Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

multiple iexplore.exe causing errors on startup


  • Please log in to reply

#16
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{16563B7C-7144-40C0-B419-CE910BB05217}] DATAGRAM 9 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6C9042B1-601F-41F6-A67A-5ABA77EB73AB}] SEQPACKET 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6C9042B1-601F-41F6-A67A-5ABA77EB73AB}] DATAGRAM 6 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A1BB1F8-18F4-46C2-8132-A389B22709A5}] SEQPACKET 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A1BB1F8-18F4-46C2-8132-A389B22709A5}] DATAGRAM 3 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9D63DE-CC37-4C67-A86C-AEDA5049E7D1}] SEQPACKET 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2E9D63DE-CC37-4C67-A86C-AEDA5049E7D1}] DATAGRAM 0 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A76E89C-6022-4046-8E32-AF06C78EA63E}] SEQPACKET 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A76E89C-6022-4046-8E32-AF06C78EA63E}] DATAGRAM 5 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{52723598-B622-4ECD-9673-0201080F0D78}] SEQPACKET 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{52723598-B622-4ECD-9673-0201080F0D78}] DATAGRAM 4 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9AB64B5-6508-4A7D-9325-CBCCA2A6CE8D}] SEQPACKET 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9AB64B5-6508-4A7D-9325-CBCCA2A6CE8D}] DATAGRAM 1 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{79702C98-414A-4E97-8EBD-89F4A085FB79}] SEQPACKET 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{79702C98-414A-4E97-8EBD-89F4A085FB79}] DATAGRAM 2 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA036A1C-400D-4304-A8F6-E594695FC8DB}] SEQPACKET 7 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA036A1C-400D-4304-A8F6-E594695FC8DB}] DATAGRAM 7 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{24D814EA-F342-4D85-B038-83022CDC224A}] SEQPACKET 8 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll
MSAFD NetBIOS [\Device\NetBT_Tcpip_{24D814EA-F342-4D85-B038-83022CDC224A}] DATAGRAM 8 - {8D5F1830-C273-11CF-95C8-00805F48A192} - C:\WINDOWS\system32\mswsock.dll

[Namespace Providers (4)]
Tcpip - {22059D40-7E9E-11CF-AE5A-00AA00A7112B} - C:\WINDOWS\System32\mswsock.dll
NTDS - {3B2637EE-E580-11CF-A555-00C04FD8D4AC} - C:\WINDOWS\System32\winrnr.dll
Network Location Awareness (NLA) Namespace - {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} - C:\WINDOWS\System32\mswsock.dll
Bluetooth Namespace - {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D} - C:\WINDOWS\system32\wshbth.dll

--------------------

Hijack points:

[Reset web settings URLs]
SearchAssistant =
CustomizeSearch =
START_PAGE_URL =
SEARCH_PAGE_URL =
MS_START_PAGE_URL =

[Internet Explorer URLs]
* This user *
- Internet Explorer\Main (4)
Local Page = C:\WINDOWS\system32\blank.htm
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page = http://www.sfgate.com/weather/

- Internet Explorer\SearchURL (1)
(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR

* All users *
- Internet Explorer\Main (5)
Default_Page_Url = http://www.microsoft...p...&ar=msnhome
Default_Search_Url = http://www.microsoft...amp;ar=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft...amp;ar=iesearch
Start Page = http://www.microsoft...p...ER}&ar=home

- Internet Explorer\Search (2)
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
SearchAssistant = http://www.google.com/ie

- Internet Explorer\AboutURLs (6)
blank = res://mshtml.dll/blank.htm
DesktopItemNavigationFailure = res://shdoclc.dll/navcancl.htm
NavigationCanceled = res://shdoclc.dll/navcancl.htm
NavigationFailure = res://shdoclc.dll/navcancl.htm
OfflineInformation = res://shdoclc.dll/offcancl.htm
PostNotCached = res://mshtml.dll/repost.htm



[Default URL prefixes]
default = http://
ftp = ftp://
gopher = gopher://
home = http://
mosaic = http://
www = http://

[Hosts file location]
DatabasePath = C:\WINDOWS\System32\drivers\etc\hosts

--------------------

Protection & disabled items:

[Hosts file (1)]
* 127.0.0.1 *
localhost


[ActiveX killbits (146)]
&Address - {01E04581-4EEE-11d0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll
&Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
(no name) - {083863F1-70DE-11d0-BD40-00A0C911CE86} - C:\WINDOWS\System32\devenum.dll
(no name) - {283807b8-2c60-11d0-a31d-00aa00b92c03} - C:\WINDOWS\system32\danim.dll
(no name) - {542FB453-5003-11CF-92A2-00AA00B8A733} - C:\WINDOWS\system32\danim.dll
(no name) - {5DFB2651-9668-11D0-B17B-00C04FC2A0CA} - C:\WINDOWS\system32\danim.dll
(no name) - {b4b3aecb-dfd6-11d1-9daa-00805f85cfe3} - C:\WINDOWS\system32\CLBCatQ.DLL
(no name) - {e846f0a0-d367-11d1-8286-00a0c9231c29} - C:\WINDOWS\System32\clbcatex.dll
9x8Resize - {BC0D69A8-0923-4EEE-9375-9239F5A38B92} - C:\Program Files\Movie Maker\wmm2filt.dll
ACM Class Manager - {33d9a761-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
ActiveXPlugin Object - {06DD38D3-D187-11CF-A80D-00C04FD74AD8} - C:\WINDOWS\System32\plugin.ocx
ADODB.Stream - {00000566-0000-0010-8000-00AA006D2EA4} - C:\Program Files\Common Files\System\ado\msado15.dll
AEPlugIn Class - {E8C31D11-6FD2-4659-AD75-155FA143F42B} - C:\Program Files\Movie Maker\wmm2ae.dll
Allocator Fix - {C0D076C5-E4C6-4561-8BF4-80DA8DB819D7} - C:\Program Files\Movie Maker\wmm2filt.dll
AsyncMHandler Class - {3DA2AA3E-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx
Bitmap - {4F3E50BD-A9D7-4721-B0E1-00CB42A0A747} - C:\Program Files\Movie Maker\wmm2filt.dll
Briefcase - {85bbd920-42a0-1069-a2e4-08002b30309d} - syncui.dll
CEnroll Class - {43F8F289-7A20-11D0-8F06-00C04FC295E1} - C:\WINDOWS\system32\xenroll.dll
cfw Class - {ecabafc0-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
CLSID_ApprenticeICW - {8ee42293-c315-11d0-8d6f-00a0c9a06e1f} - C:\WINDOWS\System32\inetcfg.dll
CLSID_CCommAcctImport - {1aa06ba1-0e88-11d1-8391-00c04fbd7c09} - C:\WINDOWS\System32\msoeacct.dll
CLSID_CDIDeviceActionConfigPage - {18ab439e-fcf4-40d4-90da-f79baa3b0655} - C:\WINDOWS\System32\diactfrm.dll
CommunicationManager - {67dcc487-aa48-11d1-8f4f-00c04fb611c7} - C:\WINDOWS\System32\msdtctm.dll
DirectControl Class - {39A2C2A6-4778-11D2-9BDB-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx
DirectX Transform Wrapper Property Page - {1B544C24-FD0B-11CE-8C63-00AA0044B520} - C:\Program Files\Movie Maker\wmm2filt.dll
DiskManagement.Connection - {fd78d554-4c6e-11d0-970d-00a0c9191601} - C:\WINDOWS\System32\dmdskmgr.dll
Dutch_Dutch Stemmer - {860d28d0-8bf4-11ce-be59-00aa0051fe20} - infosoft.dll
English_UK Stemmer - {d99f7670-7f1a-11ce-be57-00aa0051fe20} - infosoft.dll
English_US Stemmer - {eeed4c20-7f1b-11ce-be57-00aa0051fe20} - infosoft.dll
Frame Eater - {6C68955E-F965-4249-8E18-F0977B1D2899} - C:\Program Files\Movie Maker\wmm2filt.dll
French_French Stemmer - {2a6eb050-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
FTP Folder Web View Automation - {210DA8A2-7445-11D1-91F7-006097DF5BD4} - C:\WINDOWS\System32\msieftp.dll
German_German Stemmer - {510a4910-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
H323MSP Class - {0F1BE7F8-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\System32\h323msp.dll
Helper Object for Java - {8e26bfc1-afd6-11cf-bffc-00aa003cfdfc} - C:\WINDOWS\system32\vmhelper.dll
HHCtrl Object - {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} - C:\WINDOWS\system32\hhctrl.ocx
HHCtrl Object - {ADB880A6-D8FF-11CF-9377-00AA003B7A11} - C:\WINDOWS\System32\hhctrl.ocx
IAVIStream & IAVIFile Proxy - {0002000D-0000-0000-C000-000000000046} - avifil32.dll
ICM Class Manager - {33d9a760-90c8-11d0-bd43-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
IndexServer Simple Command Creator - {c7b6c04a-cbb5-11d0-bb4c-00c04fc2f410} - C:\WINDOWS\System32\query.dll
InstallEngineCtl Object - {6E449683-C509-11CF-AAFA-00AA00B6015C} - C:\WINDOWS\System32\asctrls.ocx
IPConfMSP Class - {0F1BE7F7-45CA-11D2-831F-00A0244D2298} - C:\WINDOWS\System32\confmsp.dll
Italian_Italian Stemmer - {6d36ce10-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
JVIEW Profiler - {03D9F3F2-B0E3-11D2-B081-006008039BF0} - C:\WINDOWS\system32\javaprxy.dll
LexRefStEsObject Class - {4CFB5280-800B-4367-848F-5A13EBF27F1D} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL
LexRefStFrObject Class - {B3E0E785-BD78-4366-9560-B7DABE2723BE} - C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL
LM Runtime Control - {183C259A-0480-11d1-87EA-00C04FC29D46} - C:\WINDOWS\System32\lmrt.dll
MarshalableTI Class - {466d66fa-9616-11d2-9342-0000f875ae17} - C:\WINDOWS\System32\msconf.dll
mbcontent Class - {52ca3bcf-3b9b-419e-a3d6-5d28c0b0b50c} - C:\WINDOWS\system32\browsewm.dll
Media Streaming Dynamic Terminal - {AED6483F-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\System32\termmgr.dll
MessageMover Class - {ecabb0bf-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Microsoft Agent Control 1.5 - {F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5} - C:\WINDOWS\msagent\agentctl.dll
Microsoft Common Browser Architecture - {AF604EFE-8897-11D1-B944-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
Microsoft DocHost User Interface Handler - {7057e952-bd1b-11d1-8919-00c04fc2c836} - C:\WINDOWS\system32\shdocvw.dll
Microsoft HTA Document 6.0 - {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Html Document for Popup Window - {3050F67D-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Html Popup Window - {3050f667-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\System32\mshtml.dll
Microsoft HTML Window Security Proxy - {3050F391-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
Microsoft Index Server Scope Administration Object - {3bc4f3a7-652a-11d1-b4d4-00c04fc2db8d} - C:\WINDOWS\system32\ciodm.dll
Microsoft Movie Maker Age Filter - {ADEADEB8-E54B-11D1-9A72-0000F875EADE} - C:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MovieMaker Fade In Fade Out - {EC85D8F1-1C4E-46E4-A748-7AA04E7C0496} - C:\Program Files\Movie Maker\wmm2fxa.dll
Microsoft MPEG-4 Video Decompressor Property page - {598eba02-b49a-11d2-a1c1-00609778ea66} - C:\WINDOWS\System32\mpg4ds32.ax
Microsoft MS Audio Decompressor Control Property page - {8FE7E181-BB96-11D2-A1CB-00609778EA66} - C:\WINDOWS\System32\msadds32.ax
Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\System32\wmpdxm.dll
Microsoft WBEM Event Subsystem - {5d08b586-343a-11d0-ad46-00c04fd8fdff} - C:\WINDOWS\System32\wbem\wbemess.dll
MidiOut Class Manager - {4efe2452-168a-11d1-bc76-00c04fb9453b} - C:\WINDOWS\System32\devenum.dll
MMStream Class - {49C47CE5-9BA4-11D0-8212-00C04FC32C45} - C:\WINDOWS\System32\amstream.dll
Movie Maker Special Effect 1 Input - {B4DC8DD9-2CC1-4081-9B2B-20D7030234EF} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect 2 Inputs - {C63344D8-70D3-4032-9B32-7A3CAD5091A5} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Special Effect Inplace 1 Input - {353359C1-39E1-491b-9951-464FD8AB071C} - C:\Program Files\Movie Maker\wmm2fxa.dll
Movie Maker Video Adjustments - {5A20FD6F-F8FE-4A22-9EE7-307D72D09E6E} - C:\Program Files\Movie Maker\wmm2fxa.dll
MSP Class - {4DDB6D36-3BC1-11D2-86F2-006008B0E5D2} - C:\WINDOWS\System32\wavemsp.dll
MTSEvents Class - {ecabb0ab-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Multimedia File Property Sheet - {00022613-0000-0000-c000-000000000046} - mmsys.cpl
NDFXArtEffects - {E673DCF2-C316-4C6F-AA96-4E4DC6DC291E} - C:\Program Files\Movie Maker\wmm2fxb.dll
Network Connections - {7007acc7-3202-11d1-aad2-00805fc1270e} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections - {992cffa0-f557-101a-88ec-00dd010ccc48} - C:\WINDOWS\system32\NETSHELL.dll
Network Connections Tray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINDOWS\system32\NETSHELL.dll
Outlook Express Address Book - {233A9694-667E-11D1-9DFB-006097D50408} - %ProgramFiles%\Outlook Express\msoe.dll
Outlook Progress Ctl - {0006F071-0000-0000-C000-000000000046} - C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
PostBootReminder object - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll
PSDispatch - {00020420-0000-0000-c000-000000000046} - oleaut32.dll
PSEnumVariant - {00020421-0000-0000-C000-000000000046} - oleaut32.dll
PSOAInterface - {00020424-0000-0000-c000-000000000046} - oleaut32.dll
PSSupportErrorInfo - {DF0B3D60-548F-101B-8E65-08002B2BD119} - oleaut32.dll
PSTypeComp - {00020425-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeInfo - {00020422-0000-0000-C000-000000000046} - oleaut32.dll
PSTypeLib - {00020423-0000-0000-C000-000000000046} - oleaut32.dll
Queued Components Recorder - {ecabafc2-7f19-11d2-978e-0000f8757e2a} - C:\WINDOWS\system32\comsvcs.dll
Record Queue - {5B4B05EB-1F63-446B-AAD1-E10A34D650E0} - C:\Program Files\Movie Maker\wmm2filt.dll
Redirect - {42B07B28-2280-4937-B035-0293FB812781} - C:\WINDOWS\System32\dxtmsft.dll
RegWizCtrl - {50E5E3D1-C07E-11D0-B9FD-00A0249F6B00} - C:\WINDOWS\System32\regwizc.dll
SafeWia Class - {0DAD5531-BF31-43AC-A513-1F8926BBF5EC} - C:\WINDOWS\System32\wiascr.dll
Script Encoder Object - {32DA2B15-CFED-11D1-B747-00C04FC2B085} - C:\WINDOWS\system32\scrrun.dll
SdpConferenceBlob Class - {9B2719DD-B696-11D0-A489-00C04FD91AC0} - C:\WINDOWS\System32\sdpblb.dll
Search Assistant Control - {47c6c527-6204-4f91-849d-66e234dee015} - c:\windows\srchasst\srchui.dll
ShellFolder for CD Burning - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll
Shortcut - {00021401-0000-0000-c000-000000000046} - shell32.dll
ShotDetect - {CFFB1FC7-270D-4986-B299-FECF3F0E42DB} - C:\Program Files\Movie Maker\wmm2filt.dll
Spanish_Modern Stemmer - {b0516ff0-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
Start Menu - {4622ad11-ff23-11d0-8d34-00a0c90f2719} - C:\WINDOWS\system32\SHELL32.dll
Stetch - {F44BB2D0-F070-463E-9433-B0CCF3CFD627} - C:\Program Files\Movie Maker\wmm2filt.dll
Swedish_Default Stemmer - {9478f640-7f1c-11ce-be57-00aa0051fe20} - infosoft.dll
System Monitor Source Properties - {0CF32AA1-7571-11D0-93C4-00AA00A3DDEA} - C:\WINDOWS\System32\sysmon.ocx
SysTray - {35cec8a3-2be6-11d2-8773-92e220524153} - C:\WINDOWS\System32\stobject.dll
SysTrayInvoker - {730f6cdc-2c86-11d2-8773-92e220524153} - C:\WINDOWS\System32\stobject.dll
TipGW Init - {F117831B-C052-11d1-B1C0-00C04FC2F3EF} - C:\WINDOWS\System32\msdtctm.dll
Trident HTMLEditor - {3050f4f5-98b5-11cf-bb82-00aa00bdce0b} - C:\WINDOWS\System32\mshtmled.dll
VFW Capture Class Manager - {860bb310-5d01-11d0-bd3b-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
Video Effect (1 input) Class Manager - {cc7bfb42-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\System32\qedit.dll
Video Effect (2 input) Class Manager - {cc7bfb43-f175-11d1-a392-00e0291f3959} - C:\WINDOWS\System32\qedit.dll
Video Mixing Renderer 9 - {51b4abf3-748f-4e3b-a276-c828330e926a} - C:\WINDOWS\system32\quartz.dll
Video Render Dynamic Terminal - {AED6483E-3304-11D2-86F1-006008B0E5D2} - C:\WINDOWS\System32\termmgr.dll
VideoPort Object - {ce292861-fc88-11d0-9e69-00c04fd7c15b} - C:\WINDOWS\System32\qdvd.dll
VMR Allocator Presenter 9 - {2d2e24cb-0cd5-458f-86ea-3e6fa22c8e64} - C:\WINDOWS\system32\quartz.dll
VMR ImageSync 9 - {e4979309-7a32-495e-8a92-7b014aad4961} - C:\WINDOWS\system32\quartz.dll
WaveIn Class Manager - {33D9A762-90C8-11d0-BD43-00A0C911CE86} - C:\WINDOWS\System32\devenum.dll
WaveOut and DSound Class Manager - {e0f158e1-cb04-11d0-bd4e-00a0c911ce86} - C:\WINDOWS\System32\devenum.dll
Wbem Scripting Object Path - {172BDDF8-CEEA-11D1-8B05-00600806D9B6} - C:\WINDOWS\System32\wbem\wbemdisp.dll
WDM Instance Provider - {d2d588b5-d081-11d0-99e0-00c04fc2f8ec} - C:\WINDOWS\System32\wbem\wmiprov.dll
WIA FileSystem USD - {d2923b86-15f1-46ff-a19a-de825f919576} - C:\WINDOWS\System32\fsusd.dll
WIA Video Preview Class - {457A23DF-6F2A-4684-91D0-317FB768D87C} - C:\WINDOWS\System32\camocx.dll
Windows Media Video Decompressor Property page - {9AADA567-04E0-11D4-9148-00C04F610D24} - C:\WINDOWS\System32\wmv8ds32.ax
WM Color Converter Filter - {CC45B0B0-72D8-4652-AE5F-5E3E266BE7ED} - C:\Program Files\Movie Maker\wmm2filt.dll
WM TV Out Smooth Picture Filter - {41D2B841-7692-4C83-AFD3-F60E845341AF} - C:\Program Files\Movie Maker\wmm2filt.dll
WM VIH2 Fix - {586FB486-5560-4FF3-96DF-1118C96AF456} - C:\Program Files\Movie Maker\wmm2filt.dll
WMI ADSI Extension - {f0975afe-5c7f-11d2-8b74-00104b2afb41} - C:\WINDOWS\System32\wbem\wbemads.dll
WMT Audio Analyzer - {1CB1623E-BBEC-4E8D-B2DF-DC08C6F4627C} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Black Frame Generator - {2EA10031-0033-450E-8072-E27D9E768142} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Filter - {C8F209F8-480E-454C-94A4-5392D88EBA0F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DeInterlace Prop Page - {A2EDA89A-0966-4B91-9C18-AB69F098187F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DirectX Transform Wrapper - {AECF5D2E-7A18-4DD2-BDCD-29B6F615B448} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT DV Extract Filter - {E476CBFF-E229-4524-B6B7-228A3129D1C7} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion - {2D20D4BB-B47E-4FB7-83BD-E3C2EE250D26} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT FormatConversion Prop Page - {E188F7A3-A04E-413E-99D1-D79A45F70305} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Import Filter - {4D4C9FEF-ED80-47EA-A3FA-3215FDBB33AB} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Interlacer - {C6CB1FE3-B05E-4F0E-818F-C83ED5A0332F} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Log Filter - {92883667-E95C-443D-AC96-4CACA27BEB6E} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT MuxDeMux Filter - {01002B17-5D93-4551-81E4-831FEF780A53} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Sample Info Filter - {7F1232EE-44D7-4494-AB8B-CC61B10E21A5} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen capture Filter - {31087270-d348-432c-899e-2d2f38ff29a0} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Screen Capture Filter Task Page - {679E132F-561B-42F8-846C-A70DBDC62999} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Switch Filter - {EF105BC3-C064-45F1-AD53-6D8A8578D01B} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Renderer - {930FD02C-BBE7-4EB9-91CF-FC45CC91E3E6} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Virtual Source - {C44C65C7-FDF1-453D-89A5-BCC28F5D69F9} - C:\Program Files\Movie Maker\wmm2filt.dll
WMT Volume - {EFEE43D6-BFE5-44B0-8063-AC3B2966AB2C} - C:\Program Files\Movie Maker\wmm2filt.dll

[Zones]
* This user *
- Trusted sites (1)
labcrm



[Stopped/disabled NT Services]
* Stopped (51) *
.NET Runtime Optimization Service v2.0.50727_X86 = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Application Layer Gateway Service = C:\WINDOWS\System32\alg.exe
Application Management = C:\WINDOWS\system32\svchost.exe -k netsvcs
ASP.NET State Service = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Background Intelligent Transfer Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ Event System = C:\WINDOWS\System32\svchost.exe -k netsvcs
COM+ System Application = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Distributed Transaction Coordinator = C:\WINDOWS\system32\msdtc.exe
Fast User Switching Compatibility = C:\WINDOWS\System32\svchost.exe -k netsvcs
HTTP SSL = C:\WINDOWS\System32\svchost.exe -k HTTPFilter
IMAPI CD-Burning COM Service = C:\WINDOWS\System32\imapi.exe
InstallDriver Table Manager = "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Logical Disk Manager Administrative Service = C:\WINDOWS\System32\dmadmin.exe /com
Microsoft Office Diagnostics Service = "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
MS Software Shadow Copy Provider = C:\WINDOWS\System32\dllhost.exe /Processid:{33C6EFEE-DB38-4788-9DB6-96750DAAE2C2}
NetMeeting Remote Desktop Sharing = C:\WINDOWS\System32\mnmsrvc.exe
Network Connections = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Location Awareness (NLA) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network Provisioning Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
NT LM Security Support Provider = C:\WINDOWS\System32\lsass.exe
Office Source Engine = "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Performance Logs and Alerts = C:\WINDOWS\system32\smlogsvc.exe
Portable Media Serial Number Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
QoS RSVP = C:\WINDOWS\System32\rsvp.exe
Remote Access Auto Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Access Connection Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Remote Desktop Help Session Manager = C:\WINDOWS\system32\sessmgr.exe
Remote Procedure Call (RPC) Locator = C:\WINDOWS\System32\locator.exe
Removable Storage = C:\WINDOWS\system32\svchost.exe -k netsvcs
Smart Card = C:\WINDOWS\System32\SCardSvr.exe
SQL Server (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
SQL Server Agent (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER
SQL Server Analysis Services (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Config"
SQL Server FullText Search (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER
SQL Server Integration Services = "C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe"
SQL Server Reporting Services (MSSQLSERVER) = "C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe"
SQL Server VSS Writer = "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
SSDP Discovery Service = C:\WINDOWS\System32\svchost.exe -k LocalService
Telephony = C:\WINDOWS\System32\svchost.exe -k netsvcs
Telnet = C:\WINDOWS\System32\tlntsvr.exe
Terminal Services = C:\WINDOWS\System32\svchost -k DComLaunch
Uninterruptible Power Supply = C:\WINDOWS\System32\ups.exe
Universal Plug and Play Device Host = C:\WINDOWS\System32\svchost.exe -k LocalService
Virtual Machine Helper = "C:\Program Files\Microsoft Virtual Server\vmh.exe" -service
Virtual Server = "C:\Program Files\Microsoft Virtual Server\vssrvc.exe"
Volume Shadow Copy = C:\WINDOWS\System32\vssvc.exe
Windows Image Acquisition (WIA) = C:\WINDOWS\System32\svchost.exe -k imgsvc
Windows Installer = C:\WINDOWS\system32\msiexec.exe /V
Windows Management Instrumentation Driver Extensions = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Media Connect Service = C:\Program Files\Windows Media Connect 2\wmccds.exe
WMI Performance Adapter = C:\WINDOWS\System32\wbem\wmiapsrv.exe

* Stopped & disabled (9) *
Alerter = C:\WINDOWS\System32\svchost.exe -k LocalService
ClipBook = C:\WINDOWS\system32\clipsrv.exe
Messenger = C:\WINDOWS\System32\svchost.exe -k netsvcs
Network DDE = C:\WINDOWS\system32\netdde.exe
Network DDE DSDM = C:\WINDOWS\system32\netdde.exe
Routing and Remote Access = C:\WINDOWS\System32\svchost.exe -k netsvcs
SQL Server Active Directory Helper = "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"
SQL Server Browser = "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
Visual Studio 2005 Remote Debugger = "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80


[Windows XP Security]
* Security Center *
- This user
FirstRun = dword: 1

- All users
AntiVirusDisableNotify = dword: 0
FirewallDisableNotify = dword: 0
UpdatesDisableNotify = dword: 0
AntiVirusOverride = dword: 0
FirewallOverride = dword: 0

* System Restore *
- All users
DisableSR = dword: 0
CreateFirstRunRp = dword: 1
DSMin = dword: 200
DSMax = dword: 400
RPSessionInterval = dword: 0
RPGlobalInterval = dword: 86400
RPLifeInterval = dword: 7776000
CompressionBurst = dword: 60
TimerInterval = dword: 120
DiskPercent = dword: 12
ThawInterval = dword: 900
RestoreDiskSpaceError = dword: 0



==================================================
= Other users on this computer: Default user =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini
Microsoft Office OneNote 2003 Quick Launch.lnk

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Internet Explorer menu extensions (1):

E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q


==================================================
= Other users on this computer: LOCAL SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"


==================================================
= Other users on this computer: NETWORK SERVICE =
==================================================
--------------------

Autostart folders:

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = C:\WINDOWS\System32\logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"


==================================================
= Other users on this computer: SYSTEM =
==================================================
--------------------

Autostart folders:

[Startup]
desktop.ini
Microsoft Office OneNote 2003 Quick Launch.lnk

[User Startup]
desktop.ini

--------------------

IniMapping values:

User screensaver = logon.scr

--------------------

Policies:

[Alternate policies]
* Software\Microsoft\Windows\CurrentVersion\policies\Explorer (1) *
NoDriveTypeAutoRun = dword: 145


--------------------

Internet Explorer menu extensions (1):

E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

--------------------

Registry 'Run' keys:

[User Run]
Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q



==================================================
= Other hardware configurations: Last known good =
==================================================
--------------------

On-reboot actions:

BootExecute = autocheck autochk *

--------------------

Services:

[NT Services (53)]
Ati HotKey Poller = C:\WINDOWS\system32\Ati2evxx.exe
Automatic Updates = C:\WINDOWS\System32\svchost.exe -k netsvcs
Bluetooth Support Service = C:\WINDOWS\system32\svchost.exe -k bthsvcs
Computer Browser = C:\WINDOWS\System32\svchost.exe -k netsvcs
Cryptographic Services = C:\WINDOWS\system32\svchost.exe -k netsvcs
DCOM Server Process Launcher = C:\WINDOWS\system32\svchost -k DcomLaunch
DHCP Client = C:\WINDOWS\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client = C:\WINDOWS\system32\svchost.exe -k netsvcs
DNS Client = C:\WINDOWS\System32\svchost.exe -k NetworkService
Error Reporting Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Event Log = C:\WINDOWS\system32\services.exe
EvtEng = C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Help and Support = C:\WINDOWS\System32\svchost.exe -k netsvcs
HID Input Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
IIS Admin = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Indexing Service = C:\WINDOWS\System32\cisvc.exe
IPSEC Services = C:\WINDOWS\System32\lsass.exe
Logical Disk Manager = C:\WINDOWS\System32\svchost.exe -k netsvcs
Machine Debug Manager = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Net Logon = C:\WINDOWS\System32\lsass.exe
OfficeScanNT Listener = C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
OfficeScanNT Personal Firewall = C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
OfficeScanNT RealTime Scan = C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
PC Tools Spyware Doctor = C:\Program Files\Spyware Doctor\sdhelp.exe
Plug and Play = C:\WINDOWS\system32\services.exe
Print Spooler = C:\WINDOWS\system32\spoolsv.exe
Protected Storage = C:\WINDOWS\system32\lsass.exe
RegSrvc = C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Remote Procedure Call (RPC) = C:\WINDOWS\system32\svchost -k rpcss
Remote Registry = C:\WINDOWS\system32\svchost.exe -k LocalService
Secondary Logon = C:\WINDOWS\System32\svchost.exe -k netsvcs
Security Accounts Manager = C:\WINDOWS\system32\lsass.exe
Security Center = C:\WINDOWS\System32\svchost.exe -k netsvcs
Server = C:\WINDOWS\System32\svchost.exe -k netsvcs
Shell Hardware Detection = C:\WINDOWS\System32\svchost.exe -k netsvcs
Simple Mail Transfer Protocol (SMTP) = C:\WINDOWS\system32\inetsrv\inetinfo.exe
Spectrum24 Event Monitor = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
System Event Notification = C:\WINDOWS\system32\svchost.exe -k netsvcs
System Restore Service = C:\WINDOWS\System32\svchost.exe -k netsvcs
Task Scheduler = C:\WINDOWS\System32\svchost.exe -k netsvcs
TCP/IP NetBIOS Helper = C:\WINDOWS\System32\svchost.exe -k LocalService
Themes = C:\WINDOWS\System32\svchost.exe -k netsvcs
WebClient = C:\WINDOWS\System32\svchost.exe -k LocalService
Windows Audio = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Firewall/Internet Connection Sharing (ICS) = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows Management Instrumentation = C:\WINDOWS\system32\svchost.exe -k netsvcs
Windows Search Service = C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Windows Time = C:\WINDOWS\System32\svchost.exe -k netsvcs
Windows User Mode Driver Framework = C:\WINDOWS\system32\wdfmgr.exe
Wireless Zero Configuration = C:\WINDOWS\System32\svchost.exe -k netsvcs
WLANKEEPER = C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Workstation = C:\WINDOWS\System32\svchost.exe -k netsvcs
World Wide Web Publishing = C:\WINDOWS\system32\inetsrv\inetinfo.exe

[VxD Services (1)]
JAVASUP = JAVASUP.VXD

[SafeBoot services (Minimal boot)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
sermouse.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
PCI Configuration
PNP Filter
Primary disk
SCSI Class
System Bus Extender

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AppMgmt
CryptSvc
DcomLaunch
dmadmin
dmserver
EventLog
HelpSvc
Netlogon
PlugPlay
RpcSs
SRService
vds
WinMgmt

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}

* Volume shadow copy *
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


[SafeBoot services (Minimal boot + network support)]
* CD-ROM Drive *
{4D36E965-E325-11CE-BFC1-08002BE10318}

* DiskDrive *
{4D36E967-E325-11CE-BFC1-08002BE10318}

* Driver *
dmboot.sys
dmio.sys
dmload.sys
ip6fw.sys
ipnat.sys
rdpcdd.sys
rdpdd.sys
rdpwd.sys
sermouse.sys
tdpipe.sys
tdtcp.sys
vga.sys
vgasave.sys

* Driver Group *
Base
Boot Bus Extender
Boot file system
File system
Filter
NDIS
NDIS Wrapper
NetBIOSGroup
NetDDEGroup
Network
NetworkProvider
PCI Configuration
PNP Filter
PNP_TDI
Primary disk
SCSI Class
Streams Drivers
System Bus Extender
TDI

* Floppy disk drive *
{4D36E980-E325-11CE-BFC1-08002BE10318}

* FSFilter System Recovery *
sr.sys

* Hdc *
{4D36E96A-E325-11CE-BFC1-08002BE10318}

* Human Interface Devices *
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}

* Keyboard *
{4D36E96B-E325-11CE-BFC1-08002BE10318}

* Mouse *
{4D36E96F-E325-11CE-BFC1-08002BE10318}

* Net *
{4D36E972-E325-11CE-BFC1-08002BE10318}

* NetClient *
{4D36E973-E325-11CE-BFC1-08002BE10318}

* NetService *
{4D36E974-E325-11CE-BFC1-08002BE10318}

* NetTrans *
{4D36E975-E325-11CE-BFC1-08002BE10318}

* PCMCIA Adapters *
{4D36E977-E325-11CE-BFC1-08002BE10318}

* SCSIAdapter *
{4D36E97B-E325-11CE-BFC1-08002BE10318}

* Service *
AFD
AppMgmt
Browser
CryptSvc
DcomLaunch
Dhcp
dmadmin
dmserver
DnsCache
EventLog
HelpSvc
LanmanServer
LanmanWorkstation
LmHosts
Messenger
Ndisuio
NetBIOS
NetBT
Netlogon
NetMan
NtLmSsp
PlugPlay
rdsessmgr
RpcSs
sharedaccess
SRService
Tcpip
termservice
UploadMgr
WinMgmt
WZCSVC

* Standard floppy disk controller *
{4D36E969-E325-11CE-BFC1-08002BE10318}

* System *
{4D36E97D-E325-11CE-BFC1-08002BE10318}

* Universal Serial Bus controllers *
{36FC9E60-C465-11CF-8056-444553540000}

* Volume *
{71A27CDD-812A-11D0-BEC7-08002BE2092F}


[SafeBoot: Alternate shell]
cmd.exe (not enabled)

--------------------

Driver filters:

[Class filters]
* Infrared devices *
- Upper filters
IRENUM.sys

* Storage volumes *
- Upper filters
VolSnap.sys

* Tape drives *
- Lower filters
drvmcdb.sys
PxHelp20.sys



[Device filters]
* Alps Touch Pad *
- Upper filters
ApfiltrService.sys

* Bluetooth Device (RFCOMM Protocol TDI) *
- Upper filters
BthEnum.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* CD-ROM Drive *
- Upper filters
redbook.sys

- Lower filters
imapi.sys

* Conexant D110 MDC V.92 Modem *
- Lower filters
HSFHWICH.sys
HSF_DPV.sys
winachsf.sys

* Direct Parallel *
- Lower filters
PtiLink.sys

* Microsoft USB Wheel Mouse Optical (IntelliPoint) *
- Upper filters
Point32.sys

* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys

* Microsoft USB Wireless Mouse (IntelliPoint) *
- Upper filters
Point32.sys

* Terminal Server Keyboard Driver *
- Upper filters
kbdclass.sys

* Terminal Server Mouse Driver *
- Upper filters
mouclass.sys

* WAN Miniport (IP) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPPOE) *
- Lower filters
NdisTapi.sys

* WAN Miniport (PPTP) *
- Lower filters
NdisTapi.sys



--------------------

Print monitors (8):

BJ Language Monitor - cnbjmon.dll
Local Port - localspl.dll
Microsoft Document Imaging Writer Monitor - mdimon.dll
Microsoft Office Live Meeting Document Writer Monitor - lmdimon.dll
PJL Language Monitor - pjlmon.dll
Standard TCP/IP Port - tcpmon.dll
Toshiba Bluetooth Monitor - tbtmon.dll
USB Monitor - usbmon.dll

--------------------

WOW compatibility:

cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

[KnownDlls (16-bit) (40)]
avicap.dll
avifile.dll
comm.drv
commdlg.dll
compobj.dll
ctl3dv2.dll
ddeml.dll
keyboard.drv
lanman.drv
mapi.dll
mciavi.drv
mciseq.drv
mciwave.drv
mmsystem.dll
mouse.drv
msacm.dll
msvideo.dll
netapi.dll
ole2.dll
ole2disp.dll
ole2nls.dll
olecli.dll
olesvr.dll
pmspl.dll
progman.exe
rasapi16.dll
shell.dll
sound.drv
storage.dll
system.drv
timer.drv
toolhelp.dll
typelib.dll
vga.drv
wfwnet.drv
win87em.dll
winoldap.mod
winsock.dll
winspool.exe
wowdeb.exe

[KnownDlls (32-bit) (20)]
advapi32.dll
comdlg32.dll
gdi32.dll
imagehlp.dll
kernel32.dll
lz32.dll
ole32.dll
oleaut32.dll
olecli32.dll
olecnv32.dll
olesvr32.dll
olethk32.dll
rpcrt4.dll
shell32.dll
url.dll
urlmon.dll
user32.dll
version.dll
wininet.dll
wldap32.dll


--------------------------------------------------
End of report, 191,789 bytes

Commandline options:
/showempty - Show empty sections
/showcmts - Show comments in .bat files
/noshowclsids - Hide class IDs
/noshowprivate - Hide usernames and computer name
/noshowusers - Hide entries from other users
/noshowhardware - Hide entries from other hardware configurations
/showlargehosts - Show hosts file even when more than 1000 lines are in it
/showlargezones - Show Zones even when more than 1000 domains are in them
/autosave - Run hidden, automatically save a report and quit
  • 0

Advertisements


#17
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
One file loaded in IE that I can't find any info about:
C:\Documents and Settings\pgratzinger\LOCAL Settings\Temp\t1157814530.dll

The filename might be random again, but have a look in that folder and if you find it upload it to the same thread at the Spykiller:
http://www.thespykil....php?topic=2533

Regards,
  • 0

#18
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Posted.

Thanks,
Peter
  • 0

#19
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Pieter,

We should be onto something with those files you had me post. I did a very simple thing - I deleted all the dll/exe pairs and rebooted. I could then see them being created in sync with the iexplore.exe instances in the Task Manager.

Thanks,
Peter
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hi Peter,

I'm going to fetch the file you uploaded, but can you explain with some more detail what you meant by that last post?
I'm not sure if I know what you mean.

Regards,
  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
After looking at the file you uploaded and doing some searching I found this:
http://www.siteexper....asp?d_id=19460

That person has the same problem and with the same cause, I think.

Please try one thing for me.

Install SpywareBlaster from:
http://www.javacools...sbdownload.html

Then update and apply the protection.

Next surf here:
http://www.wildersse...ead.php?t=13684
and follow the instructions there to add these custom blocks:
D6371653-42F0-42B8-A11D-B12A4A7475F8
FA531CC1-0497-11d3-A180-3333052276C3E


If you get the chance to upload one the .exe files you mentioned as well, that would be great.
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Sorry for the number of posts. I'm just making notes on my progress really. :whistling:

The file you uploaded is known by a few scanners:
AVG Anti Virus 7.1.30 Downloader.Agent.ETX
BitDefender 7.1 Trojan.Downloader.Agent.ASL
ClamAV 0.88/1844 Trojan.Killav-69
Dr. Web 4.33.0 Trojan.DownLoader.12489
NOD32 2.51.1 Win32/TrojanDownloader.Agent.ASL trojan
VirusBuster 2005 1.2.4 Trojan.DL.Agent.DWD
  • 0

#23
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Pieter,

It looks like my problem has been resolved. Based on your latest post, I installed AVG 7.1 and it found and deleted 21 infected files listed below, the dll's you noticed among them. I re-booted twice and I look clean! Let me say a great big thank you for your help :whistling: You guys (and gals) rock!


Contents of AVG vault:
Trojan horse Downloader.Agent.ETV C:\WINDOWS\MXOALDR.EXE 9/10/2006 12:34 MXOALDR.EXE 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\Microsoft IntelliPoint\point32.exe 9/10/2006 13:25 point32.exe 16.5 KB
Trojan horse Downloader.Agent.ETX C:\RECYCLER\S-1-5-21-1993962763-436374069-1202660629-5235\Dc19.dll 9/10/2006 13:26 Dc19.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\RECYCLER\S-1-5-21-1993962763-436374069-1202660629-5235\Dc21.dll 9/10/2006 13:26 Dc21.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\RECYCLER\S-1-5-21-1993962763-436374069-1202660629-5235\Dc23.dll 9/10/2006 13:26 Dc23.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\RECYCLER\S-1-5-21-1993962763-436374069-1202660629-5235\Dc25.dll 9/10/2006 13:26 Dc25.dll 21.51 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\Apoint\Apoint.exe.bad 9/10/2006 14:15 Apoint.exe.bad 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 9/10/2006 14:15 atiptaxx.exe 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 9/10/2006 14:15 issch.exe 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 9/10/2006 14:15 ISUSPM.exe 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe 9/10/2006 14:15 DVDLauncher.exe 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\D-Tools\daemon.exe 9/10/2006 14:15 daemon.exe 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe 9/10/2006 14:15 ifrmewrk.exe 16.5 KB
Trojan horse Downloader.Agent.ETV C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe 9/10/2006 14:15 OneTouch.exe 16.5 KB
Trojan horse Downloader.Agent.ETX C:\RECYCLER\S-1-5-21-1993962763-436374069-1202660629-5235\Dc17.dll 9/10/2006 14:15 Dc17.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\Documents and Settings\pgratzinger\Local Settings\Temp\t1157904545.dll 9/10/2006 12:30 t1157904545.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\Documents and Settings\pgratzinger\Local Settings\Temp\t1157904549.dll 9/10/2006 12:30 t1157904549.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\Documents and Settings\pgratzinger\Local Settings\Temp\t1157904550.dll 9/10/2006 12:30 t1157904550.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\Documents and Settings\pgratzinger\Local Settings\Temp\t1157904554.dll 9/10/2006 12:30 t1157904554.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\Documents and Settings\pgratzinger\Local Settings\Temp\t1157904562.dll 9/10/2006 12:30 t1157904562.dll 21.51 KB
Trojan horse Downloader.Agent.ETX C:\Documents and Settings\pgratzinger\Local Settings\Temp\t1157904562.dll 9/10/2006 12:30 t1157904562.dll 21.51 KB


As insurance, my - hopefully - clean HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 2:56:35 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\AD414C.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\pgratzinger\My Documents\Downloads\sysinternals\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/weather/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" -a
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\pgratzinger\My Documents\Downloads\sysinternals\HijackThis.exe /startupscan
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ace.allincal.com
O15 - Trusted Zone: http://crm.allincal.com
O15 - Trusted Zone: http://*.labcrm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sjc-fp02/off...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sjc-fp02/off...stall/setup.cab
O16 - DPF: {2591F13E-4ED2-4EB6-AC24-F9F543BA4B7B} (Meet247 - Live Meeting) - https://www.meet247....mLauncher43.ocx
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sjc-fp02/off.../RemoveCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139421660718
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://localhost/Vir...tiveXClient.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emcsoftwareg...bex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...820/mcfscan.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://localhost/Rep...OpType=PrintCab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Allincal.com
O17 - HKLM\Software\..\Telephony: DomainName = Allincal.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Allincal.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe" -s:MSSQL.2 -f:MSSQLSERVER (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER) (MSSQLServerOLAPService) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Config (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Virtual Machine Helper (vmh) - Unknown owner - C:\Program Files\Microsoft Virtual Server\vmh.exe" -service (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks again,
Peter
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hi Peter,

Excelllent news. :whistling:

I would have liked to have a look at one of those .exe files though.
It looks as if it replaced existing files, so you may have some problems with certain programs.

Your log looks clean, but with viruses that infect/replace legitimate files that is often so.

My question to you is are you courageous enough to let one of the files out of the vault?
I would love to send one of those files to the antivirus companies that don't detect this one yet.
No problem if you don't want to. I would understand completely. Let me know.

I will leave this thread open anyway, so I can help you with any programs that stop working.

One thing that needs to be done is to flush your restore points.

To do so:
  • Turn off system restore
  • Reboot
  • Turn system restore back on
More information can be found here:
http://service1.syma...src=sec_doc_nam

Regards,
  • 0

#25
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Pieter,

I will share which ever files you want from the vault. However, for the likes of t1157904545.dll the corresponding t1157904545.exe is always 0 bytes. Are you interested in me posting any other of the infected files from the vault?

Thanks,
Peter
  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hi Peter,

I'll need one of the 16,5 KB files like for example:
Trojan horse Downloader.Agent.ETV C:\Program Files\Apoint\Apoint.exe.bad 9/10/2006 14:15 Apoint.exe.bad 16.5 KB

Those are all files that have been replaced with/by the virus.
If you looks at the next 7 entries in your list, you'll see that they are all that size.
If that is a coincidence then my name is Will Wonka. :whistling:
I'll bet my years supply of chocolate that if you analyze these files they'll turn out to be all the same.
Just wearing a different name-tag.

So, If you can get me one of these, I'd be so greatfull.

Thanks in advance.
  • 0

#27
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Pieter,

No problem, see attached.

Thanks,
Peter

Edited by peterg99, 12 September 2006 - 12:44 AM.

  • 0

#28
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I do not see any symbol for the attachement. Did it upload?
  • 0

#29
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
No. That won't work here. Can you do it at TheSpykiller please?

Thanks,
  • 0

#30
peterg99

peterg99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
There it is.
http://www.thespykil...hp?topic=2533.0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP