|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-28-2005, 04:56 PM
|
#21 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
Thanks for coming, start, run, only opens the IE window, but I did try it anyway, and that happened. What I remember is that the problem was in safe mode too, but I noticed that in normal mode when all of the icons are appearing on screen, sometimes up to 10 times the IE window automatically opens, I close it, opens again - but the last time I opened in safe mode that did not happen, I am checking it again,
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-28-2005, 05:03 PM
|
#22 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
safemodetoo
ok, even when shutting down at least one IE will open with that command in normal mode, I restarted after last post and that happened, started in safe mode, but the windows do not automatically pop up in the start up sequence, but when selecting restart from safemode it pops up once.
So in normal mode when starting pops up numerous times, and when shutting down once. In safe mode does not pop up when starting, but once when shutting down. |
|
|
|
|
08-28-2005, 08:07 PM
|
#23 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.
Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT) stretched: This thing is a nightmare to remove. I'm going to throw some tools at it and will need you post the logs. Some of these tools you may have already but set them up..as I posted them. Download Silent runners.Vbs http://www.silentrunners.org/ 1. Make sure you have any script blocking software disabled 2. Run the program. It will take a few minutes to complete. 3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post. Download: StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread.. Right click on this RegSearch.VBS and choose Save As. Leave the filename alone and save it somewhere. Now run that program and do a search using this word...... specific911 Post the wordpad contents here. *Note* If you have more then one user account I need you to run the Regsearch under each and post them. IF Regsearch doesn't run...you will need to enter the registry editor manually and do a search. Post EVERY key you find that listed under. You can also run these in safe mode if need be. Did you run SFC as Greyknight17 instructed?? This will look for missing and corrupt windows files.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-28-2005, 08:54 PM
|
#24 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
the other start dreck log is post 17 in this thread, did not do anything since then but reply, see two posts before yours for the log,
since you gave a different command than what I was given for that one, I will do that again and post it back. in ref to "sfc," i wrote: "start, run, only opens the IE window, but I did try it anyway, and that happened. What I remember is that the problem was in safe mode too, but I noticed that in normal mode when all of the icons are appearing on screen, sometimes up to 10 times the IE window automatically opens, I close it, opens again - but the last time I opened in safe mode that did not happen, I am checking it again," I have updated and run all of these programs you have at the beginning of your post, I also explained a few posts back why I can not run many of these programs I have been told to download, like that Regsrch does not work. I think all of these issues we did already....here is something from earlier about this: Tenobob said: "Open up HijackThis and go to Config->Misc Tools and check the first two boxes there. Now click on the 'Generate StartupList log' button. Post that log in your next post." I replied: "alright the request via HJT can not be done, it brings up a box... through notepad OK press ok, tries to open notepad, which does not work only opens IE window, can not do anything with any program that opens another program, that will only result it what the main problem is, opening IE window," I was asked to do some of these tasks and wrote: "1. Start, control panel, users - users opens IE window 2. Silent runners, demanded download wmi9x.exe from microsoft website, did that, then I had to install it, then run it from task sched. because silent runners kept saying it cant operate with out it each time i started it, so I tried to run wmi9x.exe first then silent runners next, but just would not work. 3. Regsrch already have it, just gives a script error x box when searching. 4. Start Dreck yes:" then i posted the log. POAD told me to download trend-micro I wrote back: "I can not double click on anything on my desktop except for mycomp, any program only opens IE, I will download and attempt to activate the program via Schedualed tasks (like everything else). If the opening of that download relies on any other programs, it will just open IE window and not complete the process, this has happened with one or two anti-virus programs I downloaded, just could not open them from desk-top, I will assign it to program files directory instead of desk-top to hopefully be able to open it......" You see the nature of the problem is that whatever I click on, on my desktop via right or left click, once I give it a command or click it twice, IE window opens, can not open any program like that. I must first assign it to Schedualed tasks, then once it appears in that folder I can right click it and command "run" that is the only way anything works, if it relies on some other program, trying itself to automatically open it, then it will not work, rather the nature of the problem takes effect, and an IE window opens again, and the program will not run. |
|
|
|
|
08-28-2005, 08:59 PM
|
#25 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
OK Microbell, thank you for trying to help, I know its alot of junk to read through here is the dreck log as you defined I do it:
StartDreck (build 2.1.7 public stable) - 2005-08-28 @ 21:54:43 (GMT -05:00) Platform: Windows 98 (Win 4.10.1998 ) Internet Explorer: 6.0.2600.0000 Logged in as john at ABUKHALI »Registry »Run Keys »Current User »Run *Spyware Doctor="C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q »RunOnce »Default User »Run *Spyware Doctor="C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q »RunOnce »Local Machine »Run *internat.exe=internat.exe *SystemTray=SysTray.ExE *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun *TaskMonitor=C:\WINDOWS\taskmon.exe *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *Disc Detector=C:\Program Files\Creative\ShareDLL\CtNotify.exe *ATIGART=c:\ati\gart\atigart.exe *AtiPTA=Atiptaxx.exe *ADUserMon=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe *Iomega Drive Icons=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe *Deskup=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART *SMSERIAL=sm56hlpr.exe *zSPGuard=c:\program files\pjw\spguard\spguard.exe /s /r *SMC=C:\SMC\SMC.exe *LoadQM=loadqm.exe *Zone Labs Client=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe *avast! Web Scanner=C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE *SchedulingAgent=mstinit.exe /firstlogon *THGuard=C:\Program Files\TrojanHunter 4.0\THGuard.exe »RunOnce »RunServices *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme *SchedulingAgent=mstask.exe *ADService=C:\Program Files\Iomega\AutoDisk\ADService.exe *winmodem=WINMODEM.101\wmexe.exe *TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service *avast!=C:\Program Files\Alwil Software\Avast4\ashServ.exe »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %* +.htm *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.html *htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome +.js *JSFile=C:\WINDOWS\WScript.exe "%1" %* +.jse *JSEFile=C:\WINDOWS\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=C:\WINDOWS\NOTEPAD.EXE %1 +.vbs *VBSFile=C:\WINDOWS\WScript.exe "%1" %* +.vbe *VBEFile=C:\WINDOWS\WScript.exe "%1" %* +.wsh *WSHFile=C:\WINDOWS\WScript.exe "%1" %* +.wsf *WSFFile=C:\WINDOWS\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Windows Setup - Applets/AppletsPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf +Windows Setup - Fonts/FontsPerUser *StubPath=C:\WINDOWS\SYSTEM\rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection nls.hkcu.reg 0 C:\WINDOWS\INF\fonts.inf +PerUser_ICW_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf +Internet Explorer 6 and Internet Tools/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383} +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395} *StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36 +Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06} *StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf +Windows Setup - System Information/PerUser_Msinfo *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf +Windows Setup - System Information/PerUser_Msinfo2 *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf +Windows Setup - Multimedia/MotownMmsysPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Multimedia/MotownAvivideoPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Messaging/PerUser_Base *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf +Windows Setup - Shell/ShellPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf +Windows Setup - Shell2/Shell2PerUser *StubPath=C:\WINDOWS\SYSTEM\rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection schemes.reg 0 C:\WINDOWS\INF\shell2.inf +Windows Setup - Start Menu/PerUser_winbase_Links *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf +Windows Setup - Start Menu/PerUser_winapps_Links *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf +Windows Setup - Links Bar/PerUser_LinkBar_URLs *StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe /L +Windows Setup - Telephony Support/TapiPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf +Windows Setup - More Applets/PerUserOldLinks *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf +Windows Setup - Sound Schemes/MmoptRegisterPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf +Windows Setup - Online Services/OlsPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - Paint/PerUser_Paint_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf +Windows Setup - Calculator/PerUser_Calc_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf +Windows Setup - FAT32 Converter/PerUser_CVT_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf +Windows Setup - Multimedia/MotownRecPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Volume Control/PerUser_Vol *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Multimedia/MotownMPlayPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf +Windows Setup - Wordpad/PerUser_MSWordPad_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf +Windows Setup - Dial-Up Networking/PerUser_RNA_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf +Windows Setup - Phone Dialer/PerUser_Dialer_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf +Outlook Express/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msimn.inf,User.Install +Microsoft FrontPage Express/{E4066320-E4AE-11CF-B1B0-00AA00BBAD66} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxprs16.inf,PerUserStub +Windows Setup - CD Player/PerUser_CDPlayer_Inis *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf +Microsoft NetMeeting 2.1/{44BBA842-CC51-11CF-AAFA-00AA00B6015C} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95 +Windows Setup - America Online/OlsAolPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - AT&T WorldNet Service/OlsAttPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - CompuServe/OlsCompuservePerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - Prodigy Internet/OlsProdigyPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf +Windows Setup - The Microsoft Network/OlsMsnPerUser *StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf +Middle-East Channel Setup/chlen-me *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chlen-me.inf,InstallUser +CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} *StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl +Browser Customizations/>{4459869E-613A-4C1C-8B5C-1878495FA551} *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub +{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub »Browser Helper Objects (LM) *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL »Internet Explorer »Current User *Default_Search_URL=www.msn.com *Local Page=C:\WINDOWS\system\blank.htm *Search Bar=www.msn.com *Search Page=www.msn.com *Start Page=http://www.msn.com *Window Title=Microsoft Internet Explorer provided by America Online *CustomizeSearch=http://www.msn.com *SearchAssistant=www.msn.com +SearchUrl * =+ *&=%26 *+=%2B *#=%23 *?=%3F *==%3D *provider= »Default User *Default_Search_URL=www.msn.com *Local Page=C:\WINDOWS\system\blank.htm *Search Bar=www.msn.com *Search Page=www.msn.com *Start Page=http://www.msn.com *Window Title=Microsoft Internet Explorer provided by America Online *CustomizeSearch=http://www.msn.com *SearchAssistant=www.msn.com +SearchUrl * =+ *&=%26 *+=%2B *#=%23 *?=%3F *==%3D *provider= »Local Machine *Default_Page_URL=http://www.msn.com *Default_Search_URL=http://www.msn.com *Local Page=C:\WINDOWS\SYSTEM\blank.htm *Search Bar=http://www.msn.com *Search Page=http://www.msn.com *Start Page=http://www.msn.com *Window Title=Microsoft Internet Explorer provided by America Online *CustomizeSearch=http://www.msn.com *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm +SearchUrl »ShellServiceObjectDelayLoad (LM) *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32= »Special NT Values »Current User *Load= *Run= *Programs= *SHELL= »Default User *Load= *Run= *Programs= *SHELL= »Local Machine *AppInit_DLLs= *SHELL= *Userinit= »Files »Autostart Folders »Current User *C:\WINDOWS\Start Menu\Programs\StartUp\GetRight Monitor.lnk »Default User *C:\WINDOWS\Start Menu\Programs\StartUp\GetRight Monitor.lnk »Local Machine »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\msdos.sys `[Paths] `WinDir=C:\WINDOWS `WinBootDir=C:\WINDOWS `HostWinBootDrv=C `[Options] `BootMulti=1 `BootGUI=1 `DoubleBuffer=1 `AutoScan=1 `WinVer=4.10.1998 `; `;The following lines are required for compatibility with other programs. `;Do not remove them (MSDOS.SYS needs to be >1024 bytes). `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr `;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs *C:\config.sys `DEVICE=C:\WINDOWS\HIMEM.SYS `DEVICE=C:\WINDOWS\EMM386.EXE `device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1) `Country=966,720,C:\WINDOWS\COMMAND\country.sys *C:\autoexec.bat `SET BLASTER=A220 I7 D1 H7 P330 T6 `SET SBPCI=C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV `mode con codepage prepare=((720) C:\WINDOWS\COMMAND\ega4.cpi) `mode con codepage select=720 `Set tvdumpflags=10 `Set tvdumpflags=10 `Set tvdumpflags=10 `Set tvdumpflags=10 `SET PATH=C:\WINDOWS\SYSTEM\WBEM;%PATH% *C:\WINDOWS\wininit.bak `[Rename] `NUL= `NUL= `NUL= *C:\WINDOWS\dosstart.bat `C:\PROGRA~1\CREATIVE\AUDIO\DOSDRV\SBINIT »Program Files *C:\io.sys *C:\WINDOWS\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\COMMAND.COM *C:\WINDOWS\COMMAND.PIF *C:\WINDOWS\COMMAND.COM +C:\WINDOWS\SYSTEM\hh.exe *C:\WINDOWS\hh.exe »System/Drivers »Running Processes +FF0FA511=C:\WINDOWS\SYSTEM\KERNEL32.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL +FF0052ED=C:\WINDOWS\SYSTEM\MSGSRV32.EXE *C:\WINDOWS\SYSTEM\MPR.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF00647D=C:\WINDOWS\SYSTEM\MPREXE.EXE *C:\WINDOWS\SYSTEM\MSNP32.DLL *C:\WINDOWS\SYSTEM\MSNET32.DLL *C:\WINDOWS\SYSTEM\IENPSTUB.DLL *C:\WINDOWS\SYSTEM\MSLOCUSR.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\MPRSERV.DLL *C:\WINDOWS\SYSTEM\MSPWL32.DLL *C:\WINDOWS\SYSTEM\MPR.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF00DFCD=C:\WINDOWS\SYSTEM\MSTASK.EXE *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\MSIDLE.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF00E28D=C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE *C:\PROGRAM FILES\IOMEGA\AUTODISK\IOREADY.DLL *C:\PROGRAM FILES\IOMEGA\AUTODISK\IOMICONS.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\WINSPOOL.DRV *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF00FF71=C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF00F9ED=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE *C:\WINDOWS\SYSTEM\RNR20.DLL *C:\WINDOWS\SYSTEM\SHFOLDER.DLL *C:\WINDOWS\SYSTEM\NETAPI32.DLL *C:\WINDOWS\SYSTEM\NETBIOS.DLL *C:\WINDOWS\SYSTEM\ZONELABS\CAMUPD.DLL *C:\WINDOWS\SYSTEM\MSAFD.DLL *C:\WINDOWS\SYSTEM\ZONELABS\VSVAULT.DLL *C:\WINDOWS\SYSTEM\ZONELABS\VSDB.DLL *C:\WINDOWS\SYSTEM\ZONELABS\VSRULEDB.DLL *C:\WINDOWS\SYSTEM\VSXML.DLL *C:\WINDOWS\SYSTEM\ZLCOMMDB.DLL *C:\WINDOWS\SYSTEM\ZLCOMM.DLL *C:\WINDOWS\SYSTEM\VSDATA.DLL *C:\WINDOWS\SYSTEM\ZONELABS\SSLEAY32.DLL *C:\WINDOWS\SYSTEM\MPR.DLL *C:\WINDOWS\SYSTEM\VSUTIL.DLL *C:\WINDOWS\SYSTEM\VSINIT.DLL *C:\WINDOWS\SYSTEM\RSABASE.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\WSOCK32.DLL *C:\WINDOWS\SYSTEM\MSWSOCK.DLL *C:\WINDOWS\SYSTEM\WS2_32.DLL *C:\WINDOWS\SYSTEM\WININET.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\CRYPT32.DLL *C:\WINDOWS\SYSTEM\RPCRT4.DLL *C:\WINDOWS\SYSTEM\MSOSS.DLL *C:\WINDOWS\SYSTEM\WS2HELP.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF00AF35=C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE *C:\WINDOWS\SYSTEM\WINMM.DLL *C:\WINDOWS\SYSTEM\MSAFD.DLL *C:\WINDOWS\SYSTEM\RNR20.DLL *C:\WINDOWS\SYSTEM\SHFOLDER.DLL *C:\WINDOWS\SYSTEM\ICMP.DLL *C:\WINDOWS\SYSTEM\RASAPI32.DLL *C:\WINDOWS\SYSTEM\SECUR32.DLL *C:\WINDOWS\SYSTEM\MSVCRT20.DLL *C:\WINDOWS\SYSTEM\SVRAPI.DLL *C:\WINDOWS\SYSTEM\MSNET32.DLL *C:\WINDOWS\SYSTEM\MSPWL32.DLL *C:\WINDOWS\SYSTEM\TAPI32.DLL *C:\WINDOWS\SYSTEM\NETAPI32.DLL *C:\WINDOWS\SYSTEM\NETBIOS.DLL *C:\WINDOWS\SYSTEM\MPR.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ENGLISH\LANG.DLL *C:\WINDOWS\SYSTEM\MFC71.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSXML.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESWS.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWMON9X.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESSTD.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESP2P.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESOUT.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESMES.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AHRESMAI.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\UNACEV2.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ENGLISH\BASE.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AAVM4H.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWINTEG.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHTASK.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHBASE.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWENGIN.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWCMNS.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWSCAN.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWAUX.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWCMNB.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWCMNOS.DLL *C:\WINDOWS\SYSTEM\WSOCK32.DLL *C:\WINDOWS\SYSTEM\MSWSOCK.DLL *C:\WINDOWS\SYSTEM\WS2_32.DLL *C:\WINDOWS\SYSTEM\WININET.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\CRYPT32.DLL *C:\WINDOWS\SYSTEM\MSOSS.DLL *C:\WINDOWS\SYSTEM\WS2HELP.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\MSVCP71.DLL *C:\WINDOWS\SYSTEM\MSVCR71.DLL *C:\WINDOWS\SYSTEM\RPCRT4.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF012B81=C:\WINDOWS\SYSTEM\mmtask.tsk *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF00E4ED=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE *C:\WINDOWS\SYSTEM\RNR20.DLL *C:\WINDOWS\SYSTEM\SHFOLDER.DLL *C:\WINDOWS\SYSTEM\MSAFD.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL *C:\WINDOWS\SYSTEM\ZONELABS\CAMUPD.DLL *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAV.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\IDLOCK.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\PRIVACY.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FILTER.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FIREWALL.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\EMAIL.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ALERT.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\SECURITY.ZAP *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\PROGRAMS.ZAP *C:\WINDOWS\SYSTEM\VSXML.DLL *C:\WINDOWS\SYSTEM\ZLCOMMDB.DLL *C:\WINDOWS\SYSTEM\ZLCOMM.DLL *C:\WINDOWS\SYSTEM\VSMONAPI.DLL *C:\WINDOWS\SYSTEM\VSDATA.DLL *C:\WINDOWS\SYSTEM\COMDLG32.DLL *C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FRAMEWRK.DLL *C:\WINDOWS\SYSTEM\VSPUBAPI.DLL *C:\WINDOWS\SYSTEM\VSUTIL.DLL *C:\WINDOWS\SYSTEM\VSINIT.DLL *C:\WINDOWS\SYSTEM\RSABASE.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\WSOCK32.DLL *C:\WINDOWS\SYSTEM\MSWSOCK.DLL *C:\WINDOWS\SYSTEM\WS2_32.DLL *C:\WINDOWS\SYSTEM\WININET.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\CRYPT32.DLL *C:\WINDOWS\SYSTEM\RPCRT4.DLL *C:\WINDOWS\SYSTEM\MSOSS.DLL *C:\WINDOWS\SYSTEM\WS2HELP.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF026A69=C:\WINDOWS\EXPLORER.EXE *C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL *C:\WINDOWS\SYSTEM\OLEPRO32.DLL *C:\WINDOWS\SYSTEM\MSTASK.DLL *C:\WINDOWS\SYSTEM\COMDLG32.DLL *C:\WINDOWS\SYSTEM\MLANG.DLL *C:\WINDOWS\SYSTEM\URLMON.DLL *C:\WINDOWS\SYSTEM\BROWSELC.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL *C:\WINDOWS\SYSTEM\LINKINFO.DLL *C:\WINDOWS\SYSTEM\MPR.DLL *C:\WINDOWS\SYSTEM\MSI.DLL *C:\WINDOWS\SYSTEM\SHFOLDER.DLL *C:\WINDOWS\SYSTEM\WININET.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\CRYPT32.DLL *C:\WINDOWS\SYSTEM\RPCRT4.DLL *C:\WINDOWS\SYSTEM\MSOSS.DLL *C:\WINDOWS\SYSTEM\MYDOCS.DLL *C:\WINDOWS\SYSTEM\SHD401LC.DLL *C:\WINDOWS\SYSTEM\BROWSEUI.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\SHDOC401.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\SHDOCVW.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF03919D=C:\WINDOWS\SYSTEM\RPCSS.EXE *C:\WINDOWS\SYSTEM\SHFOLDER.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\WINDOWS\SYSTEM\RNR20.DLL *C:\WINDOWS\SYSTEM\MSAFD.DLL *C:\WINDOWS\SYSTEM\RPCLTSCM.DLL *C:\WINDOWS\SYSTEM\WSOCK32.DLL *C:\WINDOWS\SYSTEM\MSWSOCK.DLL *C:\WINDOWS\SYSTEM\WS2_32.DLL *C:\WINDOWS\SYSTEM\WININET.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\CRYPT32.DLL *C:\WINDOWS\SYSTEM\MSOSS.DLL *C:\WINDOWS\SYSTEM\WS2HELP.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\DIGEST.DLL *C:\WINDOWS\SYSTEM\NTDLL.DLL *C:\WINDOWS\SYSTEM\MSNSSPC.DLL *C:\WINDOWS\SYSTEM\MSAPSSPC.DLL *C:\WINDOWS\SYSTEM\MSVCRT40.DLL *C:\WINDOWS\SYSTEM\SECUR32.DLL *C:\WINDOWS\SYSTEM\RPCRT4.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\MSVCRT20.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF047841=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE *C:\WINDOWS\SYSTEM\MSRATING.DLL *C:\WINDOWS\SYSTEM\MSRATELC.DLL *C:\PROGRAM FILES\MSN MESSENGER\MSGSC.DLL *C:\WINDOWS\SYSTEM\UNICOWS.DLL *C:\WINDOWS\SYSTEM\AVICAP32.DLL *C:\WINDOWS\SYSTEM\MSVFW32.DLL *C:\WINDOWS\SYSTEM\WOW32.DLL *C:\WINDOWS\SYSTEM\DCIMAN32.DLL *C:\WINDOWS\SYSTEM\OLEDLG.DLL *C:\WINDOWS\SYSTEM\MSVCRT20.DLL *C:\WINDOWS\SYSTEM\SOFTPUB.DLL *C:\WINDOWS\SYSTEM\RSABASE.DLL *C:\WINDOWS\SYSTEM\RSAENH.DLL *C:\WINDOWS\SYSTEM\SCHANNEL.DLL *C:\WINDOWS\SYSTEM\WINTRUST.DLL *C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX *C:\WINDOWS\SYSTEM\VBSCRIPT.DLL *C:\WINDOWS\SYSTEM\MFC42.DLL *C:\WINDOWS\SYSTEM\PNGFILT.DLL *C:\WINDOWS\SYSTEM\IMGUTIL.DLL *C:\WINDOWS\SYSTEM\USP10.DLL *C:\WINDOWS\SYSTEM\MSADP32.ACM *C:\WINDOWS\SYSTEM\MSACM32.DLL *C:\WINDOWS\SYSTEM\MSHTMLED.DLL *C:\WINDOWS\SYSTEM\DXTMSFT.DLL *C:\WINDOWS\SYSTEM\DDRAWEX.DLL *C:\WINDOWS\SYSTEM\DDRAW.DLL *C:\WINDOWS\SYSTEM\NTDLL.DLL *C:\WINDOWS\SYSTEM\DXTRANS.DLL *C:\WINDOWS\SYSTEM\ATL.DLL *C:\WINDOWS\SYSTEM\MSLS31.DLL *C:\WINDOWS\SYSTEM\JSCRIPT.DLL *C:\WINDOWS\SYSTEM\IMM32.DLL *C:\WINDOWS\SYSTEM\MSHTML.DLL *C:\WINDOWS\SYSTEM\LINKINFO.DLL *C:\WINDOWS\SYSTEM\MPR.DLL *C:\WINDOWS\SYSTEM\RNR20.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL *C:\WINDOWS\SYSTEM\MSAFD.DLL *C:\WINDOWS\SYSTEM\WSOCK32.DLL *C:\WINDOWS\SYSTEM\MSWSOCK.DLL *C:\WINDOWS\SYSTEM\WS2_32.DLL *C:\WINDOWS\SYSTEM\WS2HELP.DLL *C:\WINDOWS\SYSTEM\MLANG.DLL *C:\PROGRAM FILES\GETRIGHT\IE2GR.DLL *C:\WINDOWS\SYSTEM\WINSPOOL.DRV *C:\WINDOWS\SYSTEM\COMDLG32.DLL *C:\WINDOWS\SYSTEM\WINMM.DLL *C:\WINDOWS\SYSTEM\SHDOCLC.DLL *C:\WINDOWS\SYSTEM\URLMON.DLL *C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL *C:\WINDOWS\SYSTEM\OLEPRO32.DLL *C:\WINDOWS\SYSTEM\MYDOCS.DLL *C:\WINDOWS\SYSTEM\SHFOLDER.DLL *C:\WINDOWS\SYSTEM\WININET.DLL *C:\WINDOWS\SYSTEM\CRYPT32.DLL *C:\WINDOWS\SYSTEM\RPCRT4.DLL *C:\WINDOWS\SYSTEM\MSOSS.DLL *C:\WINDOWS\SYSTEM\BROWSELC.DLL *C:\WINDOWS\SYSTEM\BROWSEUI.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\SHELL32.DLL *C:\WINDOWS\SYSTEM\SHDOCVW.DLL *C:\WINDOWS\SYSTEM\COMCTL32.DLL *C:\WINDOWS\SYSTEM\SHLWAPI.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\MSVCRT.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF05A715=C:\WINDOWS\SYSTEM\DDHELP.EXE *C:\WINDOWS\SYSTEM\DDRAW.DLL *C:\WINDOWS\SYSTEM\NTDLL.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\WINDOWS\SYSTEM\WINMM.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL +FF069CC9=C:\PROGRAM FILES\STARTDRECK.EXE *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWIDLE.DLL *C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\AVCOMMEX.DLL *C:\WINDOWS\SYSTEM\VERSION.DLL *C:\PROGRAM FILES\VB4DE32.DLL *C:\PROGRAM FILES\VB40032.DLL *C:\WINDOWS\SYSTEM\OLEPRO32.DLL *C:\WINDOWS\SYSTEM\OLEAUT32.DLL *C:\WINDOWS\SYSTEM\OLE32.DLL *C:\WINDOWS\SYSTEM\MSVCRT20.DLL *C:\WINDOWS\SYSTEM\USER32.DLL *C:\WINDOWS\SYSTEM\GDI32.DLL *C:\WINDOWS\SYSTEM\ADVAPI32.DLL *C:\WINDOWS\SYSTEM\KERNEL32.DLL »VMM32Files (LM) *vdd.vxd= *vflatd.vxd= *vshare.vxd= *vwin32.vxd= *vfbackup.vxd= *vcomm.vxd= *combuff.vxd= *vcd.vxd= *vpd.vxd= *spooler.vxd= *udf.vxd= *vfat.vxd= *vcache.vxd= *vcond.vxd= *vcdfsd.vxd= *int13.vxd= *vxdldr.vxd= *vdef.vxd= *dynapage.vxd= *configmg.vxd= *ntkern.vxd= *ebios.vxd= *vmd.vxd= *dosnet.vxd= *vpicd.vxd= *vtd.vxd= *reboot.vxd= *vdmad.vxd= *vsd.vxd= *v86mmgr.vxd= *pageswap.vxd= *dosmgr.vxd= *vmpoll.vxd= *shell.vxd= *parity.vxd= *biosxlat.vxd= *vmcpd.vxd= *vtdapi.vxd= *perf.vxd= *vkd.vxd= *vmouse.vxd= *mtrr.vxd= *enable.vxd= »%System%\VMM32 *C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD *C:\WINDOWS\SYSTEM\VMM32\IOS.VXD *C:\WINDOWS\SYSTEM\VMM32\QEMMFIX.VXD »%System%\IOSUBSYS *C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV *C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR *C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR *C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR *C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR *C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD *C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD *C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD *C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD *C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD *C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD *C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD *C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD *C:\WINDOWS\SYSTEM\IoSubSys\PPA3.MPD *C:\WINDOWS\SYSTEM\IoSubSys\Clikcard.mpd *C:\WINDOWS\SYSTEM\IoSubSys\USB_IOS.PDR *C:\WINDOWS\SYSTEM\IoSubSys\IOMEGA.VXD *C:\WINDOWS\SYSTEM\IoSubSys\AFL.VXD *C:\WINDOWS\SYSTEM\IoSubSys\DDTHINGS.vxd *C:\WINDOWS\SYSTEM\IoSubSys\cdr4vsd.vxd *C:\WINDOWS\SYSTEM\IoSubSys\cdralvsd.vxd *C:\WINDOWS\SYSTEM\IoSubSys\acbhlpr.vxd *C:\WINDOWS\SYSTEM\IoSubSys\ENSQIO.VXD »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User the difference between this one and the previous one (a few posts ago) is that Tetonbob told me to uncheck only: System/Running Process -> List Modules |
|
|
|
|
08-28-2005, 09:33 PM
|
#26 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,206
OS: 2000 Pro; XP Pro; XP Home
|
stretched -
Have you tried the manual registry search as suggested by MicroBell? Did you try to run the tools in safe mode? Quote:
We need some way to access the location of these registry locations to help you remove this beast.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
08-28-2005, 10:21 PM
|
#27 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
i can (edited: can't) run that, i opened it as asked before, typed specifc911 it just gives an error box.
How about regseeker I have that and it works, is there some setting that will give a usable log? Because all I can do is get it to find stuff that is red or is missing something, and the list of those is humongous and I could not see how to save it???? As for the user account, as I explained before I tried to go under control panel, users, that just opens the IE window, I will try to log on as the old user name, I think I saw it in one of the logs I posted, maybe the password was john, I think..... Last edited by stretched; 08-28-2005 at 10:27 PM. |
|
|
|
|
08-28-2005, 10:48 PM
|
#29 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
alright figured out the other user name and all, ran regedit, searched for specific911 did not find, rebooted as other user did the same, nothing, I remember doing that before and deleting the files that were there with it when it was found with the exception of one that it said value not defined can not delete or something like that, i did save the registry before making those changes though....
I also ran regseeker in the second user (Khalil) and it did not find specific911. Sorry about being confused before....I have too many reg programs in my task schedular now, getting their names mixed up but for sure regsrch does not work, just gives an error box Script: C:\\WINDOWS\Desktop\RegSrch.vbs Line: 27 Char: 1 Error: U Code: 80020009 Source: WshShell.Run that is the windows script host box that appears with an "x" and the only option "ok" when using regsrch |
|
|
|
|
09-09-2005, 04:31 PM
|
#31 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
Back on line
Greetings hard workers, grateful stretched is back after hurricane cleanup, still suffering from specific911 as per previous posts in this thread, would be very grateful if someone could help - picking up where we left off before the hurricane....thanks to all...
|
|
|
|
|
09-11-2005, 01:30 AM
|
#32 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Post another hijackthis log so we can see were we stand.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
09-12-2005, 09:12 AM
|
#33 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
NEW HJT Log
Thanks:
Logfile of HijackThis v1.99.1 Scan saved at 10:10:51 ص, on 12/09/05 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [SystemTray] SysTray.ExE O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.0\THGuard.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q O4 - Startup: GetRight Monitor.lnk = C:\Program Files\GetRight\getright.exe O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab |
|
|
|
|
09-12-2005, 03:35 PM
|
#34 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Before we go any further...
Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system. IE6 is outdated and there is a bunch of patchs for many security holes that needs installed. Once that's complete....post another log. Sorry..I didn't take notice of it before...but we need to "PLUG" the holes in IE6 first. I also need the logs from the following tools.. Download Rkfiles.zip http://skads.org/special/rkfiles.zip UNZIP the contents to a permanent folder on your desktop. Download the following attachment remv3.zip http://forums.skads.org/index.php?showtopic=80 Make a folder on the root drive C:\ and unzip the files into it. REBOOT TO SAFE MODE… These tools MUST be run in safe mode!! Once in safe mode… Double click rkfiles.bat It will scan for a while, so please be patient. Wait till the dos window closes. Open the C:\log.txt it created and rename it log1.txt. Now Open the folder were you saved remv3.zip files and click the rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt **Note** Each tool uses log.txt as it’s output file so make sure you save the entry’s from one tool before running the other as it will overwrite the file if you don’t. Reboot back to normal mode and post the contents of both the log.txt and log1.txt in your next post.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
09-12-2005, 08:47 PM
|
#35 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
in the interest of not doing anything else really stupid, thought I'd better note this from the windows update link you provided:
"The Windows Update Web site no longer supports the following operating system locales: Arabic (Enabled)" And that is me, 98 Arabic (Enabled), is there something there that I should get anyway, or will that not be possible, etc.? |
|
|
|
|
09-12-2005, 08:57 PM
|
#36 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
hey this link:
http://forums.skads.org/index.php?showtopic=80 lead to another link on that forum http://forums.skads.org/index.php?showtopic=33 which lead to this link in the second post there: http://forums.skads.org/index.php?ac...ype=post&id=23 which lead to: "This menu has been disabled" I did download the other one.... |
|
|
|
|
09-12-2005, 11:56 PM
|
#37 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Check your links again. I just checked (Via the links I posted) and both are up and active. The second link leads you to a post. In that thread the tool is attached to a post. Download it from there. As I said...it's active and up.
As for Windows update..try going through this link... http://windowsupdate.microsoft.com/ Is your version Arabic?
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
09-15-2005, 09:06 AM
|
#39 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
Alright I tried the second Microsoft link and it refered me to the same message as the last one:
The Windows Update Web site no longer supports the following operating system locales: Arabic (Enabled) Greek OEM codepage 869 Hebrew (Enabled) Slovak Slovenian Thai (Enabled) end quote It is telling me that after "checking for updates" And since I have Arabic (enabled) I am not sure if I should just look under the regular 98 and download what if any of that stuff.... |
|
|
|
|
09-15-2005, 10:23 AM
|
#40 (permalink) |
|
Registered User
Join Date: Aug 2005
Posts: 115
OS: Windows XP
|
alright, here are the logs, and I screwed one up the first time, because I renamed the first one as you said, but while it is open via "save as", and I did not close it, so the second program could not create a logtext since the source of log1 was ...etc., when I looked at log which should have been the new one it was the same as the old one. So I ran the second one again after closing log1 file so that is the situation with log.txt.....:
ECHO is off PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\SYSTEM\aswBoot.exe: UPX!t$ C:\WINDOWS\SYSTEM\DivX.dll: PEC2 Files Found in all users startup Folder............ ------------------------ Files Found in all users windows Folder............ ------------------------ C:\WINDOWS\RMAgentOutput.dll: UPX! Finished bye The batch is run from -- Checking for version 1 Files....... "Files found" --------------------------------------------------------------------- deleting files........ --------------------------------------------------------- "Files Not Deleted" --------------------------------------------------------------------- Checking for version 2 files.......... Files Found ------------------------------------------------------------ deleting files........ --------------------------------------------------------- Files Not deleted ------------------------------------------------------------ Checking version 3 Files................... Files Found .................. ---------------------------------------- Files not Deleted............. ---------------------------------------- Merging registry entries ----------------------------------------------------------------- The Registry Entries Found... ----------------------------------------------------------------- Other bad files to be Manually deleted.. Please Note that This might also list Legit Files, be careful while Deleting ----------------------------------------------------------------- Volume in drive C has no label Volume Serial Number is 1045-19D9 Directory of C:\WINDOWS\SYSTEM 25,334.59 MB free Finished |
|
|
|
| Thread Tools | |
|
|
