Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log - can someone analyze?


  • Please log in to reply
24 replies to this topic

#1 bear613

bear613

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 12 January 2005 - 09:52 PM

Logfile of HijackThis v1.98.2
Scan saved at 9:58:37 PM, on 1/12/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HJT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Optimum Online Cursor Search - C:\WINDOWS\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 13 January 2005 - 02:15 AM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#3 bear613

bear613
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 13 January 2005 - 06:08 PM

New log from updated version--->
----------
Logfile of HijackThis v1.99.0
Scan saved at 6:16:04 PM, on 1/13/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Optimum Online Cursor Search - C:\WINDOWS\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 14 January 2005 - 12:03 AM

Fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D


Reboot and post another log

#5 bear613

bear613
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 14 January 2005 - 11:49 AM

Fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D


Reboot and post another log

The tdmy will NOT delete, I tried over and over and over.
-----
Logfile of HijackThis v1.99.0
Scan saved at 11:56:31 AM, on 1/14/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Optimum Online Cursor Search - C:\WINDOWS\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 14 January 2005 - 03:13 PM

Reboot, dont fix anything, and post a new log

#7 bear613

bear613
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 15 January 2005 - 02:50 PM

Reboot, dont fix anything, and post a new log

Logfile of HijackThis v1.99.0
Scan saved at 2:58:41 PM, on 1/15/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Optimum Online Cursor Search - C:\WINDOWS\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 15 January 2005 - 04:06 PM

Reboot into safe mode and fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

Reboot and post a new log

#9 bear613

bear613
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 17 January 2005 - 05:14 PM

Reboot into safe mode and fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

Reboot and post a new log

Done. I think this tdmy thing is here to stay


Logfile of HijackThis v1.99.0
Scan saved at 5:21:03 PM, on 1/17/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tdmy.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FLASHFXP\IEFLASH.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AWMON] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O8 - Extra context menu item: Optimum Online Cursor Search - C:\WINDOWS\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://ipgweb.cce.hp.com/bus-nacons/caller/SysQuery.cab

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 17 January 2005 - 10:37 PM

No its not...we just need to figure it out.
Please follow these steps:

Step 1:

1. Click on Start, then Run and type msinfo32 and press the OK button.
2. Expand the Software Environment section.
3. Expand the System Hooks Section.
4. Look for the which may be listed As:

-Hook type: Window Procedure
-Hooked by: XXXXX.dll
-Application: RUNDLL32.EXE
-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll
-Application path: C:\WINDOWS\RUNDLL32.EXE

Where XXXXX..dll is the file name.

If you find that file, highlight it with your mouse and click on edit then copy to copy the filename.

Then post that filename with the information in the next step in a reply to this post.

5. Continue to Step 2.

Step 2:

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the mark all button.

7. Press the OK button.

8. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

9. Post a copy of the log as a reply to this post.

#11 bear613

bear613
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 January 2005 - 10:05 AM

No its not...we just need to figure it out.
Please follow these steps:

Step 1:

1. Click on Start, then Run and type msinfo32 and press the OK button.
2. Expand the Software Environment section.
3. Expand the System Hooks Section.
4. Look for the which may be listed As:

-Hook type: Window Procedure
-Hooked by: XXXXX.dll
-Application: RUNDLL32.EXE
-Dll path: C:\WINDOWS\SYSTEM\XXXXX.dll
-Application path: C:\WINDOWS\RUNDLL32.EXE

Where XXXXX..dll is the file name.

Well, here's the first problem. I dont need to go any further than System Hooks, because there's nothing there. It says when I click it "there are no items to display in this category".

And I notice system resources is at an all time low - 47%.

:thumbsup:

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 18 January 2005 - 10:42 AM

Ok lets move on to the next step and provide me a startdreck log

#13 bear613

bear613
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 January 2005 - 11:13 AM

Ok lets move on to the next step and provide me a startdreck log

There's a few things that are odd about this log.

1- The date on top is wrong
2- I dont have startdreck on the desktop, as it states
3- this is NOT the log I saw when it was scanning - the one I saw was MUCH longer.

Also, I noticed as it was scanning "hybris" go by. Isnt that a virus? I just scanned (full system) last night but the date [2004-11-16] is wrong by 2 months.
------
StartDreck (build 2.1.7 public stable) - 2004-11-16 @ 12:41:52 (GMT -05:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2800.1106
Logged in as at COMPUTER

舞egistry
舞un Keys
翟urrent User
舞un
舞unOnce
聞efault User
舞un
舞unOnce
腿ocal Machine
舞un
*AVG_CC=C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
*AWMON="C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
*SystemTray=SysTray.Exe
*TkBellExe=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
舞unOnce
舞unServices
*Avgserv9.exe=C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
+FF8FE36B=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFBC33=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFFABA3=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFE79FB=C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
+FFFE7C87=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE148B=C:\WINDOWS\EXPLORER.EXE
+FFFD21AF=C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
+FFFDC673=C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
+FFFDEFE7=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFDA7E3=C:\WINDOWS\SYSTEM\STIMON.EXE
+FFFC620F=C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
+FFF8F6EB=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFF74093=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
+FFFA7A13=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF93FA7=C:\WINDOWS\DESKTOP\STARTDRECK\STARTDRECK.EXE
翠pplication specific

#14 bear613

bear613
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 18 January 2005 - 11:22 AM

Ok lets move on to the next step and provide me a startdreck log

Strangely, I ran it again and now it seems up to date and longer.
--------
StartDreck (build 2.1.7 public stable) - 2005-01-18 @ 11:28:36 (GMT -05:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2800.1106
Logged in as at COMPUTER

舞egistry
舞un Keys
翟urrent User
舞un
舞unOnce
聞efault User
舞un
舞unOnce
腿ocal Machine
舞un
*AWMON="C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE"
*AVG_CC=C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
*SystemTray=SysTray.Exe
*TkBellExe=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
舞unOnce
舞unServices
*Avgserv9.exe=C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
肇ile Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=c:\windows\WScript.exe "%1" %*
+.jse
*JSEFile=c:\windows\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=c:\windows\NOTEPAD.EXE %1
+.vbs
*VBSFile=c:\windows\WScript.exe "%1" %*
+.vbe
*VBEFile=c:\windows\WScript.exe "%1" %*
+.wsh
*WSHFile=c:\windows\WScript.exe "%1" %*
+.wsf
*WSFFile=c:\windows\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
翠ctive Setup (LM)
+Windows Setup - Applets/AppletsPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf
+Windows Setup - Fonts/FontsPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf
+Internet Connection Wizard/{5A8D6EE0-3E18-11D0-821E-444553540000}
*StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
+PerUser_ICW_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf
+Internet Explorer 6 and Internet Tools/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395}
*StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
+Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06}
*StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
+Windows Setup - System Information/PerUser_Msinfo
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf
+Windows Setup - System Information/PerUser_Msinfo2
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf
+Windows Setup - Multimedia/MotownMmsysPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf
+Windows Setup - Multimedia/MotownAvivideoPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf
+Windows Setup - Messaging/PerUser_Base
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf
+Windows Setup - Shell/ShellPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf
+Windows Setup - Color Schemes/Shell2PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf
+Windows Setup - Start Menu/PerUser_winbase_Links
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf
+Windows Setup - Start Menu/PerUser_winapps_Links
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf
+Windows Setup - Links Bar/PerUser_LinkBar_URLs
*StubPath=c:\windows\COMMAND\sulfnbk.exe /L
+Windows Setup - Telephony Support/TapiPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf
+Windows Setup - More Applets/PerUserOldLinks
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf
+Windows Setup - Sound Schemes/MmoptRegisterPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Online Services/OlsPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf
+Windows Setup - Paint/PerUser_Paint_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf
+Windows Setup - Calculator/PerUser_Calc_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf
+Windows Setup - DriveSpace/PerUser_dxxspace_Links
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf
+Windows Setup - Backup/PerUser_MSBackup_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf
+Windows Setup - FAT32 Converter/PerUser_CVT_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf
+Windows Setup - Accessibility/PerUser_Enable_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf
+Windows Setup - Multimedia/MotownRecPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf
+Windows Setup - Volume Control/PerUser_Vol
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf
+Windows Setup - Multimedia/MotownMPlayPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\motown.inf
+Windows Setup - Wordpad/PerUser_MSWordPad_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf
+Windows Setup - Dial-Up Networking/PerUser_RNA_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_RNA_remove 64 c:\windows\INF\rna.inf
+Windows Setup - Games/PerUser_Wingames_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - System Monitor/PerUser_Sysmon_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - System Meter/PerUser_Sysmeter_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - Netwatch/PerUser_netwatch_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - Character Map/PerUser_CharMap_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - HyperTerminal/PerUser_Onlinelnks_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis_remove 64 c:\windows\INF\appletpp.inf
+Windows Setup - Phone Dialer/PerUser_Dialer_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis_remove 64 c:\windows\INF\appletpp.inf
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
+Windows Setup - Clipboard Viewer/PerUser_ClipBrd_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf
+Windows Setup - Sound Schemes/MmoptMusicaPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptJunglePerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptRobotzPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptUtopiaPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - CD Player/PerUser_CDPlayer_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf
+Microsoft NetMeeting 2.1/{44BBA842-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Remove.PerUser.W95
+Windows Setup - America Online/OlsAolPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUserRemove 64 c:\windows\INF\ols.inf
+Windows Setup - AT&T WorldNet Service/OlsAttPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUserRemove 64 c:\windows\INF\ols.inf
+Windows Setup - CompuServe/OlsCompuservePerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUserRemove 64 c:\windows\INF\ols.inf
+Windows Setup - Prodigy Internet/OlsProdigyPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUserRemove 64 c:\windows\INF\ols.inf
+Windows Setup - The Microsoft Network/OlsMsnPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUserRemove 64 c:\windows\INF\ols.inf
+Windows Setup - Shell Cursors/Shell3PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf
+Windows Setup -- Themes/Theme_Windows_PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf
+Windows Setup -- Themes/Theme_MoreWindows_PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf
+IE Customization/>IEPerUser
*StubPath=RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
+Default Channel Setup/Chlen-us
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlen-us.inf,InstallUser
+Windows Setup - Direct Cable Connection/PerUser_DCC_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis_remove 64 c:\windows\INF\rna.inf
+Windows Setup - Preptool/PerUser_Preptool
*StubPath=rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF
+Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
+{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
+Microsoft FrontPage Express/{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\fpxprs16.inf,PerUserRemove
+Microsoft Web Publishing Wizard 1.52/{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exeadvpack.dll
翡rowser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*IEFLASH.IEFlash/{E5A1691B-D188-4419-AD02-90002030B8EE}
`InprocServer32=C:\PROGRA~1\FLASHFXP\IEFLASH.DLL
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar2.dll
膏nternet Explorer
翟urrent User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://www.google.com/ie
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=about:blank
*SearchAssistant=http://www.tdmy.com/searchbar.html
+SearchUrl
*&=%26
*+=%2B
*#=%23
*?=%3F
*provider=gogl
*==%3D
聞efault User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://www.google.com/ie
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=about:blank
*SearchAssistant=http://www.tdmy.com/searchbar.html
+SearchUrl
*&=%26
*+=%2B
*#=%23
*?=%3F
*provider=gogl
*==%3D
腿ocal Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=c:\windows\SYSTEM\blank.htm
*Search Bar=
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
艋hellServiceObjectDelayLoad (LM)
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
艋pecial NT Values
翟urrent User
*Load=
*Run=
*Programs=
*SHELL=
聞efault User
*Load=
*Run=
*Programs=
*SHELL=
腿ocal Machine
*AppInit_DLLs=
*SHELL=
*Userinit=
肇iles
翠utostart Folders
翟urrent User
*C:\WINDOWS\Start Menu\Programs\StartUp\Encoder Agent.lnk
聞efault User
*C:\WINDOWS\Start Menu\Programs\StartUp\Encoder Agent.lnk
腿ocal Machine
膏NI-Files
蓄IN.INI\[windows]
*LOAD=
*RUN=
艋YSTEM.INI\[boot]
*SHELL=Explorer.exe
蓉ext Files
*C:\WINDOWS\msdos.sys
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
`[Options]
`BootMulti=0
`BootGUI=1
`DoubleBuffer=1
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
*C:\msdos.sys
`[Paths]
`WinDir=c:\windows
`WinBootDir=c:\windows
`HostWinBootDrv=c
`[Options]
`BootMulti=1
`BootGUI=1
`DoubleBuffer=1
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
`AutoScan=1
`WinVer=4.10.1998
*C:\config.sys
`DEVICE=C:\WINDOWS\HIMEM.SYS
`DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
`DOS=HIGH,AUTO,UMB
`DEVICEHIGH=C:\WINDOWS\SYSTEM\CPQIDECD.SYS /D:IDECD001
`FILESHIGH=40
`BUFFERSHIGH=20,4
*C:\autoexec.bat
`C:\PROGRA~1\GRISOFT\AVGFRE~1\BOOTUP.EXE
`@ECHO OFF
`SET BLASTER=A220 I5 D1
`@REM Next 3 Lines are Only Required for 1 Boot but are OK to leave permanently
`@REM Next Line added by Compaq Service Connection Install - Please do not Remove
`@REM Next 3 Lines are Only Required for 1 Boot but are OK to leave permanently
`@SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.0\ADOBEC~1
`SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
*C:\WINDOWS\wininit.bak
`[rename]
`NUL=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.BKP
`NUL=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.833
`C:\PROGRA~1\GRISOFT\AVG6\VERSION.AVG=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.833\VERSION.AVG
`C:\PROGRA~1\GRISOFT\AVG6\AVGCC32.EXE=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.833\AVGCC32.EXE
`C:\PROGRA~1\GRISOFT\AVG6\AVG6.AVI=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.833\AVG6.AVI
`C:\PROGRA~1\GRISOFT\AVG6\MINIAVI.AVG=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.833\MINIAVI.AVG
`C:\PROGRA~1\GRISOFT\AVG6\MICROAVI.AVG=C:\PROGRA~1\GRISOFT\AVG6\$AVGUPD$.833\MICROAVI.AVG
*C:\WINDOWS\dosstart.bat
`@ECHO OFF
`LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
`SET MOUSE=C:\COMPAQ\IMOUSE
`LH C:\COMPAQ\IMOUSE\IMOUSE.COM
`LH C:\PROGRA~1\MICROS~1\MOUSE\MOUSE.EXE
*C:\WINDOWS\hosts
與rogram Files
*C:\io.sys
*C:\WINDOWS\win.com
*C:\WINDOWS\explorer.exe
%PATH% Companion Files
+C:\COMMAND.COM
*C:\WINDOWS\command.PIF
*C:\WINDOWS\COMMAND.COM
*C:\WINDOWS\command.PIF
*C:\WINDOWS\COMMAND.COM
+C:\Hybris.exe
*C:\WINDOWS\Hybris.exe
*C:\WINDOWS\Hybris.exe
+C:\WINDOWS\SYSTEM\UNWISE.EXE
*C:\WINDOWS\unwise.exe
*C:\WINDOWS\unwise.exe
+C:\WINDOWS\SYSTEM\hh.exe
*C:\WINDOWS\HH.EXE
*C:\WINDOWS\HH.EXE
+C:\WINDOWS\DOSPRMPT.PIF
*C:\WINDOWS\DOSPRMPT.PIF
+C:\WINDOWS\MS-DOS Mode for Games.pif
*C:\WINDOWS\MS-DOS Mode for Games.pif
+C:\WINDOWS\MS-DOS Mode for Games with EMS and XMS Support.pif
*C:\WINDOWS\MS-DOS Mode for Games with EMS and XMS Support.pif
+C:\WINDOWS\Zip-ITSE.PIF
*C:\WINDOWS\Zip-ITSE.PIF
+C:\WINDOWS\Exit To Dos.pif
*C:\WINDOWS\Exit To Dos.pif
+C:\WINDOWS\pcdoc.bat.pif
*C:\WINDOWS\pcdoc.bat.pif
+C:\WINDOWS\WIN.COM
*C:\WINDOWS\WIN.COM
+C:\WINDOWS\HWINFO.EXE
*C:\WINDOWS\HWINFO.EXE
+C:\WINDOWS\SMARTDRV.EXE
*C:\WINDOWS\SMARTDRV.EXE
+C:\WINDOWS\NETWATCH.EXE
*C:\WINDOWS\NETWATCH.EXE
+C:\WINDOWS\ASD.EXE
*C:\WINDOWS\ASD.EXE
+C:\WINDOWS\CLEANMGR.EXE
*C:\WINDOWS\CLEANMGR.EXE
+C:\WINDOWS\CLSPACK.EXE
*C:\WINDOWS\CLSPACK.EXE
+C:\WINDOWS\CONTROL.EXE
*C:\WINDOWS\CONTROL.EXE
+C:\WINDOWS\CVTAPLOG.EXE
*C:\WINDOWS\CVTAPLOG.EXE
+C:\WINDOWS\DEFRAG.EXE
*C:\WINDOWS\DEFRAG.EXE
+C:\WINDOWS\DOSREP.EXE
*C:\WINDOWS\DOSREP.EXE
+C:\WINDOWS\DRWATSON.EXE
*C:\WINDOWS\DRWATSON.EXE
+C:\WINDOWS\EMM386.EXE
*C:\WINDOWS\EMM386.EXE
+C:\WINDOWS\EXPLORER.EXE
*C:\WINDOWS\EXPLORER.EXE
+C:\WINDOWS\EXTRAC32.EXE
*C:\WINDOWS\EXTRAC32.EXE
+C:\WINDOWS\FONTVIEW.EXE
*C:\WINDOWS\FONTVIEW.EXE
+C:\WINDOWS\GRPCONV.EXE
*C:\WINDOWS\GRPCONV.EXE
+C:\WINDOWS\MM2ENT.EXE
*C:\WINDOWS\MM2ENT.EXE
+C:\WINDOWS\MSNICON.EXE
*C:\WINDOWS\MSNICON.EXE
+C:\WINDOWS\NETDDE.EXE
*C:\WINDOWS\NETDDE.EXE
+C:\WINDOWS\DOTEST.EXE
*C:\WINDOWS\DOTEST.EXE
+C:\WINDOWS\PACKAGER.EXE
*C:\WINDOWS\PACKAGER.EXE
+C:\WINDOWS\REGEDIT.EXE
*C:\WINDOWS\REGEDIT.EXE
+C:\WINDOWS\PIDSET.EXE
*C:\WINDOWS\PIDSET.EXE
+C:\WINDOWS\PROGMAN.EXE
*C:\WINDOWS\PROGMAN.EXE
+C:\WINDOWS\RUNDLL.EXE
*C:\WINDOWS\RUNDLL.EXE
+C:\WINDOWS\RUNDLL32.EXE
*C:\WINDOWS\RUNDLL32.EXE
+C:\WINDOWS\SCANDSKW.EXE
*C:\WINDOWS\SCANDSKW.EXE
+C:\WINDOWS\SCANREGW.EXE
*C:\WINDOWS\SCANREGW.EXE
+C:\WINDOWS\SETDEBUG.EXE
*C:\WINDOWS\SETDEBUG.EXE
+C:\WINDOWS\SIGVERIF.EXE
*C:\WINDOWS\SIGVERIF.EXE
+C:\WINDOWS\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\TASKMON.EXE
*C:\WINDOWS\TASKMON.EXE
+C:\WINDOWS\UPWIZUN.EXE
*C:\WINDOWS\UPWIZUN.EXE
+C:\WINDOWS\VCMUI.EXE
*C:\WINDOWS\VCMUI.EXE
+C:\WINDOWS\WELCOME.EXE
*C:\WINDOWS\WELCOME.EXE
+C:\WINDOWS\WINFILE.EXE
*C:\WINDOWS\WINFILE.EXE
+C:\WINDOWS\WINHELP.EXE
*C:\WINDOWS\WINHELP.EXE
+C:\WINDOWS\WINHLP32.EXE
*C:\WINDOWS\WINHLP32.EXE
+C:\WINDOWS\WININIT.EXE
*C:\WINDOWS\WININIT.EXE
+C:\WINDOWS\WINREP.EXE
*C:\WINDOWS\WINREP.EXE
+C:\WINDOWS\WINVER.EXE
*C:\WINDOWS\WINVER.EXE
+C:\WINDOWS\A3DSplsh.exe
*C:\WINDOWS\A3DSplsh.exe
+C:\WINDOWS\ACCSTAT.EXE
*C:\WINDOWS\ACCSTAT.EXE
+C:\WINDOWS\CALC.EXE
*C:\WINDOWS\CALC.EXE
+C:\WINDOWS\CVT1.EXE
*C:\WINDOWS\CVT1.EXE
+C:\WINDOWS\DRVSPACE.EXE
*C:\WINDOWS\DRVSPACE.EXE
+C:\WINDOWS\MPLAYER.EXE
*C:\WINDOWS\MPLAYER.EXE
+C:\WINDOWS\PBRUSH.EXE
*C:\WINDOWS\PBRUSH.EXE
+C:\WINDOWS\RG2CATDB.EXE
*C:\WINDOWS\RG2CATDB.EXE
+C:\WINDOWS\SNDREC32.EXE
*C:\WINDOWS\SNDREC32.EXE
+C:\WINDOWS\SNDVOL32.EXE
*C:\WINDOWS\SNDVOL32.EXE
+C:\WINDOWS\WRITE.EXE
*C:\WINDOWS\WRITE.EXE
+C:\WINDOWS\CDPLAYER.EXE
*C:\WINDOWS\CDPLAYER.EXE
+C:\WINDOWS\CHARMAP.EXE
*C:\WINDOWS\CHARMAP.EXE
+C:\WINDOWS\CLIPBRD.EXE
*C:\WINDOWS\CLIPBRD.EXE
+C:\WINDOWS\FREECELL.EXE
*C:\WINDOWS\FREECELL.EXE
+C:\WINDOWS\KODAKIMG.EXE
*C:\WINDOWS\KODAKIMG.EXE
+C:\WINDOWS\KODAKPRV.EXE
*C:\WINDOWS\KODAKPRV.EXE
+C:\WINDOWS\MSHEARTS.EXE
*C:\WINDOWS\MSHEARTS.EXE
+C:\WINDOWS\RSRCMTR.EXE
*C:\WINDOWS\RSRCMTR.EXE
+C:\WINDOWS\SOL.EXE
*C:\WINDOWS\SOL.EXE
+C:\WINDOWS\SYSMON.EXE
*C:\WINDOWS\SYSMON.EXE
+C:\WINDOWS\TOUR98.EXE
*C:\WINDOWS\TOUR98.EXE
+C:\WINDOWS\twunk_32.exe
*C:\WINDOWS\twunk_32.exe
+C:\WINDOWS\WINMINE.EXE
*C:\WINDOWS\WINMINE.EXE
+C:\WINDOWS\WSCRIPT.EXE
*C:\WINDOWS\WSCRIPT.EXE
+C:\WINDOWS\StutFix.exe
*C:\WINDOWS\StutFix.exe
+C:\WINDOWS\SETVER.EXE
*C:\WINDOWS\SETVER.EXE
+C:\WINDOWS\DIRECTCC.EXE
*C:\WINDOWS\DIRECTCC.EXE
+C:\WINDOWS\CloseApp.exe
*C:\WINDOWS\CloseApp.exe
+C:\WINDOWS\PROTMAN.EXE
*C:\WINDOWS\PROTMAN.EXE
+C:\WINDOWS\ARP.EXE
*C:\WINDOWS\ARP.EXE
+C:\WINDOWS\FTP.EXE
*C:\WINDOWS\FTP.EXE
+C:\WINDOWS\NET.EXE
*C:\WINDOWS\NET.EXE
+C:\WINDOWS\PING.EXE
*C:\WINDOWS\PING.EXE
+C:\WINDOWS\ROUTE.EXE
*C:\WINDOWS\ROUTE.EXE
+C:\WINDOWS\TELNET.EXE
*C:\WINDOWS\TELNET.EXE
+C:\WINDOWS\TRACERT.EXE
*C:\WINDOWS\TRACERT.EXE
+C:\WINDOWS\WINIPCFG.EXE
*C:\WINDOWS\WINIPCFG.EXE
+C:\WINDOWS\WINPOPUP.EXE
*C:\WINDOWS\WINPOPUP.EXE
+C:\WINDOWS\NETSTAT.EXE
*C:\WINDOWS\NETSTAT.EXE
+C:\WINDOWS\IPCONFIG.EXE
*C:\WINDOWS\IPCONFIG.EXE
+C:\WINDOWS\NBTSTAT.EXE
*C:\WINDOWS\NBTSTAT.EXE
+C:\WINDOWS\PATCH.EXE
*C:\WINDOWS\PATCH.EXE
+C:\WINDOWS\OEMRESET.EXE
*C:\WINDOWS\OEMRESET.EXE
+C:\WINDOWS\Killmons.exe
*C:\WINDOWS\Killmons.exe
+C:\WINDOWS\bwUninst.exe
*C:\WINDOWS\bwUninst.exe
+C:\WINDOWS\IsUninst.exe
*C:\WINDOWS\IsUninst.exe
+C:\WINDOWS\uninst.exe
*C:\WINDOWS\uninst.exe
+C:\WINDOWS\Cpqbrand.exe
*C:\WINDOWS\Cpqbrand.exe
+C:\WINDOWS\uneng.exe
*C:\WINDOWS\uneng.exe
+C:\WINDOWS\cd32.exe
*C:\WINDOWS\cd32.exe
+C:\WINDOWS\RUNEPSON.EXE
*C:\WINDOWS\RUNEPSON.EXE
+C:\WINDOWS\SGARDEN.EXE
*C:\WINDOWS\SGARDEN.EXE
+C:\WINDOWS\UninstallWSST.exe
*C:\WINDOWS\UninstallWSST.exe
+C:\WINDOWS\smtidy.exe
*C:\WINDOWS\smtidy.exe
+C:\WINDOWS\tuneup.exe
*C:\WINDOWS\tuneup.exe
+C:\WINDOWS\unvise32qt.exe
*C:\WINDOWS\unvise32qt.exe
+C:\WINDOWS\REGTLIB.EXE
*C:\WINDOWS\REGTLIB.EXE
+C:\WINDOWS\Tsc.exe
*C:\WINDOWS\Tsc.exe
+C:\WINDOWS\uninstoc.exe
*C:\WINDOWS\uninstoc.exe
+C:\WINDOWS\OFFIC~14.EXE
*C:\WINDOWS\OFFIC~14.EXE
+C:\WINDOWS\twunk_16.exe
*C:\WINDOWS\twunk_16.exe
+C:\WINDOWS\unvise32.exe
*C:\WINDOWS\unvise32.exe
+C:\WINDOWS\iextract.exe
*C:\WINDOWS\iextract.exe
*C:\WINDOWS\COMMAND\IEXTRACT.EXE
+C:\WINDOWS\tr33se.exe
*C:\WINDOWS\tr33se.exe
+C:\WINDOWS\QFECHECK.EXE
*C:\WINDOWS\QFECHECK.EXE
+C:\WINDOWS\extract.exe
*C:\WINDOWS\extract.exe
*C:\WINDOWS\COMMAND\EXTRACT.EXE
+C:\WINDOWS\ld32408.exe
*C:\WINDOWS\ld32408.exe
+C:\WINDOWS\UNINST32.EXE
*C:\WINDOWS\UNINST32.EXE
+C:\WINDOWS\sxstall2.exe
*C:\WINDOWS\sxstall2.exe
+C:\WINDOWS\PLAYER.EXE
*C:\WINDOWS\PLAYER.EXE
+C:\WINDOWS\wupdmgr.exe
*C:\WINDOWS\wupdmgr.exe
+C:\WINDOWS\JVIEW.EXE
*C:\WINDOWS\JVIEW.EXE
+C:\WINDOWS\SNMP.EXE
*C:\WINDOWS\SNMP.EXE
+C:\WINDOWS\DIALER.EXE
*C:\WINDOWS\DIALER.EXE
+C:\WINDOWS\WJVIEW.EXE
*C:\WINDOWS\WJVIEW.EXE
+C:\WINDOWS\VIEWER.EXE
*C:\WINDOWS\VIEWER.EXE
+C:\WINDOWS\README.EXE
*C:\WINDOWS\README.EXE
+C:\WINDOWS\iun6002.exe
*C:\WINDOWS\iun6002.exe
+C:\WINDOWS\Mike Modano.exe
*C:\WINDOWS\Mike Modano.exe
+C:\WINDOWS\runtsckl.exe
*C:\WINDOWS\runtsckl.exe
+C:\WINDOWS\java.exe
*C:\WINDOWS\java.exe
+C:\WINDOWS\javaw.exe
*C:\WINDOWS\javaw.exe
+C:\WINDOWS\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\is-9CBN1.exe
*C:\WINDOWS\is-9CBN1.exe
+C:\WINDOWS\N6Uninst.exe
*C:\WINDOWS\N6Uninst.exe
+C:\WINDOWS\ieuninst.exe
*C:\WINDOWS\ieuninst.exe
+C:\WINDOWS\Q330994.exe
*C:\WINDOWS\Q330994.exe
+C:\WINDOWS\oeuninst.exe
*C:\WINDOWS\oeuninst.exe
+C:\WINDOWS\vgxuninst.exe
*C:\WINDOWS\vgxuninst.exe
+C:\WINDOWS\muninst.exe
*C:\WINDOWS\muninst.exe
+C:\WINDOWS\realtime.exe
*C:\WINDOWS\realtime.exe
+C:\WINDOWS\Restart.EXE
*C:\WINDOWS\Restart.EXE
+C:\WINDOWS\pcboot.exe
*C:\WINDOWS\pcboot.exe
+C:\WINDOWS\PCDOC.exe
*C:\WINDOWS\Pcdoc.bat
*C:\WINDOWS\PCDOC.exe
*C:\WINDOWS\Pcdoc.bat
+C:\WINDOWS\tmpdelis.bat
*C:\WINDOWS\tmpdelis.bat
艋ystem/Drivers
舞unning Processes
+FF8FF515=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\WINDOWS\SYSTEM\ATIMPPIF.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFFFAA4D=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*C:\WINDOWS\SYSTEM\DRVTR95L.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFBDDD=C:\WINDOWS\SYSTEM\MPREXE.EXE
*C:\WINDOWS\SYSTEM\MSNP32.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\IENPSTUB.DLL
*C:\WINDOWS\SYSTEM\MSLOCUSR.DLL
*C:\WINDOWS\SYSTEM\MPRSERV.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE559D=C:\WINDOWS\SYSTEM\mmtask.tsk
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE7221=C:\WINDOWS\EXPLORER.EXE
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\BROWSELC.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\IPCFGDLL.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\ES.DLL
*C:\WINDOWS\SYSTEM\SENS.DLL
*C:\WINDOWS\SYSTEM\ESTIER2.DLL
*C:\WINDOWS\SYSTEM\ESSHARED.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*C:\WINDOWS\SYSTEM\MSI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\SHD401LC.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\SYSTEM\SHDOC401.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE8BB1=C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PLUS\AD-WATCH.EXE
*C:\WINDOWS\SYSTEM\RICHED32.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFD4C55=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*C:\WINDOWS\SYSTEM\BATMETER.DLL
*C:\WINDOWS\SYSTEM\POWRPROF.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFD4355=C:\WINDOWS\SYSTEM\STIMON.EXE
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\STI.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFD142D=C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFC5A19=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\PLUGIN.OCX
*C:\WINDOWS\SYSTEM\IMGUTIL.DLL
*C:\WINDOWS\SYSTEM\MSXML3.DLL
*C:\WINDOWS\SYSTEM\SOFTPUB.DLL
*C:\WINDOWS\SYSTEM\RSABASE.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\SCHANNEL.DLL
*C:\WINDOWS\SYSTEM\DDRAWEX.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
*C:\WINDOWS\SYSTEM\MSRATING.DLL
*C:\WINDOWS\SYSTEM\MSRATELC.DLL
*C:\WINDOWS\SYSTEM\MSHTMLED.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\PROGRAM FILES\FLASHFXP\IEFLASH.DLL
*C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*C:\WINDOWS\SYSTEM\SENSAPI.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\BROWSELC.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB0725=C:\WINDOWS\SYSTEM\PSTORES.EXE
*C:\WINDOWS\SYSTEM\PSBASE.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\PSTORERC.DLL
*C:\WINDOWS\SYSTEM\SOFTPUB.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFBA3F9=C:\WINDOWS\SYSTEM\DDHELP.EXE
*C:\WINDOWS\SYSTEM\ATIVPE32.DLL
*C:\WINDOWS\SYSTEM\ATID3DR3.DLL
*C:\WINDOWS\SYSTEM\MACXDD32.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFAECF9=C:\STARTDRECK.EXE
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\VB4DE32.DLL
*C:\VB40032.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
臧T Services
臧T Kernel- and FS-drivers
蓆MM32Files (LM)
*vdd.vxd=
*vflatd.vxd=
*vshare.vxd=
*vwin32.vxd=
*vfbackup.vxd=
*vcomm.vxd=
*combuff.vxd=
*vcd.vxd=
*vpd.vxd=
*spooler.vxd=
*udf.vxd=
*vfat.vxd=
*vcache.vxd=
*vcond.vxd=
*vcdfsd.vxd=
*int13.vxd=
*vxdldr.vxd=
*vdef.vxd=
*dynapage.vxd=
*configmg.vxd=
*ntkern.vxd=
*ebios.vxd=
*vmd.vxd=
*dosnet.vxd=
*vpicd.vxd=
*vtd.vxd=
*reboot.vxd=
*vdmad.vxd=
*vsd.vxd=
*v86mmgr.vxd=
*pageswap.vxd=
*dosmgr.vxd=
*vmpoll.vxd=
*shell.vxd=
*parity.vxd=
*biosxlat.vxd=
*vmcpd.vxd=
*vtdapi.vxd=
*perf.vxd=
*vkd.vxd=
*vmouse.vxd=
*mtrr.vxd=
*enable.vxd=
%System%\VMM32
*C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD
*C:\WINDOWS\SYSTEM\VMM32\IOS.VXD
*C:\WINDOWS\SYSTEM\VMM32\QEMMFIX.VXD
*C:\WINDOWS\SYSTEM\VMM32\MRCI2.VXD
*C:\WINDOWS\SYSTEM\VMM32\vmouse.vxd
%System%\IOSUBSYS
*C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV
*C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVSPACX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVWCDB.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVWPPQT.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVWQ117.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\AIC78XX.MPD
*C:\WINDOWS\SYSTEM\IoSubSys\PPA3.MPD
*C:\WINDOWS\SYSTEM\IoSubSys\SPARROW.MPD
*C:\WINDOWS\SYSTEM\IoSubSys\PC1616.MPD
*C:\WINDOWS\SYSTEM\IoSubSys\PC800.MPD
*C:\WINDOWS\SYSTEM\IoSubSys\cdralvsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\cdr4vsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\pxhelper.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\iomega.vxd
翠pplication specific
膂S Office 97/8.0 STARTUP-PATH
翟urrent User
聞efault User
腿ocal Machine
膏CQ NetDetect
翟urrent User
聞efault User

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:48 AM

Posted 18 January 2005 - 12:15 PM

I need to get samples of some of your files. Please create a folder called c:\submit. Now copy the following files into that directory:

C:\Hybris.exe
C:\WINDOWS\Hybris.exe
C:\WINDOWS\SGARDEN.EXE
C:\WINDOWS\Tsc.exe
C:\WINDOWS\tr33se.exe
C:\WINDOWS\ld32408.exe
C:\WINDOWS\Q330994.exe

To copy the files simply navigate to the directory they are in and right click on them and then click on copy. Then paste these files into the c:\submit directory. Once the files are all copied I need you to zip the folder. If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a compressed folder. You will now see a file called submit.zip. If you are using another version of Windows, please download a program called Winzip and zip it using that. Then go to http://www.bleepingcomputer.com, fill in the required fields, and browse to the file. Then click on the Send File button. If the file is larger than 2MB then send it to grinler@yahoo.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users