trojan=spy.html.smitfraud.c

papaya · 2005/05/23

I am running windows 98 and have the smitfraud.c problem.
I downloaded the file referred to in an earlier posting
which deletes tempoery files and have run "hijackthis ".
Below is my log. What next???

Logfile of HijackThis v1.99.1
Scan saved at 10:58:18 AM, on 5/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SHOPSAFE\SHOPSAFE.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\SCW64.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\SMITFRAUD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
O2 - BHO: (no name) - {835735A9-EBE1-49CB-B82A-FC8A0F661796} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\SYSTEM\acriehlp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShopSafe] C:\PROGRA~1\SHOPSAFE\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [OpwareSE2] "c:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CPQInet Runtime Service] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {8E0FF287-11D4-4D4A-949D-FB917B328769} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E0FF287-11D4-4D4A-949D-FB917B328769} - (no file) (HKCU)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/n_GELiWiDJ0fjLLrcrHk.chm::/on-line.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Filter: text/plain - {606EA0E3-0AA6-4B26-9A41-5AAD4FA02536} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O18 - Filter: text/html - {606EA0E3-0AA6-4B26-9A41-5AAD4FA02536} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O21 - SSODL: DXMediax - {3CC5DDBD-3705-4b96-909A-FF9341B63E2E} - C:\WINDOWS\SYSTEM\dxmediax.dll

noahdfear · 2005/05/23

Welcome to WindowsBBS papaya

Have you run the smitfraud tool yet? Ad-aware? Spybot? If not, run them and post back with a new HijackThis log.

Have some things to do, but will be back on later and try to get a fix worked up for you. Hang in there!

papaya · 2005/05/23

Dave - yes, I have used the "smitfraud" tool you refered to in another thread, I have also run another scan of the system with spybot, ran hyjack this and posted the log below.

Logfile of HijackThis v1.99.1
Scan saved at 06:01:41 PM, on 5/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SHOPSAFE\SHOPSAFE.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\SCW64.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\DESKTOP\SMITFRAUD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
O2 - BHO: (no name) - {835735A9-EBE1-49CB-B82A-FC8A0F661796} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\SYSTEM\acriehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShopSafe] C:\PROGRA~1\SHOPSAFE\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [OpwareSE2] "c:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CPQInet Runtime Service] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O4 - Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {8E0FF287-11D4-4D4A-949D-FB917B328769} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E0FF287-11D4-4D4A-949D-FB917B328769} - (no file) (HKCU)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/n_GELiWiDJ0fjLLrcrHk.chm::/on-line.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Filter: text/plain - {606EA0E3-0AA6-4B26-9A41-5AAD4FA02536} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O18 - Filter: text/html - {606EA0E3-0AA6-4B26-9A41-5AAD4FA02536} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O21 - SSODL: DXMediax - {3CC5DDBD-3705-4b96-909A-FF9341B63E2E} - C:\WINDOWS\SYSTEM\dxmediax.dll

noahdfear · 2005/05/26

Sorry for the delay.

1. Download: "StartDreck" from:

http://www.niksoft.at/download/startdreck.htm

2. Extract the file into c:\startdreck.

3. Navigate to c:\startdreck and double-click on Startdreck.exe

4. When the program opens click on the Config button.

5. Then click on the mark all button.

6. Press the OK button.

7. Press the Save button. Type in the location you want to save the log to, or use the defaults which will save the log into the directory you are running the program from. If you choose the defaults the filename for the log will be StartDreck.log.

8. Post a copy of the log here.

papaya · 2005/05/26

smitfraud

Dave - The log created was too large to post, according to your web site.
I am attaching the log to an email I will send you. If I have done something wrong in creating the log file let me know, I think I folloewed your directions. I am using the following email addres: http://www.windowsbbs.com/member.php?u=8850

Papaya

noahdfear · 2005/05/26

You'll have to put it into two or more posts.

papaya · 2005/05/27

stardeck post 1

StartDreck (build 2.1.7 public stable) - 2005-05-26 @ 20:40:32 (GMT -07:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as Default at COMPUTER

»Registry
»Run Keys
»Current User
»Run
*AIM=C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
*Reminder=C:\Program Files\Microsoft Money\System\reminder.exe
*WindowsFY=C:\WP.EXE
*Spyware Doctor= "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
*SpyKiller=C:\Program Files\SpyKiller\spykiller.exe /startup
*BestPopUpKiller=C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
»RunOnce
»Default User
»Run
*AIM=C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
*Reminder=C:\Program Files\Microsoft Money\System\reminder.exe
*WindowsFY=C:\WP.EXE
*Spyware Doctor= "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
*SpyKiller=C:\Program Files\SpyKiller\spykiller.exe /startup
*BestPopUpKiller=C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
»RunOnce
»Local Machine
»Run
*TaskMonitor=c:\windows\taskmon.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SystemTray=SysTray.Exe
*EM_EXEC=c:\mouse\system\em_exec.exe
*CPQEASYACC=C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
*EACLEAN=C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
*Service Connection=c:\cpqs\bwtools\sccenter.exe
*MotiveMonitor=C:\Program Files\Motive\MotiveAssistant\motmon.exe
*McAfeeWebScanX=C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
*Vshwin32EXE=C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*TkBellExe= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*ShopSafe=C:\PROGRA~1\SHOPSAFE\ShopSafe.exe /dontopenmycards
*OpwareSE2= "c:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
*sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
*BDMCon=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
*BitDefender Virus Shield=C:\Program Files\Softwin\BitDefender8\vsserv.exe
*BDNewsAgent=C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*CPQInet Runtime Service=c:\compaq\CPQInet\CpqInet.exe
*isdbdc=c:\compaq\internet\isdbdc.exe
*CPQDFWAG=C:\WINDOWS\cpqdiag\CpqDfwAg.exe
*KB891711=c:\windows\SYSTEM\KB891711\KB891711.EXE
*BitDefender Live! Init=C:\Program Files\Softwin\BitDefender8\bdinit.exe
*BitDefender Communicator=C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
*BitDefender Scan Server=C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
»RunServicesOnce
**vf=rundll32 C:\WINDOWS\NETDWT.INI,DllGetClassObject
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile= "%1" %*
+.com
*comfile= "%1" %*
+.disabled
*SpybotSD.DisabledFile= "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1 "
+.exe
*exefile= "%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile= "C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile= "C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=c:\windows\WScript.exe "%1" %*
+.jse
*JSEFile=C:\windows\WScript.exe "%1" %*
+.pif
*piffile= "%1" %*
+.reg
*regfile=regedit.exe "%1 "
+.scr
*scrfile= "%1" /S
+.txt
*txtfile=c:\windows\NOTEPAD.EXE %1
+.vbs
*VBSFile=c:\windows\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\windows\WScript.exe "%1" %*
+.wsh
*WSHFile=c:\windows\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\windows\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Windows Setup - Applets/AppletsPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf
+Windows Setup - Fonts/FontsPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf
+Internet Connection Wizard/{5A8D6EE0-3E18-11D0-821E-444553540000}
*StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
+PerUser_ICW_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf
+Internet Explorer 6 and Internet Tools/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395}
*StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
+MSN-Migration/>PerUser_MSN_Clean
*StubPath=c:\windows\msnmgsr1.exe
+Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06}
*StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
+Windows Setup - System Information/PerUser_Msinfo
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf
+Windows Setup - System Information/PerUser_Msinfo2
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf
+Windows Setup - Multimedia/MotownMmsysPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf
+Windows Setup - Multimedia/MotownAvivideoPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf
+Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
+Windows Setup - Multimedia/MotownMPlayPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\mplay98.inf
+Windows Setup - Messaging/PerUser_Base
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf
+Windows Setup - Shell/ShellPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf
+Windows Setup - Color Schemes/Shell2PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf
+Windows Setup - Start Menu/PerUser_winbase_Links
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf
+Windows Setup - Start Menu/PerUser_winapps_Links
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf
+Windows Setup - Links Bar/PerUser_LinkBar_URLs
*StubPath=c:\windows\COMMAND\sulfnbk.exe /L
+Windows Setup - Telephony Support/TapiPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf
+Web Folders/{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\webfdr16.inf,PerUserStub.Install,1
+Windows Setup - More Applets/PerUserOldLinks
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf
+Windows Setup - Sound Schemes/MmoptRegisterPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Online Services/OlsPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf
+Windows Setup - The Microsoft Network/OlsMsnPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf
+Windows Setup - Paint/PerUser_Paint_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf
+Windows Setup - Calculator/PerUser_Calc_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf
+Windows Setup - DriveSpace/PerUser_dxxspace_Links
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf
+Windows Setup - Backup/PerUser_MSBackup_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf
+Windows Setup - FAT32 Converter/PerUser_CVT_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis_remove 64 c:\windows\INF\applets1.inf
+Windows Setup - Accessibility/PerUser_Enable_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf
+Windows Setup - Multimedia/MotownRecPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf
+Windows Setup - Volume Control/PerUser_Vol
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf
+Windows Setup - Wordpad/PerUser_MSWordPad_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf
+Windows Setup - Dial-Up Networking/PerUser_RNA_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf
+Windows Setup - Games/PerUser_Wingames_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - System Monitor/PerUser_Sysmon_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis_remove 64 c:\windows\INF\appletpp.inf
+Windows Setup - System Meter/PerUser_Sysmeter_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Rem_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - Netwatch/PerUser_netwatch_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Rem_Inis 64 C:\windows\INF\appletpp.inf
+Windows Setup - Character Map/PerUser_CharMap_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - HyperTerminal/PerUser_Onlinelnks_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - Phone Dialer/PerUser_Dialer_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf
+Windows Setup - Clipboard Viewer/PerUser_ClipBrd_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf
+Windows Setup - Sound Schemes/MmoptMusicaPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptJunglePerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptRobotzPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptUtopiaPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf
+Windows Setup - CD Player/PerUser_CDPlayer_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf
+NetMeeting 3.0/{44BBA842-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
+Windows Setup - America Online/OlsAolPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 c:\windows\INF\ols.inf
+Windows Setup - AT&T WorldNet Service/OlsAttPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 c:\windows\INF\ols.inf
+Windows Setup - CompuServe/OlsCompuservePerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 c:\windows\INF\ols.inf
+Windows Setup - Prodigy Internet/OlsProdigyPerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 c:\windows\INF\ols.inf
+Windows Setup - Shell Cursors/Shell3PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf
+Windows Setup -- Themes/Theme_Windows_PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf
+Windows Setup -- Themes/Theme_MoreWindows_PerUser
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf
+Web Publishing Wizard/{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\windows\INF\wpie5x86.inf,PerUserStub
+IE Customization/>IEPerUser
*StubPath=RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
+Windows Setup - Direct Cable Connection/PerUser_DCC_Inis
*StubPath=rundll.exe c:\windows\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf
+Windows Setup - Preptool/PerUser_Preptool
*StubPath=rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF
+Default Channel Setup/Chl99
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\chl99.inf,InstallUser
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
+{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
»Browser Helper Objects (LM)
*BhoShopSafe.ShopSafeBrowserHelper.1/{333F6B96-3992-4D58-A499-145A10FE48C3}
`InprocServer32=C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*{835735A9-EBE1-49CB-B82A-FC8A0F661796}
`InprocServer32=C:\WINDOWS\SYSTEM\BPIJ.DLL
*IEHlprObj.IEHlprObj.1/{CE7C3CF0-4B15-11D1-ABED-709549C10000}
`InprocServer32=C:\WINDOWS\SYSTEM\acriehlp.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
»Internet Explorer
»Current User
*HomeOldSP=about:blank
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=res://c:\windows\TEMP\se.dll/spage.html
*Search Page=about:blank
*Start Page=about:blank
*SearchAssistant=about:blank
+SearchUrl
*provider=
*=http://keyword.netscape.com/keyword/%s
»Default User
*HomeOldSP=about:blank
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=res://c:\windows\TEMP\se.dll/spage.html
*Search Page=about:blank
*Start Page=about:blank
*SearchAssistant=about:blank
+SearchUrl
*provider=
*=http://keyword.netscape.com/keyword/%s
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*HomeOldSP=about:blank
*Local Page=c:\windows\SYSTEM\blank.htm
*Search Bar=res://c:\windows\TEMP\se.dll/spage.html
*Search Page=about:blank
*Start Page=about:blank
*CustomizeSearch=
*SearchAssistant=about:blank
»ShellServiceObjectDelayLoad (LM)
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*DXMediax={3CC5DDBD-3705-4b96-909A-FF9341B63E2E}
`InprocServer32=C:\WINDOWS\SYSTEM\dxmediax.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=
*SHELL=
»Default User
*Load=
*Run=
*Programs=
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=
*Userinit=
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Adobe Gamma Loader.exe.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Dexxa Optical Mouse.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\PowerReg SchedulerV2.exe
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Adobe Gamma Loader.exe.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Dexxa Optical Mouse.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\PowerReg SchedulerV2.exe
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=explorer.exe addition.exe
»Text Files
*C:\WINDOWS\msdos.sys
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
`[Options]
`BootMulti=0
`BootGUI=1
`DoubleBuffer=1

papaya · 2005/05/27

stardreck post 2

`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
*C:\msdos.sys
`[Options]
`BootGUI=1
`BootMulti=1
`DoubleBuffer=1
`AutoScan=1
`WinVer=4.10.2222
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
`Network=0
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
*C:\config.sys
`DEVICE=C:\essolo.sys
`DEVICE=C:\WINDOWS\HIMEM.SYS
`DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
`DOS=HIGH,UMB,AUTO
`FILESHIGH=80
`BUFFERSHIGH=40,4
`DEVICEHIGH=C:\WINDOWS\SYSTEM\CPQIDECD.SYS /D:IDECD001
`SHELL=C:\COMMAND.COM /P /E:2048
*C:\autoexec.bat
`@Echo off
`if exist c:\pipost.bat call c:\pipost.bat
`if exist c:\pipost.bat del c:\pipost.bat
`SET TEMP=C:\DOS
`PATH C:\BAT;C:\QB;c:\pcwrite;c\pfs;c:\news
`SET PATH=C:\WINDOWS\SYSTEM\WBEM;%PATH%
*C:\WINDOWS\wininit.bak
`[rename]
`C:\WINDOWS\SYSTEM\SOCKSPY.DLL=C:\WINDOWS\SYSTEM\SOCKSP~1.AVX
`C:\PROGRA~1\COMMON~1\SOFTWIN\BITDEF~1\PLUGINS\UPDATE.TXT=C:\PROGRA~1\COMMON~1\SOFTWIN\BITDEF~1\PLUGINS\UPDATE~1.AVX
`C:\PROGRA~1\COMMON~1\SOFTWIN\BITDEF~1\PLUGINS\EMALWARE.IVD=C:\PROGRA~1\COMMON~1\SOFTWIN\BITDEF~1\PLUGINS\EMALWA~1.AVX
`C:\PROGRA~1\COMMON~1\SOFTWIN\BITDEF~1\PLUGINS\CRAN.IVD=C:\PROGRA~1\COMMON~1\SOFTWIN\BITDEF~1\PLUGINS\CRANIV~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\BDNEWS.EXE=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDNEWS~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\BDCH.DLL=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDCHDL~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\BDSUBMIT.EXE=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDSUBM~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\BDSUBMIT.DLL=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDSUBM~2.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\GETFILE.DLL=C:\PROGRA~1\SOFTWIN\BITDEF~1\GETFIL~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\BDLITE.EXE=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDLITE~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\LIBRTVR.DLL=C:\PROGRA~1\SOFTWIN\BITDEF~1\LIBRTV~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\LIVE.DLL=C:\PROGRA~1\SOFTWIN\BITDEF~1\LIVEDL~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\MAIN.DLL=C:\PROGRA~1\SOFTWIN\BITDEF~1\MAINDL~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\VSHIELD.DLL=C:\PROGRA~1\SOFTWIN\BITDEF~1\VSHIEL~1.AVX
`C:\PROGRA~1\SOFTWIN\BITDEF~1\BDNAGENT.EXE=C:\PROGRA~1\SOFTWIN\BITDEF~1\BDNAGE~1.AVX
*C:\WINDOWS\dosstart.bat
`@echo off
`C:\essolo.com
`c:\mouse\mouse.exe
`LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
»Program Files
*C:\io.sys
*C:\WINDOWS\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\COMMAND.PIF
*C:\WINDOWS\COMMAND.PIF
*C:\WINDOWS\COMMAND.COM
*C:\WINDOWS\COMMAND.PIF
*C:\WINDOWS\COMMAND.COM
+C:\autoexec.bat
*C:\BAT\AUTOEXEC.BAT
+C:\Q.BAT
*C:\BAT\Q.BAT
+C:\WINDOWS\SYSTEM\LTREMOVE.EXE
*C:\WINDOWS\LTREMOVE.EXE
*C:\WINDOWS\LTREMOVE.EXE
+C:\WINDOWS\SYSTEM\IsUninst.Exe
*C:\WINDOWS\IsUninst.exe
*C:\WINDOWS\IsUninst.exe
+C:\WINDOWS\DOSPRMPT.PIF
*C:\WINDOWS\DOSPRMPT.PIF
+C:\WINDOWS\MS-DOS Mode for Games.pif
*C:\WINDOWS\MS-DOS Mode for Games.pif
+C:\WINDOWS\MS-DOS Mode for Games with EMS and XMS Support.pif
*C:\WINDOWS\MS-DOS Mode for Games with EMS and XMS Support.pif
+C:\WINDOWS\Exit To Dos.pif
*C:\WINDOWS\Exit To Dos.pif
+C:\WINDOWS\WIN.COM
*C:\WINDOWS\WIN.COM
+C:\WINDOWS\HWINFO.EXE
*C:\WINDOWS\HWINFO.EXE
+C:\WINDOWS\MPLAYER.EXE
*C:\WINDOWS\MPLAYER.EXE
+C:\WINDOWS\CLSPACK.EXE
*C:\WINDOWS\CLSPACK.EXE
+C:\WINDOWS\DOSREP.EXE
*C:\WINDOWS\DOSREP.EXE
+C:\WINDOWS\DRWATSON.EXE
*C:\WINDOWS\DRWATSON.EXE
+C:\WINDOWS\EXPLORER.EXE
*C:\WINDOWS\EXPLORER.EXE
+C:\WINDOWS\EXTRAC32.EXE
*C:\WINDOWS\EXTRAC32.EXE
+C:\WINDOWS\FONTVIEW.EXE
*C:\WINDOWS\FONTVIEW.EXE
+C:\WINDOWS\GRPCONV.EXE
*C:\WINDOWS\GRPCONV.EXE
+C:\WINDOWS\MSNMGSR1.EXE
*C:\WINDOWS\MSNMGSR1.EXE
+C:\WINDOWS\NETDDE.EXE
*C:\WINDOWS\NETDDE.EXE
+C:\WINDOWS\PIDSET.EXE
*C:\WINDOWS\PIDSET.EXE
+C:\WINDOWS\SETDEBUG.EXE
*C:\WINDOWS\SETDEBUG.EXE
+C:\WINDOWS\SIGVERIF.EXE
*C:\WINDOWS\SIGVERIF.EXE
+C:\WINDOWS\TUNEUP.EXE
*C:\WINDOWS\TUNEUP.EXE
+C:\WINDOWS\UPWIZUN.EXE
*C:\WINDOWS\UPWIZUN.EXE
+C:\WINDOWS\WINREP.EXE
*C:\WINDOWS\WINREP.EXE
+C:\WINDOWS\WSCRIPT.EXE
*C:\WINDOWS\WSCRIPT.EXE
+C:\WINDOWS\SMARTDRV.EXE
*C:\WINDOWS\SMARTDRV.EXE
+C:\WINDOWS\ACCSTAT.EXE
*C:\WINDOWS\ACCSTAT.EXE
+C:\WINDOWS\ASD.EXE
*C:\WINDOWS\ASD.EXE
+C:\WINDOWS\CALC.EXE
*C:\WINDOWS\CALC.EXE
+C:\WINDOWS\CLEANMGR.EXE
*C:\WINDOWS\CLEANMGR.EXE
+C:\WINDOWS\CONTROL.EXE
*C:\WINDOWS\CONTROL.EXE
+C:\WINDOWS\CVTAPLOG.EXE
*C:\WINDOWS\CVTAPLOG.EXE
+C:\WINDOWS\DEFRAG.EXE
*C:\WINDOWS\DEFRAG.EXE
+C:\WINDOWS\DRVSPACE.EXE
*C:\WINDOWS\DRVSPACE.EXE
+C:\WINDOWS\EMM386.EXE
*C:\WINDOWS\EMM386.EXE
+C:\WINDOWS\REGEDIT.EXE
*C:\WINDOWS\REGEDIT.EXE
+C:\WINDOWS\MM2ENT.EXE
*C:\WINDOWS\MM2ENT.EXE
+C:\WINDOWS\NOTEPAD.EXE
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\PACKAGER.EXE
*C:\WINDOWS\PACKAGER.EXE
+C:\WINDOWS\PBRUSH.EXE
*C:\WINDOWS\PBRUSH.EXE
+C:\WINDOWS\PROGMAN.EXE
*C:\WINDOWS\PROGMAN.EXE
+C:\WINDOWS\RG2CATDB.EXE
*C:\WINDOWS\RG2CATDB.EXE
+C:\WINDOWS\RUNDLL.EXE
*C:\WINDOWS\RUNDLL.EXE
+C:\WINDOWS\RUNDLL32.EXE
*C:\WINDOWS\RUNDLL32.EXE
+C:\WINDOWS\SCANDSKW.EXE
*C:\WINDOWS\SCANDSKW.EXE
+C:\WINDOWS\SCANREGW.EXE
*C:\WINDOWS\SCANREGW.EXE
+C:\WINDOWS\SNDREC32.EXE
*C:\WINDOWS\SNDREC32.EXE
+C:\WINDOWS\SNDVOL32.EXE
*C:\WINDOWS\SNDVOL32.EXE
+C:\WINDOWS\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\TASKMON.EXE
*C:\WINDOWS\TASKMON.EXE
+C:\WINDOWS\VCMUI.EXE
*C:\WINDOWS\VCMUI.EXE
+C:\WINDOWS\WELCOME.EXE
*C:\WINDOWS\WELCOME.EXE
+C:\WINDOWS\WINFILE.EXE
*C:\WINDOWS\WINFILE.EXE
+C:\WINDOWS\WINHELP.EXE
*C:\WINDOWS\WINHELP.EXE
+C:\WINDOWS\WINHLP32.EXE
*C:\WINDOWS\WINHLP32.EXE
+C:\WINDOWS\WININIT.EXE
*C:\WINDOWS\WININIT.EXE
+C:\WINDOWS\WINVER.EXE
*C:\WINDOWS\WINVER.EXE
+C:\WINDOWS\WRITE.EXE
*C:\WINDOWS\WRITE.EXE
+C:\WINDOWS\CDPLAYER.EXE
*C:\WINDOWS\CDPLAYER.EXE
+C:\WINDOWS\CHARMAP.EXE
*C:\WINDOWS\CHARMAP.EXE
+C:\WINDOWS\CLIPBRD.EXE
*C:\WINDOWS\CLIPBRD.EXE
+C:\WINDOWS\DIALER.EXE
*C:\WINDOWS\DIALER.EXE
+C:\WINDOWS\FREECELL.EXE
*C:\WINDOWS\FREECELL.EXE
+C:\WINDOWS\KODAKIMG.EXE
*C:\WINDOWS\KODAKIMG.EXE
+C:\WINDOWS\KODAKPRV.EXE
*C:\WINDOWS\KODAKPRV.EXE
+C:\WINDOWS\MSHEARTS.EXE
*C:\WINDOWS\MSHEARTS.EXE
+C:\WINDOWS\MSNCREAT.EXE
*C:\WINDOWS\MSNCREAT.EXE
+C:\WINDOWS\DIRECTCC.EXE
*C:\WINDOWS\DIRECTCC.EXE
+C:\WINDOWS\SOL.EXE
*C:\WINDOWS\SOL.EXE
+C:\WINDOWS\TOUR98.EXE
*C:\WINDOWS\TOUR98.EXE
+C:\WINDOWS\TWUNK_16.EXE
*C:\WINDOWS\TWUNK_16.EXE
+C:\WINDOWS\TWUNK_32.EXE
*C:\WINDOWS\TWUNK_32.EXE
+C:\WINDOWS\WINMINE.EXE
*C:\WINDOWS\WINMINE.EXE
+C:\WINDOWS\SETVER.EXE
*C:\WINDOWS\SETVER.EXE
+C:\WINDOWS\ARP.EXE
*C:\WINDOWS\ARP.EXE
+C:\WINDOWS\FTP.EXE
*C:\WINDOWS\FTP.EXE
+C:\WINDOWS\IPCONFIG.EXE
*C:\WINDOWS\IPCONFIG.EXE
+C:\WINDOWS\NET.EXE
*C:\WINDOWS\NET.EXE
+C:\WINDOWS\PING.EXE
*C:\WINDOWS\PING.EXE
+C:\WINDOWS\ROUTE.EXE
*C:\WINDOWS\ROUTE.EXE
+C:\WINDOWS\TELNET.EXE
*C:\WINDOWS\TELNET.EXE
+C:\WINDOWS\TRACERT.EXE
*C:\WINDOWS\TRACERT.EXE
+C:\WINDOWS\WINIPCFG.EXE
*C:\WINDOWS\WINIPCFG.EXE
+C:\WINDOWS\WINPOPUP.EXE
*C:\WINDOWS\WINPOPUP.EXE
+C:\WINDOWS\NETSTAT.EXE
*C:\WINDOWS\NETSTAT.EXE
+C:\WINDOWS\NBTSTAT.EXE
*C:\WINDOWS\NBTSTAT.EXE
+C:\WINDOWS\CpqPrint.exe
*C:\WINDOWS\CpqPrint.exe
+C:\WINDOWS\uninst.exe
*C:\WINDOWS\uninst.exe
+C:\WINDOWS\uninstaol.exe
*C:\WINDOWS\uninstaol.exe
+C:\WINDOWS\Cpqbrand.exe
*C:\WINDOWS\Cpqbrand.exe
+C:\WINDOWS\bwUninst.exe
*C:\WINDOWS\bwUninst.exe
+C:\WINDOWS\Compaq Screen Saver.exe
*C:\WINDOWS\Compaq Screen Saver.exe
+C:\WINDOWS\BITUnins.exe
*C:\WINDOWS\BITUnins.exe
+C:\WINDOWS\cd32.exe
*C:\WINDOWS\cd32.exe
+C:\WINDOWS\QFECHECK.EXE
*C:\WINDOWS\QFECHECK.EXE
+C:\WINDOWS\hh.exe
*C:\WINDOWS\hh.exe
+C:\WINDOWS\wupdmgr.exe
*C:\WINDOWS\wupdmgr.exe
+C:\WINDOWS\addition.exe
*C:\WINDOWS\addition.exe
+C:\WINDOWS\unvise32qt.exe
*C:\WINDOWS\unvise32qt.exe
+C:\WINDOWS\iextract.exe
*C:\WINDOWS\iextract.exe
*C:\WINDOWS\COMMAND\IEXTRACT.EXE
+C:\WINDOWS\REGTLIB.EXE
*C:\WINDOWS\REGTLIB.EXE
+C:\WINDOWS\SNMP.EXE
*C:\WINDOWS\SNMP.EXE
+C:\WINDOWS\java.exe
*C:\WINDOWS\java.exe
+C:\WINDOWS\javaw.exe
*C:\WINDOWS\javaw.exe
+C:\WINDOWS\CUNINST.EXE
*C:\WINDOWS\CUNINST.EXE
+C:\WINDOWS\CUNINST5.EXE
*C:\WINDOWS\CUNINST5.EXE
+C:\WINDOWS\JVIEW.EXE
*C:\WINDOWS\JVIEW.EXE
+C:\WINDOWS\bdoscandel.exe
*C:\WINDOWS\bdoscandel.exe
+C:\WINDOWS\WJVIEW.EXE
*C:\WINDOWS\WJVIEW.EXE
+C:\WINDOWS\ieuninst.exe
*C:\WINDOWS\ieuninst.exe
+C:\WINDOWS\oeuninst.exe
*C:\WINDOWS\oeuninst.exe
+C:\WINDOWS\vgxuninst.exe
*C:\WINDOWS\vgxuninst.exe
+C:\WINDOWS\muninst.exe
*C:\WINDOWS\muninst.exe
+C:\WINDOWS\iun6002.exe
*C:\WINDOWS\iun6002.exe
+C:\WINDOWS\dosstart.bat
*C:\WINDOWS\dosstart.bat
+C:\WINDOWS\tmpdelis.bat
*C:\WINDOWS\tmpdelis.bat
+C:\QB\BRUN20.EXE
*C:\NEWS\BRUN20.EXE
+C:\QB\PR.EXE
*C:\PCWRITE\PR.EXE
*C:\NEWS\PR.EXE
+C:\QB\ADD.EXE
*C:\NEWS\ADD.EXE
+C:\QB\R.BAT
*C:\NEWS\R.BAT
»System/Drivers
»Running Processes
+FFCFFDE5=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFFF8A55=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFBCC5=C:\WINDOWS\SYSTEM\MPREXE.EXE
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\MSNP32.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\RNANP.DLL
*C:\WINDOWS\SYSTEM\IENPSTUB.DLL
*C:\WINDOWS\SYSTEM\MSLOCUSR.DLL
*C:\WINDOWS\SYSTEM\MPRSERV.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE0029=C:\WINDOWS\SYSTEM\MSTASK.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\MSIDLE.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE33C5=C:\COMPAQ\CPQINET\CPQINET.EXE
*C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSEPS.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\COMPAQ\CPQINET\HWSWAL.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEF261=C:\COMPAQ\INTERNET\ISDBDC.EXE
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEE64D=C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\RSVPSP.DLL
*C:\WINDOWS\SYSTEM\RAPILIB.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\CPQDIAG\CPQHMMO.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL

papaya · 2005/05/27

stardreck post 3

*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE9E7D=c:\windows\SYSTEM\KB891711\KB891711.EXE
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC15B45=C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
*C:\WINDOWS\SYSTEM\XGATE.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC14415=C:\WINDOWS\RUNDLL32.EXE
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC11AE5=C:\WINDOWS\SYSTEM\mmtask.tsk
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC19879=C:\WINDOWS\EXPLORER.EXE
*C:\WINDOWS\SYSTEM\MSRATING.DLL
*C:\WINDOWS\SYSTEM\MSRATELC.DLL
*C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
*C:\WINDOWS\SYSTEM\MSHTMLED.DLL
*C:\PROGRAM FILES\CANON\EASY-WEBPRINT\RESOURCE.DLL
*C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
*C:\WINDOWS\SYSTEM\MSVCP71.DLL
*C:\WINDOWS\SYSTEM\MFC71.DLL
*C:\WINDOWS\SYSTEM\MSVCR71.DLL
*C:\WINDOWS\SYSTEM\MSVFW32.DLL
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\DCIMAN32.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\PLUGIN.OCX
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\WINDOWS\TEMP\IADHIDE.DLL
*C:\WINDOWS\SYSTEM\DXTMSFT.DLL
*C:\WINDOWS\SYSTEM\DXTRANS.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\WINDOWS\SYSTEM\DDRAWEX.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SDHELPER.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\BPIJ.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\SOCKSPY.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\BROWSELC.DLL
*C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\CHMID32.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\DXMEDIAX.DLL
*C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\MSI.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\SHD401LC.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\SHDOC401.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEB1D1=C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSEPS.DLL
*C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EABIOA.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\CPQMIXER.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC0B721=C:\WINDOWS\TASKMON.EXE
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC0A241=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\USBUI.DLL
*C:\WINDOWS\SYSTEM\WMI.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\BATMETER.DLL
*C:\WINDOWS\SYSTEM\POWRPROF.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC33855=C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\MSIOSD32.DLL
*C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSDSERV.DLL
*C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQBCM.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\MEDSERV.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSEPS.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLEDLG.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC3F9A1=C:\CPQS\BWTOOLS\SCCENTER.EXE
*C:\CPQS\SCOM\SCPARTNUMBER.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SOCKSPY.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\CPQS\BWTOOLS\SYSTRAYHOOK.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC3E875=C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\MOTUTIL.DLL
*C:\WINDOWS\SYSTEM\SNMPAPI.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC3B369=C:\WINDOWS\SYSTEM\STIMON.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\STI.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC24E29=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC21471=C:\PROGRAM FILES\SHOPSAFE\SHOPSAFE.EXE
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\SOCKSPY.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\MSXML3.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\FFCORE.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\OLEDLG.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\FFSSAFE.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\PROGRAM FILES\SHOPSAFE\SHOPSAFE.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC246C5=C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C DOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE4D41=C:\WINDOWS\RUNDLL32.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\TEMP\SE.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC241E1=C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
*C:\WINDOWS\SYSTEM\RSVPSP.DLL
*C:\WINDOWS\SYSTEM\RAPILIB.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\SOCKSPY.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\FILESPY9X.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\QUARCORE.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\UNICOWS.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\AVICAP32.DLL
*C:\WINDOWS\SYSTEM\MSVFW32.DLL
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\DCIMAN32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\OLEDLG.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\MSVCP71.DLL
*C:\WINDOWS\SYSTEM\MSVCR71.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\MIMEINF.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDPOP3P.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\PROCINF.DLL
*C:\WINDOWS\SYSTEM\XCOMM.DLL

papaya · 2005/05/27

stardreck post 4

*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC559AD=C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\SOCKSPY.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\MSVCR71.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC2BC35=C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
*C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MNYUTIL.DLL
*C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\OLSHARED.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MSPFCTL0.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\MSCOFD.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MFC42.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC580B1=C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\SCW64.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\CHMID32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC444D9=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\ATHN3270.DLL
*C:\PROGRAM FILES\COMMON FILES\REAL\COMMON\PNRS3260.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\PNCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC75EC9=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\WMICORE.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC762BD=C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSIOSD32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\BWCC32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC64B81=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC98985=C:\WINDOWS\SYSTEM\DDHELP.EXE
*C:\WINDOWS\SYSTEM\DD530_32.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\WINDOWS\NETDWT.INI
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC8FEC5=C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\CPQS\BACKWEB\PROGRAM\BWMIB.DLL
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\WINDOWS\TEMP\IADHIDE.DLL
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\SOCKSPY.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\MFC40.DLL
*C:\WINDOWS\SYSTEM\MSVCRT40.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC36D49=C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\MSVCP71.DLL
*C:\WINDOWS\SYSTEM\MSVCR71.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\MIMEINF.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDPOP3P.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\PROCINF.DLL
*C:\WINDOWS\SYSTEM\XCOMM.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\SOCKSPY.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFCAD585=C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
*C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\AVXDISK.DLL
*C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\AVXT.DLL
*C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\LIBFN.DLL
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\TEMP\IADHIDE.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDCORE.DLL
*C:\WINDOWS\SYSTEM\XCOMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC81AE9=C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
*C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\CHMID32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\QUARCORE.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\REPORT.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\QUAR.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\SCHFACE.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\SCHCORE.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSCAN.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSHIELD.DLL
*C:\WINDOWS\SYSTEM\URL.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\LIBRTVR.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\LIVE.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\GETFILE.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\ZLIB.DLL
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\HTTPGETF.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\ANTIVIRUS.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\MAIN.DLL
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\WINDOWS\TEMP\IADHIDE.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\POPUP.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\TXTOOLS.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\MFC71.DLL
*C:\WINDOWS\SYSTEM\XCOMM.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\PROCINF.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDCH.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDSUBMIT.DLL
*C:\WINDOWS\SYSTEM\MSVCP71.DLL
*C:\WINDOWS\SYSTEM\MSVCR71.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FB249D95=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFC68261=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFCF2CFD=C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
*C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\PROOF\MSSPELL3.DLL
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\WINDOWS\SYSTEM\MSHTMLER.DLL
*C:\PROGRAM FILES\COMMON FILES\SYSTEM\WAB32.DLL
*C:\PROGRAM FILES\COMMON FILES\SYSTEM\WAB32RES.DLL
*C:\WINDOWS\SYSTEM\MSI.DLL
*C:\WINDOWS\SYSTEM\RICHED20.DLL
*C:\WINDOWS\SYSTEM\IMGUTIL.DLL
*C:\WINDOWS\SYSTEM\MSHTMLED.DLL
*C:\WINDOWS\SYSTEM\DXTMSFT.DLL
*C:\WINDOWS\SYSTEM\DDRAWEX.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\DXTRANS.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\CHMID32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\PROGRAM FILES\COMMON FILES\SYSTEM\DIRECTDB.DLL
*C:\WINDOWS\SYSTEM\PSTOREC.DLL
*C:\WINDOWS\SYSTEM\MSIDENT.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\MSIDNTLD.DLL
*C:\WINDOWS\SYSTEM\SHFOLDER.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\TEMP\IADHIDE.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\PROGRAM FILES\OUTLOOK EXPRESS\MSOE.DLL
*C:\PROGRAM FILES\OUTLOOK EXPRESS\MSOERES.DLL
*C:\WINDOWS\SYSTEM\INETCOMM.DLL
*C:\WINDOWS\SYSTEM\INETRES.DLL
*C:\WINDOWS\SYSTEM\MSOEACCT.DLL
*C:\WINDOWS\SYSTEM\ACCTRES.DLL
*C:\WINDOWS\SYSTEM\MSOERT2.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FB67C429=C:\WINDOWS\SYSTEM\PSTORES.EXE
*C:\WINDOWS\SYSTEM\PSBASE.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\PSTORERC.DLL
*C:\WINDOWS\SYSTEM\SOFTPUB.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\NETDWT.INI
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FB66A7E5=C:\STARDECK\STARTDRECK.EXE
*C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\CHMID32.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSOSS.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\TEMP\IADHIDE.DLL
*C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPHOOKSE2.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\STARDECK\VB4DE32.DLL
*C:\WINDOWS\NETDWT.INI
*C:\STARDECK\VB40032.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
»NT Services
»NT Kernel- and FS-drivers
»VMM32Files (LM)
*vdd.vxd=
*vflatd.vxd=
*vshare.vxd=
*vwin32.vxd=
*vfbackup.vxd=
*vcomm.vxd=
*combuff.vxd=
*vcd.vxd=
*vpd.vxd=
*spooler.vxd=
*udf.vxd=
*vfat.vxd=
*vcache.vxd=
*vcond.vxd=
*vcdfsd.vxd=
*int13.vxd=
*vxdldr.vxd=
*vdef.vxd=
*dynapage.vxd=
*configmg.vxd=
*ntkern.vxd=
*ebios.vxd=
*vmd.vxd=
*dosnet.vxd=
*vpicd.vxd=
*vtd.vxd=
*reboot.vxd=
*vdmad.vxd=
*vsd.vxd=
*v86mmgr.vxd=
*pageswap.vxd=
*dosmgr.vxd=
*vmpoll.vxd=
*shell.vxd=
*parity.vxd=
*biosxlat.vxd=
*vmcpd.vxd=
*vtdapi.vxd=
*perf.vxd=
*vkd.vxd=
*vmouse.vxd=
*mtrr.vxd=
*enable.vxd=
*hasp95.vxd=
»%System%\VMM32
*C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD
*C:\WINDOWS\SYSTEM\VMM32\IOS.VXD
*C:\WINDOWS\SYSTEM\VMM32\MRCI2.VXD
*C:\WINDOWS\SYSTEM\VMM32\QEMMFIX.VXD
»%System%\IOSUBSYS
*C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV
*C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVSPACX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVWCDB.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVWPPQT.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVWQ117.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\IDECDVSD.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\C2APIX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\C2REC.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\C2UDFFS.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\C2UDFVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\UDF_200.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\UDF_920.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\UDF_JVC.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\SMARTVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\MPUSBSTR.PDR
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

noahdfear · 2005/05/28

Download the stand-alone CWShredder 2.0 from here. Save it to the desktop.

Download Pocket Killbox from here: http://www.downloads.subratam.org/KillBox.zip

Extract the file to a folder, then open and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\SYSTEM\BPIJ.DLL

Check the box to delete on reboot and click the red X to the right. Click Yes, then NO to the reboot now prompt. Copy the next filepath, paste it in the box, and repeat the above steps. When all of the below filepaths are done, allow it to reboot.

C:\WINDOWS\TEMP\SE.DLL
C:\WINDOWS\SYSTEM\dxmediax.dll
C:\WINDOWS\NETDWT.INI

Upon reboot, begin repeatedly tapping F8 to enable the start menu and select safe mode.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {835735A9-EBE1-49CB-B82A-FC8A0F661796} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\SYSTEM\acriehlp.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O9 - Extra button: Microsoft AntiSpyware helper - {8E0FF287-11D4-4D4A-949D-FB917B328769} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E0FF287-11D4-4D4A-949D-FB917B328769} - (no file) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/n_GELiWiDJ0fjL...m::/on-line.exe
O18 - Filter: text/plain - {606EA0E3-0AA6-4B26-9A41-5AAD4FA02536} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O18 - Filter: text/html - {606EA0E3-0AA6-4B26-9A41-5AAD4FA02536} - C:\WINDOWS\SYSTEM\BPIJ.DLL
O21 - SSODL: DXMediax - {3CC5DDBD-3705-4b96-909A-FF9341B63E2E} - C:\WINDOWS\SYSTEM\dxmediax.dll

Open CWShredder, close all other windows and click fix.

Set Windows Explorer to show hidden files and folders.

Open Add/Remove programs and uninstall SpyKiller. It's a rogue antispyware program.

Open C:\Program Files and delete the folder SpyKiller.
Search the drive for and delete all instances of the following files and folder.

powerreg scheduler.exe
powerreg schedulerv2.exe
powerregschedulerv3.exe
powerreg

Open C:\Temp (if present), select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Applog, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all boxes and click OK.

Reboot back into Windows and scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

papaya · 2005/05/29

smitfraud

Thanks so much for all the assistance. I still have a problem where Miscrosoft Office 2000 tries to do an update from CD when explorer starts . It occurs when the popups occured before.

Logfile of HijackThis v1.99.1
Scan saved at 03:44:13 PM, on 5/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SHOPSAFE\SHOPSAFE.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\SCW64.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\MACROMED\FLASH\GETFLASH.EXE
C:\WINDOWS\DESKTOP\SMITFRAUD\HIJACKTHIS.EXE

O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShopSafe] C:\PROGRA~1\SHOPSAFE\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [OpwareSE2] "c:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\vsserv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CPQInet Runtime Service] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

papaya · 2005/05/29

smitfraud repl

I got this message when I tried to run the virus scan you asked for.

Failed to load ActiveX control!
-- You must have administrative rights on this computer;
you also must have the Internet Explorer security settings to the Medium level.

The following is a scan report from Bitdefebder amtivirus scan

//-----------------------------------------------------------------
//
// Product: BitDefender 8 Standard
// Version: 8.0
//
// Created on: 29/05/2005 15:55:26
//
//-----------------------------------------------------------------

Statistics

Scan path : C:\
Folders : 1205
Files : 114790
Archives : 28271
Packed files : 6322
Identified viruses : 4
Infected files : 7
Warnings : 0
Suspect files : 4
Disinfected files : 3
Deleted files : 4
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 17
Scan time : 02:57:31
Scan speed (files/sec) : 10

Virus definitions : 170419
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 23)=>[Subject: Re: "trojan-spy.html.smitfraud.c" from][Date: Sun, 15 May 2005 09:39:50 -0700]=>(MIME part)=>DiagnosticsLog.txt Suspect Exploit.Html.MhtRedir.Gen
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 23)=>[Subject: Re: "trojan-spy.html.smitfraud.c" from][Date: Sun, 15 May 2005 09:39:50 -0700]=>(MIME part)=>DiagnosticsLog.txt Disinfection failed
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 23)=>[Subject: Re: "trojan-spy.html.smitfraud.c" from][Date: Sun, 15 May 2005 09:39:50 -0700]=>(MIME part)=>DiagnosticsLog.txt Move failed
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 26)=>[Subject: Fw: "trojan-spy.html.smitfraud.c"][Date: Fri, 13 May 2005 14:36:03 -0700]=>(MIME part)=>DiagnosticsLog.txt Suspect Exploit.Html.MhtRedir.Gen
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 26)=>[Subject: Fw: "trojan-spy.html.smitfraud.c"][Date: Fri, 13 May 2005 14:36:03 -0700]=>(MIME part)=>DiagnosticsLog.txt Disinfection failed
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 26)=>[Subject: Fw: "trojan-spy.html.smitfraud.c"][Date: Fri, 13 May 2005 14:36:03 -0700]=>(MIME part)=>DiagnosticsLog.txt Move failed
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 29)=>[Subject: Re: "trojan-spy.html.smitfraud.c"][Date: Fri, 6 May 2005 09:02:52 -0700]=>(MIME part)=>DiagnosticsLog.txt Suspect Exploit.Html.MhtRedir.Gen
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 29)=>[Subject: Re: "trojan-spy.html.smitfraud.c"][Date: Fri, 6 May 2005 09:02:52 -0700]=>(MIME part)=>DiagnosticsLog.txt Disinfection failed
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 29)=>[Subject: Re: "trojan-spy.html.smitfraud.c"][Date: Fri, 6 May 2005 09:02:52 -0700]=>(MIME part)=>DiagnosticsLog.txt Move failed
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 30)=>[Subject: Re: "trojan-spy.html.smitfraud.c"][Date: Wed, 4 May 2005 10:45:59 -0700]=>(MIME part)=>DiagnosticsLog.txt Suspect Exploit.Html.MhtRedir.Gen
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 30)=>[Subject: Re: "trojan-spy.html.smitfraud.c"][Date: Wed, 4 May 2005 10:45:59 -0700]=>(MIME part)=>DiagnosticsLog.txt Disinfection failed
C:\WINDOWS\Application Data\Identities\{03FA7420-3FCC-11D3-A1EB-AF89CC02843C}\Microsoft\Outlook Express\Sent Items.dbx=>(message 30)=>[Subject: Re: "trojan-spy.html.smitfraud.c"][Date: Wed, 4 May 2005 10:45:59 -0700]=>(MIME part)=>DiagnosticsLog.txt Move failed
C:\Program Files\Netscape\Users\default\Mail\Trash=>(message 750)=>(base64) Infected Win32.Magistr.B@mm
C:\Program Files\Netscape\Users\default\Mail\Trash=>(message 750)=>(base64) Disinfected
C:\Program Files\Netscape\Users\default\Mail\Trash=>(message 750) Update
C:\Program Files\Netscape\Users\default\Mail\Trash Update failed
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 246)=>[From: duffer41@networkusa.net][Date: Fri, 1 Dec 2000 10:44:22 -0600]=>(MIME part)=>I_wanna_see_YOU.TXT.pif Infected I-Worm.MTX
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 246)=>[From: duffer41@networkusa.net][Date: Fri, 1 Dec 2000 10:44:22 -0600]=>(MIME part)=>I_wanna_see_YOU.TXT.pif Disinfected
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 246)=>[From: duffer41@networkusa.net][Date: Fri, 1 Dec 2000 10:44:22 -0600]=>(MIME part)=>I_wanna_see_YOU.TXT.pif Infected I-Worm.MTX
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 246)=>[From: duffer41@networkusa.net][Date: Fri, 1 Dec 2000 10:44:22 -0600]=>(MIME part)=>I_wanna_see_YOU.TXT.pif Deleted
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 246)=>[From: duffer41@networkusa.net][Date: Fri, 1 Dec 2000 10:44:22 -0600]=>(MIME part) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 246) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox Update failed
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 249)=>[From: duffer41@networkusa.net][Date: Sat, 2 Dec 2000 15:26:38 -0600]=>(MIME part)=>MATRiX_Screen_Saver.SCR Infected I-Worm.MTX
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 249)=>[From: duffer41@networkusa.net][Date: Sat, 2 Dec 2000 15:26:38 -0600]=>(MIME part)=>MATRiX_Screen_Saver.SCR Disinfected
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 249)=>[From: duffer41@networkusa.net][Date: Sat, 2 Dec 2000 15:26:38 -0600]=>(MIME part)=>MATRiX_Screen_Saver.SCR Infected I-Worm.MTX
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 249)=>[From: duffer41@networkusa.net][Date: Sat, 2 Dec 2000 15:26:38 -0600]=>(MIME part)=>MATRiX_Screen_Saver.SCR Deleted
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 249)=>[From: duffer41@networkusa.net][Date: Sat, 2 Dec 2000 15:26:38 -0600]=>(MIME part) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 249) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox Update failed
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 514)=>[Subject: Fwd: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 14:13:16 EST]=>(MIME part)=>(message)=>[Subject: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 10:59:06 -0600]=>(MIME part)=>(message body)=>(JAVASCRIPT 1) Infected JS.Kak.Gen@mm
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 514)=>[Subject: Fwd: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 14:13:16 EST]=>(MIME part)=>(message)=>[Subject: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 10:59:06 -0600]=>(MIME part)=>(message body)=>(JAVASCRIPT 1) Deleted
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 514)=>[Subject: Fwd: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 14:13:16 EST]=>(MIME part)=>(message)=>[Subject: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 10:59:06 -0600]=>(MIME part)=>(message body) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 514)=>[Subject: Fwd: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 14:13:16 EST]=>(MIME part)=>(message)=>[Subject: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 10:59:06 -0600]=>(MIME part) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 514)=>[Subject: Fwd: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 14:13:16 EST]=>(MIME part)=>(message) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 514)=>[Subject: Fwd: Fw: Fw: Fw:][Date: Fri, 23 Feb 2001 14:13:16 EST]=>(MIME part) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 514) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox Update failed
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 592)=>[Subject: Snowhite and the Seven Dwarfs - The RE]=>(MIME part)=>dwarf4you.exe Infected I-Worm.Hybris.B
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 592)=>[Subject: Snowhite and the Seven Dwarfs - The RE]=>(MIME part)=>dwarf4you.exe Deleted
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 592)=>[Subject: Snowhite and the Seven Dwarfs - The RE]=>(MIME part) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox=>(message 592) Update
C:\Program Files\Netscape\Users\default\Mail\Inbox Update failed

noahdfear · 2005/05/31

Looks good other than some email files to remove.

Scan again with HijackThis and fix the following entries.

O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE

I recommend you go to the Microsoft Office Update Center and scan for available/needed updates.

Any other problems?

papaya · 2005/06/04

more smitfraud problems

Dave-

For several days most of the problems were gone. Now they are back.
I am attaching a hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 09:13:05 AM, on 6/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\MOTIVE\MOTIVEASSISTANT\MOTMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SHOPSAFE\SHOPSAFE.EXE
C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE2.0\OPWARESE2.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\PROGRAM FILES\DEXXA OPTICAL MOUSE\SCW64.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CPQS\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\DESKTOP\SMITFRAUD\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\SYSTEM\BHOSSAFE.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {3102BC0E-A084-4DB2-8524-1E05A9E240B1} - C:\WINDOWS\SYSTEM\LGFOAG.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\MotiveAssistant\motmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShopSafe] C:\PROGRA~1\SHOPSAFE\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [OpwareSE2] "c:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] C:\Program Files\Softwin\BitDefender8\vsserv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\bdnagent.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CPQInet Runtime Service] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender8\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Dexxa Optical Mouse.lnk = C:\Program Files\Dexxa Optical Mouse\scw64.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Filter: text/html - {DBFF24D8-5CA2-41AE-870C-F88BEB5FEF98} - C:\WINDOWS\SYSTEM\LGFOAG.DLL
O18 - Filter: text/plain - {DBFF24D8-5CA2-41AE-870C-F88BEB5FEF98} - C:\WINDOWS\SYSTEM\LGFOAG.DLL

noahdfear · 2005/06/04

Please create and post a new Startdreck log.

Log in or Sign up

trojan=spy.html.smitfraud.c

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

papaya Inactive Thread Starter

papaya Inactive Thread Starter

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

trojan=spy.html.smitfraud.c

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

papaya Inactive Thread Starter

papaya Inactive Thread Starter

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

papaya Inactive Thread Starter

noahdfear Inactive

papaya Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches