first HJT log

Status
Not open for further replies.
S

stealthcol

Solid State Member
Messages
17
Hi I followed the common instructions and run ad aware / spybot and anti virus scan, this is my log file.






Logfile of HijackThis v1.99.1
Scan saved at 22:19:39, on 19/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\PROGRAM FILES\COREL\PRINT OFFICE 2000\REGISTER\REMIND32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\BANDWIDTHMETER\BANDWIDTHMETER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMS\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=hpfsched
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\SYSTEM\E_SICN03.EXE /A "C:\WINDOWS\SYSTEM\E_S51B3.TMP"
O4 - Startup: Corel Print Office Registration.lnk = C:\Program Files\Corel\Print Office 2000\Register\Remind32.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\BandwidthMeter\BandwidthMeter.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\WANADOO\WSBAR\WSBAR.DLL/VSearch.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt503/us/win/QuickTimeInstaller.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
 
Hi thanks for looking, the problem I'm having is on shutdown, it hangs and I have to press reset or I get a blue screen saying press any key to restart then I get a black screen with a flashing curser in the top left corner and I have to press restart again. Only happens after going online but not always.
 
Please run an online scan at http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Once it has finished save the activescan log. Then post that log in your next post.

Download: StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'Mark All'

UN-Check the 'NT-Services & NT-Kernel...' boxes only:
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread
 
Hi here's the log from panda activescan


Incident Status Location

Adware:adware/wupd No disinfected C:\PROGRAM FILES\Media Pass
Adware:adware/ncase No disinfected Windows Registry
Virus:Trj/Multidropper.TY Disinfected C:\_RESTORE\TEMP\A0147404.CPY
Adware:Adware/Apropos No disinfected C:\_RESTORE\TEMP\A0147405.CPY
Adware:Adware/WUpd No disinfected C:\_RESTORE\TEMP\A0160515.CPY
Virus:W32/Gibe.C.worm No disinfected C:\_RESTORE\ARCHIVE\FS1735.CAB[A0087282.CPY]
Adware:Adware/TopConvert No disinfected C:\_RESTORE\ARCHIVE\FS1757.CAB[A0093658.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1837.CAB[A0101222.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1837.CAB[A0101225.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1837.CAB[A0101232.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1837.CAB[A0101257.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1837.CAB[A0101258.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1839.CAB[A0101282.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1839.CAB[A0101285.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1839.CAB[A0101290.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1842.CAB[A0101368.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1842.CAB[A0101372.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1842.CAB[A0101376.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1845.CAB[A0101630.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1845.CAB[A0101633.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1845.CAB[A0101644.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1835.CAB[A0099222.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1835.CAB[A0099225.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1835.CAB[A0099230.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1846.CAB[A0101931.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1840.CAB[A0101313.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1840.CAB[A0101316.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1840.CAB[A0101321.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1841.CAB[A0101327.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1841.CAB[A0101330.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\ARCHIVE\FS1841.CAB[A0101335.CPY]
Dialer:Dialer.VG No disinfected C:\_RESTORE\ARCHIVE\FS1849.CAB[A0102728.CPY]
Virus:W32/Gibe.C.worm No disinfected C:\_RESTORE\ARCHIVE\FS1869.CAB[A0103142.CPY]
Virus:W32/Gibe.C.worm No disinfected C:\_RESTORE\ARCHIVE\FS1975.CAB[A0108572.CPY]
Adware:Adware/WUpd No disinfected C:\_RESTORE\ARCHIVE\FS2115.CAB[A0114944.CPY]
Adware:Adware/WUpd No disinfected C:\_RESTORE\ARCHIVE\FS2115.CAB[A0114945.CPY]
Spyware:Spyware/Dyfuca No disinfected C:\_RESTORE\ARCHIVE\FS2124.CAB[A0115072.CPY]
Dialer:Dialer.Gen No disinfected C:\WINDOWS\SYSTEM\InstantPleasure-uninstall.exe
Adware:Adware/HuntBar No disinfected C:\NULL




this is from startdreck



StartDreck (build 2.1.7 public stable) - 2005-10-21 @ 18:15:36 (GMT +01:00)
Platform: Windows ME (Win 4.90.3000 )
Internet Explorer: 6.0.2800.1106
Logged in as default at OEMCOMPUTER

»Registry
»Run Keys
»Current User
»Run
*EPSON Stylus COLOR 480=C:\WINDOWS\SYSTEM\E_SICN03.EXE /A "C:\WINDOWS\SYSTEM\E_S51B3.TMP"
»RunOnce
»Default User
»Run
*EPSON Stylus COLOR 480=C:\WINDOWS\SYSTEM\E_SICN03.EXE /A "C:\WINDOWS\SYSTEM\E_S51B3.TMP"
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*PCHealth=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
*SystemTray=SysTray.Exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*NAV Agent=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
*REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
*LoadQM=loadqm.exe
*Zone Labs Client=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
*CreateCD=C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
»RunOnce
*Panda_cleaner_62908=C:\WINDOWS\SYSTEM\ACTIVESCAN\pavdr.exe 62908
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*SSDPSRV=C:\WINDOWS\SYSTEM\ssdpsrv.exe
**StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
*KB891711=C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Windows Setup - Applets/AppletsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - FAT32 Converter/PerUser_CVT_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf
+Windows Setup - Fonts/FontsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf
+Windows Setup - Home Networking Wizard/PerUser_HNW_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf
+PerUser_ICW_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4395}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Windows Movie Maker/PerUser_moviemaker
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf
+MSN-Migration/>PerUser_MSN_Clean
*StubPath=C:\WINDOWS\msnmgsr1.exe
+Power Policy Settings/{CA0A4247-44BE-11d1-A005-00805F8ABE06}
*StubPath=RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
+Windows Setup - System Information/PerUser_Msinfo
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - System Information/PerUser_Msinfo2
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf
+Windows Setup - Multimedia/MotownMmsysPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownAvivideoPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Messaging/PerUser_Base
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf
+CDSAMPLE/SamplerPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf
+Windows Setup - Shell/ShellPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf
+Windows Setup - Color Schemes/Shell2PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf
+Windows Setup - Start Menu/PerUser_winbase_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Start Menu/PerUser_winapps_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf
+Windows Setup - Links Bar/PerUser_LinkBar_URLs
*StubPath=C:\WINDOWS\COMMAND\sulfnbk.exe /L
+Windows Setup - Telephony Support/TapiPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf
+Windows Setup - Wordpad/PerUser_MSWordPad_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf
+Windows Setup - More Applets/PerUserOldLinks
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Sound Schemes/MmoptRegisterPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - CD Player/PerUser_CDPlayer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Online Services/OlsPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - The Microsoft Network/OlsMsnPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf
+System Restore/PerUser_PCHealth
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Windows Setup - Paint/PerUser_Paint_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - Calculator/PerUser_Calc_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf
+Windows Setup - DriveSpace/PerUser_dxxspace_Links
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf
+Windows Setup - Accessibility/PerUser_Enable_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf
+Windows Setup - Classic Games/PerUser_Wingames_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Internet Games/PerUser_ZoneGame_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Plus! Games/PerUser_PBGame_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf
+Windows Setup - Multimedia/MotownRecPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Volume Control/PerUser_Vol
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Multimedia/MotownMPlayPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf
+Windows Setup - Dial-Up Networking/PerUser_RNA_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf
+Windows Setup - System Monitor/PerUser_Sysmon_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - System Meter/PerUser_Sysmeter_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Netwatch/PerUser_netwatch_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Character Map/PerUser_CharMap_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - HyperTerminal/PerUser_Onlinelnks_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Phone Dialer/PerUser_Dialer_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf
+Windows Setup - Clipboard Viewer/PerUser_ClipBrd_Inis
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf
+Windows Setup - Sound Schemes/MmoptMusicaPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptJunglePerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptRobotzPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf
+Windows Setup - Sound Schemes/MmoptUtopiaPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath=rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
+Windows Setup - America Online/OlsAolPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - AT&T WorldNet Service/OlsAttPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Prodigy Internet/OlsProdigyPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Earthlink Internet/OlsEarthlinkPerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf
+Windows Setup - Shell Cursors/Shell3PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf
+Windows Setup -- Themes/Theme_MoreWindows_PerUser
*StubPath=rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
+Internet Explorer 6 SP1/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=C:\WINDOWS\SYSTEM\ie4uinit.exe
+Browser Customizations/>{FD3F5707-4F67-40E2-9B2A-8495121A373F}
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
»Browser Helper Objects (LM)
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.wanadoo.co.uk/
*Window Title=Microsoft Internet Explorer provided by Wanadoo
+SearchUrl
*Provider=yaho
*(Default)=frsv
*=http://home.microsoft.com/access/autosearch.asp?p=%s
* =+
*&=%26
*+=%2B
*#=%23
*?=%3F
*==%3D
»Default User
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.wanadoo.co.uk/
*Window Title=Microsoft Internet Explorer provided by Wanadoo
+SearchUrl
*Provider=yaho
*(Default)=frsv
*=http://home.microsoft.com/access/autosearch.asp?p=%s
* =+
*&=%26
*+=%2B
*#=%23
*?=%3F
*==%3D
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd,ie&pver,5.5&ar,msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1}
`InprocServer32=C:\WINDOWS\SYSTEM\UPNPUI.DLL
*AUHook={BCBCD383-3E06-11D3-91A9-00C04F68105C}
`InprocServer32=C:\WINDOWS\SYSTEM\AUHOOK.DLL
»Special NT Values
»Current User
*Load=
*Run=
*Programs=
*SHELL=
»Default User
*Load=
*Run=
*Programs=
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=
*Userinit=
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Corel Print Office Registration.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Exif Launcher.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\EPSON Status Monitor 3 Environment Check.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Bandwidth Meter.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Corel Print Office Registration.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Exif Launcher.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\EPSON Status Monitor 3 Environment Check.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\Bandwidth Meter.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=hpfsched
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\WINDOWS\msdos.sys
`;sys
*C:\msdos.sys
`;sys
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
`[Options]
`BootMulti=1
`BootGUI=1
`AutoScan=1
`WinVer=4.90.3000
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
*C:\config.sys
*C:\autoexec.bat
`SET windir=C:\WINDOWS
`SET winbootdir=C:\WINDOWS
`SET COMSPEC=C:\WINDOWS\COMMAND.COM
`SET PATH=C:\WINDOWS\TEMP;C:\WINDOWS;C:\WINDOWS\COMMAND
`SET PROMPT=$p$g
`SET TEMP=C:\WINDOWS\TEMP
`SET TMP=C:\WINDOWS\TEMP
`SET TVDUMPFLAGS=8
*C:\WINDOWS\wininit.ini
`[rename]
`NUL=C:\_RESTORE\TEMP\A0147404.CPY
*C:\WINDOWS\wininit.bak
`[Rename]
`NUL=C:\WINDOWS\TEMP\OLD60C3.TMP
`NUL=C:\WINDOWS\TEMP\OLD60C1.TMP
`C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\SET61F4.TMP
`C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\SET6205.TMP
`C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\SET6215.TMP
`C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\SET6222.TMP
`C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\SET6231.TMP
*C:\WINDOWS\winstart.bat
`@C:\WINDOWS\tmpcpyis.bat
*C:\WINDOWS\dosstart.bat
`@echo off
*C:\WINDOWS\command\cmdinit.bat
`@echo off
`doskey /insert > nul
»Program Files
*C:\io.sys
*C:\WINDOWS\io.sys
*C:\WINDOWS\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\command.com
*C:\WINDOWS\command.PIF
*C:\WINDOWS\COMMAND.COM
»System/Drivers
»Running Processes
+FFCF0BA1=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*C:\WINDOWS\SYSTEM\I81X329X.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
+FFFF4015=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFE001=C:\WINDOWS\SYSTEM\mmtask.tsk
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFDA45=C:\WINDOWS\SYSTEM\MPREXE.EXE
*C:\WINDOWS\SYSTEM\MSNP32.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MPRSERV.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE35E9=C:\WINDOWS\SYSTEM\MSTASK.EXE
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSIDLE.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFE751D=C:\WINDOWS\SYSTEM\SSDPSRV.EXE
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEA761=C:\WINDOWS\SYSTEM\STIMON.EXE
*C:\WINDOWS\SYSTEM\AGUSBSTI.DLL
*C:\WINDOWS\SYSTEM\MSVCIRT.DLL
*C:\WINDOWS\SYSTEM\WIASERVC.DLL
*C:\WINDOWS\SYSTEM\MSCMS.DLL
*C:\WINDOWS\SYSTEM\STI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\IPROP.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFEF6D5=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\CAMUPD.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\QRSRECL.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\SRESCAN.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\ZLSRE.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\SCHEDULER.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\QRBASE.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\ZLQUARANTINE.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\VSVAULT.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\VSRULEDB.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\VSDB.DLL
*C:\WINDOWS\SYSTEM\VSXML.DLL
*C:\WINDOWS\SYSTEM\ZLCOMMDB.DLL
*C:\WINDOWS\SYSTEM\ZLCOMM.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\SSLEAY32.DLL
*C:\WINDOWS\SYSTEM\VSUTIL.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\VSDATA.DLL
*C:\WINDOWS\SYSTEM\VSINIT.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\DBGHELP.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFD3601=C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFD60A1=C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\MSIDLE.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\SMGR.DLL
*C:\WINDOWS\SYSTEM\SFPDLL.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\ATRACE.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFDDC89=C:\WINDOWS\EXPLORER.EXE
*C:\WINDOWS\SYSTEM\IMGUTIL.DLL
*C:\WINDOWS\SYSTEM\WEBVW.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\WINDOWS\SYSTEM\SYNCUI.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVSHEXT.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL
*C:\WINDOWS\SYSTEM\ZIPFLDR.DLL
*C:\WINDOWS\SYSTEM\MSSHRUI.DLL
*C:\WINDOWS\SYSTEM\DUNZIP32.DLL
*C:\WINDOWS\SYSTEM\DZIP32.DLL
*C:\WINDOWS\SYSTEM\WIASHEXT.DLL
*C:\WINDOWS\SYSTEM\STI.DLL
*C:\WINDOWS\SYSTEM\IPROP.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\WIASTATD.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\BROWSELC.DLL
*C:\WINDOWS\SYSTEM\DOCPROP2.DLL
*C:\WINDOWS\SYSTEM\AVIFIL32.DLL
*C:\WINDOWS\SYSTEM\MSACM32.DLL
*C:\WINDOWS\SYSTEM\CRTDLL.DLL
*C:\WINDOWS\SYSTEM\MSVFW32.DLL
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\DCIMAN32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\ES.DLL
*C:\WINDOWS\SYSTEM\SENS.DLL
*C:\WINDOWS\SYSTEM\ESTIER2.DLL
*C:\WINDOWS\SYSTEM\ESSHARED.DLL
*C:\WINDOWS\SYSTEM\LINKINFO.DLL
*C:\WINDOWS\SYSTEM\SENSAPI.DLL
*C:\WINDOWS\SYSTEM\MSXML3.DLL
*C:\WINDOWS\SYSTEM\UPNP.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\SSDPAPI.DLL
*C:\WINDOWS\SYSTEM\AUHOOK.DLL
*C:\WINDOWS\SYSTEM\UPNPUI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\WEBCHECK.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\ACTXPRXY.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\MSI.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MYDOCS.DLL
*C:\WINDOWS\SYSTEM\BROWSEUI.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB31B9=C:\WINDOWS\TASKMON.EXE
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB1775=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*C:\WINDOWS\SYSTEM\WMI.DLL
*C:\WINDOWS\SYSTEM\BATMETER.DLL
*C:\WINDOWS\SYSTEM\POWRPROF.DLL
*C:\WINDOWS\SYSTEM\SETUPAPI.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\CFGMGR32.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\CABINET.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\LZ32.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB6D0D=C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
*C:\WINDOWS\SYSTEM\MSTASK.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFALERT.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\ATL.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVPROXY.DLL
*C:\WINDOWS\SYSTEM\MSVCP60.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\SYMREDIR.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\APWCMD9X.DLL
*C:\PROGRAM FILES\NORTON ANTIVIRUS\APWUTIL.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFB6675=C:\WINDOWS\SYSTEM\WMIEXE.EXE
*C:\WINDOWS\SYSTEM\WMICORE.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFBC995=C:\WINDOWS\LOADQM.EXE
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\PROGDL.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\QMGR.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFBDDA9=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\CAM.ZAP
*C:\WINDOWS\SYSTEM\ZONELABS\CAMUPD.DLL
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\IDLOCK.ZAP
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\PRIVACY.ZAP
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FILTER.ZAP
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FIREWALL.ZAP
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\EMAIL.ZAP
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ALERT.ZAP
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\SECURITY.ZAP
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\PROGRAMS.ZAP
*C:\WINDOWS\SYSTEM\VSXML.DLL
*C:\WINDOWS\SYSTEM\ZLCOMMDB.DLL
*C:\WINDOWS\SYSTEM\ZLCOMM.DLL
*C:\WINDOWS\SYSTEM\VSMONAPI.DLL
*C:\WINDOWS\SYSTEM\VSDATA.DLL
*C:\WINDOWS\SYSTEM\COMDLG32.DLL
*C:\PROGRAM FILES\ZONE LABS\ZONEALARM\FRAMEWRK.DLL
*C:\WINDOWS\SYSTEM\VSPUBAPI.DLL
*C:\WINDOWS\SYSTEM\VSUTIL.DLL
*C:\WINDOWS\SYSTEM\VSINIT.DLL
*C:\WINDOWS\SYSTEM\ZONELABS\DBGHELP.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFA6121=C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
*C:\WINDOWS\SYSTEM\MSLS31.DLL
*C:\WINDOWS\SYSTEM\JSCRIPT.DLL
*C:\WINDOWS\SYSTEM\CRYPTNET.DLL
*C:\WINDOWS\SYSTEM\WLDAP32.DLL
*C:\WINDOWS\SYSTEM\RSAENH.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRBLOCK.DLL
*C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SCRIPT BLOCKING\SCRAUTH.DLL
*C:\WINDOWS\SYSTEM\IMM32.DLL
*C:\WINDOWS\SYSTEM\MSHTML.DLL
*C:\WINDOWS\SYSTEM\MLANG.DLL
*C:\WINDOWS\SYSTEM\URLMON.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\SHDOCLC.DLL
*C:\WINDOWS\SYSTEM\WININET.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\SHDOCVW.DLL
*C:\WINDOWS\SYSTEM\CDRTC.DLL
*C:\WINDOWS\SYSTEM\CDRAL.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MFC42.DLL
*C:\WINDOWS\SYSTEM\MSVFW32.DLL
*C:\WINDOWS\SYSTEM\WOW32.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\DCIMAN32.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFAA8E9=C:\WINDOWS\SYSTEM\E_SICN03.EXE
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFA8441=C:\PROGRAM FILES\COREL\PRINT OFFICE 2000\REGISTER\REMIND32.EXE
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFAFE01=C:\WINDOWS\SYSTEM\SPOOL32.EXE
*C:\WINDOWS\SYSTEM\MSPP32.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\EPIPPJ30.DLL
*C:\WINDOWS\SYSTEM\SYSFMON.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\E_SLM037.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\WINTRUST.DLL
*C:\WINDOWS\SYSTEM\IMAGEHLP.DLL
*C:\WINDOWS\SYSTEM\CRYPT32.DLL
*C:\WINDOWS\SYSTEM\MSASN1.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USBMON.DLL
*C:\WINDOWS\SYSTEM\MSVCRT40.DLL
*C:\WINDOWS\SYSTEM\SPOOLSS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFF92C59=C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\WINSPOOL.DRV
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFF95B0D=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
*C:\WINDOWS\SYSTEM\RICHED20.DLL
*C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSO97.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFF9DD19=C:\PROGRAM FILES\BANDWIDTHMETER\BANDWIDTHMETER.EXE
*C:\WINDOWS\SYSTEM\RNR20.DLL
*C:\WINDOWS\SYSTEM\SHELL32.DLL
*C:\WINDOWS\SYSTEM\SHLWAPI.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\IPHLPAPI.DLL
*C:\WINDOWS\SYSTEM\MSAFD.DLL
*C:\WINDOWS\SYSTEM\DHCPCSVC.DLL
*C:\WINDOWS\SYSTEM\ICMP.DLL
*C:\WINDOWS\SYSTEM\WS2_32.DLL
*C:\WINDOWS\SYSTEM\RASAPI32.DLL
*C:\WINDOWS\SYSTEM\WSOCK32.DLL
*C:\WINDOWS\SYSTEM\MSWSOCK.DLL
*C:\WINDOWS\SYSTEM\SECUR32.DLL
*C:\WINDOWS\SYSTEM\SVRAPI.DLL
*C:\WINDOWS\SYSTEM\MSNET32.DLL
*C:\WINDOWS\SYSTEM\MSPWL32.DLL
*C:\WINDOWS\SYSTEM\TAPI32.DLL
*C:\WINDOWS\SYSTEM\RPCRT4.DLL
*C:\WINDOWS\SYSTEM\NETAPI32.DLL
*C:\WINDOWS\SYSTEM\NETBIOS.DLL
*C:\WINDOWS\SYSTEM\MPR.DLL
*C:\WINDOWS\SYSTEM\WS2HELP.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\MSVCRT.DLL
*C:\WINDOWS\SYSTEM\COMCTL32.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FA6FA0E9=C:\WINDOWS\SYSTEM\DDHELP.EXE
*C:\WINDOWS\SYSTEM\I81XDD.DLL
*C:\WINDOWS\SYSTEM\DDRAW.DLL
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\WINDOWS\SYSTEM\NTDLL.DLL
*C:\WINDOWS\SYSTEM\WINMM.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFF64101=C:\MY DOCUMENTS\NEW FOLDER\STARTDRECK.EXE
*C:\WINDOWS\SYSTEM\VERSION.DLL
*C:\MY DOCUMENTS\NEW FOLDER\VB4DE32.DLL
*C:\MY DOCUMENTS\NEW FOLDER\VB40032.DLL
*C:\WINDOWS\SYSTEM\OLEPRO32.DLL
*C:\WINDOWS\SYSTEM\OLEAUT32.DLL
*C:\WINDOWS\SYSTEM\OLE32.DLL
*C:\WINDOWS\SYSTEM\MSVCRT20.DLL
*C:\WINDOWS\SYSTEM\USER32.DLL
*C:\WINDOWS\SYSTEM\GDI32.DLL
*C:\WINDOWS\SYSTEM\ADVAPI32.DLL
*C:\WINDOWS\SYSTEM\KERNEL32.DLL
»VMM32Files (LM)
*vdd.vxd=
*vflatd.vxd=
*biosxlat.vxd=
*combuff.vxd=
*configmg.vxd=
*dosmgr.vxd=
*dynapage.vxd=
*ebios.vxd=
*ifsmgr.vxd=
*int13.vxd=
*ios.vxd=
*mtrr.vxd=
*ntkern.vxd=
*pageswap.vxd=
*parity.vxd=
*perf.vxd=
*reboot.vxd=
*shell.vxd=
*spooler.vxd=
*udf.vxd=
*v86mmgr.vxd=
*vcache.vxd=
*vcd.vxd=
*vcdfsd.vxd=
*vcomm.vxd=
*vcond.vxd=
*vdef.vxd=
*vdmad.vxd=
*vfat.vxd=
*vfbackup.vxd=
*vkd.vxd=
*vmcpd.vxd=
*vmouse.vxd=
*vmpoll.vxd=
*vpd.vxd=
*vpicd.vxd=
*vpowerd.vxd=
*vsd.vxd=
*vtd.vxd=
*vtdapi.vxd=
*vwin32.vxd=
*vxdldr.vxd=
*vxdmon.vxd=
*enable.vxd=
»%System%\VMM32
*C:\WINDOWS\SYSTEM\VMM32\MRCI2.VXD
»%System%\IOSUBSYS
*C:\WINDOWS\SYSTEM\IoSubSys\BIGMEM.DRV
*C:\WINDOWS\SYSTEM\IoSubSys\ESDI_506.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\HSFLOP.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\RMM.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\SCSIPORT.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\APIX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\ATAPCHNG.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDFS.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\CDVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKTSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DISKVSD.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\NECATAPI.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\SCSI1HLP.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\TORISAN3.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\VOLTRACK.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\DRVSPACX.VXD
*C:\WINDOWS\SYSTEM\IoSubSys\Acbhlpr.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\cdralvsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\cdr4vsd.vxd
*C:\WINDOWS\SYSTEM\IoSubSys\USBMPHLP.PDR
*C:\WINDOWS\SYSTEM\IoSubSys\SMARTVSD.VXD
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
*C:\Program Files\Microsoft Office\Office\STARTUP\MSCREATE.DIR
»Default User
*C:\Program Files\Microsoft Office\Office\STARTUP\MSCREATE.DIR
»Local Machine
»ICQ NetDetect
»Current User
»Default User
 
C:\WINDOWS\SYSTEM\InstantPleasure-uninstall.exe <--delete that file

C:\NULL <--delete that folder

C:\PROGRAM FILES\Media Pass <--delete that folder

You also need to clean out your TEMP folders....

Download and install Cleanup but DO NOT run it yet!

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Other then that...the log is clean. Your only other entrys are in the restore folders. To clean those....

Windows ME
===============
  • Click the Start tab.
  • Select the Settings option.
  • Select the Control Panel option.
  • Double Click the System icon Performance tab option.
  • Select File System
  • Select the Troubleshooting tab
  • Check the Disable System Restore box
  • Click Apply to confirm.
  • Click OK.

Reboot the PC and repeat the above procedure again
When you get to this option
  • Uncheck the Disable System Restore box

For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.

  • Click the Start button.
  • Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
  • Choose Create a restore point, and then click Next.
  • In the Restore point description box, type a name for your restore point, and then click Next.
    Click OK
 
Thats got rid of a few nastys, I'll see how it go's from now on.

Thanks for all the help.
 
Thats got rid of a few nastys, I'll see how it go's from now on.

Thanks for all the help.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom