.DLL
*C:\WINDOWS\SYSTEM\IEPEERS.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL
*C:\WINDOWS\SYSTEM\MSADP32.ACM
*C:\WINDOWS\SYSTEM\MSACM32.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\WIASHEXT.DLL
*C:\WINDOWS\SYSTEM\STI.DLL
*C:\WINDOWS\SYSTEM\IPROP.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:&#

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 25 July 2005 - 09:07 PM

Do you have a file called param32.dll or systr.dll in the c:\windows\system\ folder?

#11 pcproblem

pcproblem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 27 July 2005 - 03:30 PM

hi
yes i do have a file called param32.dll in the in the c:\windows\system\ folder
i dont have a systr.dll

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 27 July 2005 - 03:51 PM

OK...lets do this:

Download killbox here:

KillBox


Unzip the folder to your desktop.

Start Killbox.exe

When it is open, enter c:\windows\system\param32.dll into the field labeled "Full path of file to delete".

Select the Delete on reboot option.

Then press the button that looks like a red circle with a white X in it.

Your computer will reboot and check to see if the file is gone.

Now fix this line in hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.specialgoods.info/ad/ad0162/


reboot and post a new log and tell me if its better

#13 pcproblem

pcproblem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 31 July 2005 - 03:41 PM

hi. thanks for ur help.
i dont know why but i cant delete the file param32.dll. i have tried several times but it does not get deleted.
do u know what is wrong? what do i do?

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 31 July 2005 - 07:46 PM

Try the above steps in safe mode

#15 pcproblem

pcproblem
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 02 August 2005 - 01:57 PM

hi. i think the spyware virus is gone. everything is working normally. thanks you sooooo much for ur help. i really appreciate i. here's the hijackthis log. thank you again for ur help.

Logfile of HijackThis v1.99.1
Scan saved at 10:41:32 PM, on 8/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\B'S CLIP\BSCLIP.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YUPDATER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.emirates.net.ae:8080
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\BSCLIP.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users