Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

xbloom 0up etc etc plauging my system [CLOSED]


  • This topic is locked This topic is locked

#1
DS88

DS88

    Member

  • Member
  • PipPip
  • 10 posts
I've also been having trouble with icannews popups

Logfile of HijackThis v1.99.1
Scan saved at 7:28:22 PM, on 10/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\COSMI\SPYWAR~1\POP\ABG_PL~1.DLL
O2 - BHO: (no name) - {5B662598-27F0-4105-E992-2ECAE34B0F7D} - C:\WINDOWS\Uvzxndbf.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: AdCom - {D7950AB4-67F5-458e-A37D-9F2DE7F250AC} - C:\WINDOWS\SYSTEM\ADCOM.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE" -minimized
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [NORTON AUTO-PROTECT] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\SYSTEM\ADPROT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [sys101748056096] C:\WINDOWS\sys101748056096.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [yPKNA3] "C:\WINDOWS\CXTPLS_LOADER.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [inwmg] C:\WINDOWS\W130713.STUB.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Norton Program Scheduler.LNK = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O13 - WWW. Prefix: http://

Edited by DS88, 02 October 2005 - 07:19 PM.

  • 0

Advertisements


#2
DS88

DS88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:54:25 PM, on 10/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\COSMI\SPYWAR~1\POP\ABG_PL~1.DLL
O2 - BHO: (no name) - {5B662598-27F0-4105-E992-2ECAE34B0F7D} - C:\WINDOWS\Uvzxndbf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE" -minimized
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [NORTON AUTO-PROTECT] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\SYSTEM\ADPROT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [sys101748056096] C:\WINDOWS\sys101748056096.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [yPKNA3] "C:\WINDOWS\CXTPLS_LOADER.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [inwmg] C:\WINDOWS\W130713.STUB.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Norton Program Scheduler.LNK = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O13 - WWW. Prefix: http://

Any help would be greatly apperciated.
  • 0

#3
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

Once you have Hijackthis running from a permanent folder, please reboot and post a new hijackthis log.
  • 0

#4
DS88

DS88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
As requested, and thank you for the help :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 6:30:27 PM, on 10/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE" -minimized
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [adprot] C:\WINDOWS\SYSTEM\ADPROT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [sys101748056096] C:\WINDOWS\sys101748056096.exe
O4 - HKLM\..\Run: [yPKNA3] "C:\WINDOWS\CXTPLS_LOADER.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NORTON AUTO-PROTECT] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Norton Program Scheduler.LNK = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
  • 0

#5
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please follow these steps:
  • Please make sure that you can View Hidden Files
    • Click Start -> My Computer
    • Select Tools -> Folder options
    • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
    • Also make sure that 'Display the contents of system folders' is checked.
    • For more info on how to show hidden files click here.


  • Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


    O4 - HKLM\..\Run: [adprot] C:\WINDOWS\SYSTEM\ADPROT.EXE
    O4 - HKLM\..\Run: [sys101748056096] C:\WINDOWS\sys101748056096.exe
    O4 - HKLM\..\Run: [yPKNA3] "C:\WINDOWS\CXTPLS_LOADER.EXE" /PC=CP.AOP2



  • Please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
    • If you have trouble getting into Safe mode go here for more info.



  • Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):


    C:\WINDOWS\SYSTEM\ADPROT.EXE
    C:\WINDOWS\sys101748056096.exe
    C:\WINDOWS\CXTPLS_LOADER.EXE
Reboot your computer to go back to normal mode.


Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.
  • 0

#6
DS88

DS88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I tried all three of those scans but I couldn't get any of them to work so here's my latest HJT:

Logfile of HijackThis v1.99.1
Scan saved at 11:17:46 PM, on 10/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE" -minimized
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NORTON AUTO-PROTECT] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Norton Program Scheduler.LNK = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please download Bit Defender 8 Free Edition
  • Install the program and then follow the prompts to download all available updates.
  • Perform a full scan on your Local drive.
  • When the scan is complete save the log and post it back here in your next reply.

  • 0

#8
DS88

DS88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 08/10/2005 13:37:02
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\WINDOWS\SYSTEM\
Folders : 67
Files : 3074
Archives : 6
Packed files : 90
Identified viruses : 6
Infected files : 8
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 4
Copied files : 0
Moved files : 4
Renamed files : 0
I/O errors : 0
Scan time : 00:09:59
Scan speed (files/sec) : 5

Virus definitions : 187164
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\WINDOWS\SYSTEM\CKFEHLOF.EXE Infected I-Worm.Hybris.B
C:\WINDOWS\SYSTEM\CKFEHLOF.EXE Deleted
C:\WINDOWS\SYSTEM\mshtml.exe Infected Trojan.Downloader.Small.US
C:\WINDOWS\SYSTEM\mshtml.exe Deleted
C:\WINDOWS\SYSTEM\lfimg12n.exe Infected Trojan.Downloader.Agent.AM
C:\WINDOWS\SYSTEM\lfimg12n.exe Deleted
C:\WINDOWS\SYSTEM\ds32gt.exe Infected Trojan.Downloader.Agent.AM
C:\WINDOWS\SYSTEM\ds32gt.exe Deleted
C:\WINDOWS\SYSTEM\e6f1873b.dll Infected Trojan.Downloader.Braidupdate.D
C:\WINDOWS\SYSTEM\e6f1873b.dll Disinfection failed
C:\WINDOWS\SYSTEM\e6f1873b.dll Moved
C:\WINDOWS\SYSTEM\elitevhc32.exe Infected Trojan.Startpage.NK
C:\WINDOWS\SYSTEM\elitevhc32.exe Disinfection failed
C:\WINDOWS\SYSTEM\elitevhc32.exe Moved
C:\WINDOWS\SYSTEM\temperror32.dat Infected Trojan.Startpage.NK
C:\WINDOWS\SYSTEM\temperror32.dat Disinfection failed
C:\WINDOWS\SYSTEM\temperror32.dat Moved
C:\WINDOWS\SYSTEM\newexp Infected Dropped:Trojan.Downloader.Small.ABD
C:\WINDOWS\SYSTEM\newexp Disinfection failed
C:\WINDOWS\SYSTEM\newexp Moved

Scanned files

C:\=>Master Boot Record 80 OK
C:\=>Partition Boot 1 (primary) (active) OK
C:\WINDOWS\SYSTEM\INFRARED.DLL OK
C:\WINDOWS\SYSTEM\MSPRINT.DLL OK
C:\WINDOWS\SYSTEM\PCI.VXD OK
C:\WINDOWS\SYSTEM\MSTCP.DLL OK
C:\WINDOWS\SYSTEM\MSPRINT2.DLL OK
C:\WINDOWS\SYSTEM\SYSDETMG.DLL OK
C:\WINDOWS\SYSTEM\NDSWAN16.DLL OK
C:\WINDOWS\SYSTEM\MSWEBNDI.DLL OK
C:\WINDOWS\SYSTEM\DLCNDI.DLL OK
C:\WINDOWS\SYSTEM\NETOS.DLL OK
C:\WINDOWS\SYSTEM\NWNDS.DLL OK
C:\WINDOWS\SYSTEM\PPPNDI.DLL OK
C:\WINDOWS\SYSTEM\WAN.TSP OK
C:\WINDOWS\SYSTEM\MUJETINT.DLL OK
C:\WINDOWS\SYSTEM\HIDCI.DLL OK
C:\WINDOWS\SYSTEM\CFGWIZ32.EXE OK
C:\WINDOWS\SYSTEM\ENUMFILE.DLL OK
C:\WINDOWS\SYSTEM\VMM32\IFSMGR.VXD OK
C:\WINDOWS\SYSTEM\VMM32\IOS.VXD OK
C:\WINDOWS\SYSTEM\VMM32\QEMMFIX.VXD OK
C:\WINDOWS\SYSTEM\ENABLE4.VXD OK
C:\WINDOWS\SYSTEM\FIOLOG.VXD OK
C:\WINDOWS\SYSTEM\VPOWERD.VXD OK
C:\WINDOWS\SYSTEM\QTWMCI32.DLL OK
C:\WINDOWS\SYSTEM\MFCN30.DLL OK
C:\WINDOWS\SYSTEM\MFCO30.DLL OK
C:\WINDOWS\SYSTEM\MSIMG32.DLL OK
C:\WINDOWS\SYSTEM\MFCO40.DLL OK
C:\WINDOWS\SYSTEM\STREAMCI.DLL OK
C:\WINDOWS\SYSTEM\TAPI16.EXE OK
C:\WINDOWS\SYSTEM\WDMMDMLD.VXD OK
C:\WINDOWS\SYSTEM\BIOS.VXD OK
C:\WINDOWS\SYSTEM\MFCANS32.DLL OK
C:\WINDOWS\SYSTEM\IPROP.DLL OK
C:\WINDOWS\SYSTEM\ISAPNP.VXD OK
C:\WINDOWS\SYSTEM\WMI.DLL OK
C:\WINDOWS\SYSTEM\WOW32.DLL OK
C:\WINDOWS\SYSTEM\IOSUBSYS\ESDI_506.PDR OK
C:\WINDOWS\SYSTEM\IOSUBSYS\ATAPCHNG.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\CDTSD.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\CDVSD.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\DISKTSD.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\DISKVSD.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\DRVWCDB.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\SCSI1HLP.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\AIC78XX.MPD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\AMSINT.MPD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\NCRC710.MPD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\NCRC810.MPD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\HSFLOP.PDR OK
C:\WINDOWS\SYSTEM\IOSUBSYS\RMM.PDR OK
C:\WINDOWS\SYSTEM\IOSUBSYS\SCSIPORT.PDR OK
C:\WINDOWS\SYSTEM\IOSUBSYS\APIX.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\CDFS.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\SMARTVSD.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\VOLTRACK.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\IDEVSD.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\m5229.mpd OK
C:\WINDOWS\SYSTEM\IOSUBSYS\SCSI1HLP.VXX OK
C:\WINDOWS\SYSTEM\IOSUBSYS\TORISAN3.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\DRVWPPQT.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\DRVWQ117.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\NECATAPI.VXD OK
C:\WINDOWS\SYSTEM\IOSUBSYS\BIGMEM.DRV OK
C:\WINDOWS\SYSTEM\PCIMP.PCI OK
C:\WINDOWS\SYSTEM\MQREPL35.DLL OK
C:\WINDOWS\SYSTEM\VFIXD.VXD OK
C:\WINDOWS\SYSTEM\DINDI.DLL OK
C:\WINDOWS\SYSTEM\COMMCTRL.DLL OK
C:\WINDOWS\SYSTEM\ISSETUP.DLL OK
C:\WINDOWS\SYSTEM\PNPWPROP.DLL OK
C:\WINDOWS\SYSTEM\SERIAL.VXD OK
C:\WINDOWS\SYSTEM\UMDM32.DLL OK
C:\WINDOWS\SYSTEM\UMDMXFRM.DLL OK
C:\WINDOWS\SYSTEM\S3V.DRV OK
C:\WINDOWS\SYSTEM\SERWAVE.VXD OK
C:\WINDOWS\SYSTEM\MSMOUSE.VXD OK
C:\WINDOWS\SYSTEM\SMARTVSD.VXD OK
C:\WINDOWS\SYSTEM\S3.VXD OK
C:\WINDOWS\SYSTEM\DSKMAINT.DLL OK
C:\WINDOWS\SYSTEM\MAIN.CPL OK
C:\WINDOWS\SYSTEM\JOY.CPL OK
C:\WINDOWS\SYSTEM\SYSDM.CPL OK
C:\WINDOWS\SYSTEM\MAPISTUB.DLL OK
C:\WINDOWS\SYSTEM\TELEPHON.CPL OK
C:\WINDOWS\SYSTEM\MCIQTENU.Q32 OK
C:\WINDOWS\SYSTEM\DEVMGR32.DLL OK
C:\WINDOWS\SYSTEM\POWER.DRV OK
C:\WINDOWS\SYSTEM\USBUI.DLL OK
C:\WINDOWS\SYSTEM\SLMSCRPT.DLL OK
C:\WINDOWS\SYSTEM\MFC30.DLL OK
C:\WINDOWS\SYSTEM\S3V.DLL OK
C:\WINDOWS\SYSTEM\VERSION.DLL OK
C:\WINDOWS\SYSTEM\3D Maze.scr OK
C:\WINDOWS\SYSTEM\CJ27INST.INI OK
C:\WINDOWS\SYSTEM\NDSWAN32.DLL OK
C:\WINDOWS\SYSTEM\NETAPI.DLL OK
C:\WINDOWS\SYSTEM\MPREXE.EXE OK
C:\WINDOWS\SYSTEM\RPCSS.EXE OK
C:\WINDOWS\SYSTEM\Lxasmdm.dll OK
C:\WINDOWS\SYSTEM\RNASETUP.DLL OK
C:\WINDOWS\SYSTEM\RHCRT4.DLL OK
C:\WINDOWS\SYSTEM\SETUPX.DLL OK
C:\WINDOWS\SYSTEM\MSJSTICK.DRV OK
C:\WINDOWS\SYSTEM\VJOYD.VXD OK
C:\WINDOWS\SYSTEM\IENPSTUB.DLL OK
C:\WINDOWS\SYSTEM\D3DRG16F.DLL OK
C:\WINDOWS\SYSTEM\asfsipc.dll OK
C:\WINDOWS\SYSTEM\ACELPDEC.AX OK
C:\WINDOWS\SYSTEM\MWCI.DLL OK
C:\WINDOWS\SYSTEM\MSANALOG.VXD OK
C:\WINDOWS\SYSTEM\SUPERVGA.DRV OK
C:\WINDOWS\SYSTEM\ACTMOVIE.EXE OK
C:\WINDOWS\SYSTEM\ATI.VXD OK
C:\WINDOWS\SYSTEM\IMNIMP.DLL OK
C:\WINDOWS\SYSTEM\CSPMAN.DLL OK
C:\WINDOWS\SYSTEM\AWDCXC32.DLL OK
C:\WINDOWS\SYSTEM\AWDENC32.DLL OK
C:\WINDOWS\SYSTEM\AWKRNL32.DLL OK
C:\WINDOWS\SYSTEM\AWRESX32.DLL OK
C:\WINDOWS\SYSTEM\AWVIEW32.DLL OK
C:\WINDOWS\SYSTEM\CARDS.DLL OK
C:\WINDOWS\SYSTEM\JPEG2X32.DLL OK
C:\WINDOWS\SYSTEM\MSCONF.DLL OK
C:\WINDOWS\SYSTEM\OICOM400.DLL OK
C:\WINDOWS\SYSTEM\OIDIS400.DLL OK
C:\WINDOWS\SYSTEM\OIFIL400.DLL OK
C:\WINDOWS\SYSTEM\OIGFS400.DLL OK
C:\WINDOWS\SYSTEM\OIPRT400.DLL OK
C:\WINDOWS\SYSTEM\OISLB400.DLL OK
C:\WINDOWS\SYSTEM\OISSQ400.DLL OK
C:\WINDOWS\SYSTEM\OITWA400.DLL OK
C:\WINDOWS\SYSTEM\OIUI400.DLL OK
C:\WINDOWS\SYSTEM\RSRC16.DLL OK
C:\WINDOWS\SYSTEM\MSLOCUSR.DLL OK
C:\WINDOWS\SYSTEM\MSSHRUI.DLL OK
C:\WINDOWS\SYSTEM\MCIPIONR.DRV OK
C:\WINDOWS\SYSTEM\AWADPR32.EXE OK
C:\WINDOWS\SYSTEM\RPCLTC1.DLL OK
C:\WINDOWS\SYSTEM\IMGEDIT.OCX OK
C:\WINDOWS\SYSTEM\IMGSCAN.OCX OK
C:\WINDOWS\SYSTEM\IMGTHUMB.OCX OK
C:\WINDOWS\SYSTEM\WSHOM.OCX OK
C:\WINDOWS\SYSTEM\SYNCUI.DLL OK
C:\WINDOWS\SYSTEM\RPCLTC5.DLL OK
C:\WINDOWS\SYSTEM\DDAO35.DLL OK
C:\WINDOWS\SYSTEM\HID.DLL OK
C:\WINDOWS\SYSTEM\SYSCLASS.DLL OK
C:\WINDOWS\SYSTEM\WHLP32T.DLL OK
C:\WINDOWS\SYSTEM\WIN32S16.DLL OK
C:\WINDOWS\SYSTEM\ICMUI.DLL OK
C:\WINDOWS\SYSTEM\ICMUPG.DLL OK
C:\WINDOWS\SYSTEM\COLOR\HPSJTW.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNB22G18.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNB22G21.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNEBUG15.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNEBUG18.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNEBUG21.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNP22G15.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNP22G18.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNP22G21.ICM OK
C:\WINDOWS\SYSTEM\COLOR\sRGB Color Space Profile.icm OK
C:\WINDOWS\SYSTEM\COLOR\Trinitron Compatible 9300K G2.2.icm OK
C:\WINDOWS\SYSTEM\COLOR\Diamond Compatible 9300K G2.2.icm OK
C:\WINDOWS\SYSTEM\COLOR\Hitachi Compatible 9300K G2.2.icm OK
C:\WINDOWS\SYSTEM\COLOR\NEC Compatible 9300K G2.2.icm OK
C:\WINDOWS\SYSTEM\COLOR\scannerX83RGB.icm OK
C:\WINDOWS\SYSTEM\COLOR\scannerX83Gray.icm OK
C:\WINDOWS\SYSTEM\COLOR\PrinterX83RGB.icm OK
C:\WINDOWS\SYSTEM\COLOR\Generic Gray Profile.icm OK
C:\WINDOWS\SYSTEM\COLOR\LEXX83.ICM OK
C:\WINDOWS\SYSTEM\COLOR\MNB22G15.ICM OK
C:\WINDOWS\SYSTEM\ICHRCNV.DLL OK
C:\WINDOWS\SYSTEM\iejava.cab OK
C:\WINDOWS\SYSTEM\iejava.cab=>Internet Explorer Classes for Java.osd OK
C:\WINDOWS\SYSTEM\iejava.cab=>iejava.inf OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\CommandStateChangeConstants.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DShellFolderViewEvents.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DShellWindowsEvents.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DWebBrowserEvents.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DWebBrowserEvents2.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DWebBrowserEvents2EventListener.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DWebBrowserEvents2EventMulticaster.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DWebBrowserEventsEventListener.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\DWebBrowserEventsEventMulticaster.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\Folder.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\FolderItem.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\FolderItems.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\FolderItemVerb.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\FolderItemVerbs.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IFolderViewOC.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\InternetExplorer.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IShellDispatch.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IShellFolderViewDual.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IShellLinkDual.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IShellUIHelper.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IShellWindows.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IWebBrowser.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IWebBrowser2.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\IWebBrowserApp.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\OLECMDEXECOPT.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\OLECMDF.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\OLECMDID.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\Shell.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellDispatchInproc.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellFolderView.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellFolderViewOC.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellFolderViewOptions.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellLinkObject.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellSpecialFolderConstants.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellUIHelper.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellWindowFindWindowOptions.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellWindows.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\ShellWindowTypeConstants.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\tagREADYSTATE.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowser.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowserEventListener.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowserEventMulticaster.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowserRaw.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowser_V1.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowser_V1EventListener.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowser_V1EventMulticaster.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebBrowser_V1Raw.class OK
C:\WINDOWS\SYSTEM\iejava.cab=>com\ms\ie\WebViewFolderContents.class OK
C:\WINDOWS\SYSTEM\OWSOCK.VXO OK
C:\WINDOWS\SYSTEM\RPCLTS5.DLL OK
C:\WINDOWS\SYSTEM\RATINGS.POL OK
C:\WINDOWS\SYSTEM\INSENG.DLL OK
C:\WINDOWS\SYSTEM\CHATSOCK.DLL OK
C:\WINDOWS\SYSTEM\icwphbk.dll OK
C:\WINDOWS\SYSTEM\JAVACYPT.DLL OK
C:\WINDOWS\SYSTEM\CFGWIZ.DLL OK
C:\WINDOWS\SYSTEM\LZEXPAND.DLL OK
C:\WINDOWS\SYSTEM\HOMEPAGE.INF OK
C:\WINDOWS\SYSTEM\SECUR32.DLL OK
C:\WINDOWS\SYSTEM\ATI_D3D.DLL OK
C:\WINDOWS\SYSTEM\w95inf32.dll OK
C:\WINDOWS\SYSTEM\WINSSPI.DLL OK
C:\WINDOWS\SYSTEM\WSOCK32N.DLL OK
C:\WINDOWS\SYSTEM\IR50_QCX.DLL OK
C:\WINDOWS\SYSTEM\3D Pipes.scr OK
C:\WINDOWS\SYSTEM\BROWSELC.DLL OK
C:\WINDOWS\SYSTEM\JGDWMIE.DLL OK
C:\WINDOWS\SYSTEM\SENDMAIL.DLL OK
C:\WINDOWS\SYSTEM\INTRINSC.OCX OK
C:\WINDOWS\SYSTEM\IOSCLASS.DLL OK
C:\WINDOWS\SYSTEM\VYAJET.DLL OK
C:\WINDOWS\SYSTEM\KRNL386.EXE OK
C:\WINDOWS\SYSTEM\UNIDRV.DLL OK
C:\WINDOWS\SYSTEM\ILS.DLL OK
C:\WINDOWS\SYSTEM\WS2_32.DLL OK
C:\WINDOWS\SYSTEM\CCAPI.DLL OK
C:\WINDOWS\SYSTEM\DUNZIPNT.DLL OK
C:\WINDOWS\SYSTEM\FTMAPI.DLL OK
C:\WINDOWS\SYSTEM\MCM.DLL OK
C:\WINDOWS\SYSTEM\MOSCC.DLL OK
C:\WINDOWS\SYSTEM\MOSCL.DLL OK
C:\WINDOWS\SYSTEM\MOSCUDLL.DLL OK
C:\WINDOWS\SYSTEM\MOSMISC.DLL OK
C:\WINDOWS\SYSTEM\PRODINV.DLL OK
C:\WINDOWS\SYSTEM\SVCPROP.DLL OK
C:\WINDOWS\SYSTEM\TREENVCL.DLL OK
C:\WINDOWS\SYSTEM\RNAAPP.EXE OK
C:\WINDOWS\SYSTEM\LFCMP10N.DLL OK
C:\WINDOWS\SYSTEM\FRAMEBUF.DLL OK
C:\WINDOWS\SYSTEM\FRAMEBUF.DRV OK
C:\WINDOWS\SYSTEM\NETCPL.CPL OK
C:\WINDOWS\SYSTEM\UMDM16.DLL OK
C:\WINDOWS\SYSTEM\MSNSSPC.DLL OK
C:\WINDOWS\SYSTEM\LFDIC10N.DLL OK
C:\WINDOWS\SYSTEM\MSADP32.ACM OK
C:\WINDOWS\SYSTEM\MSGSM32.ACM OK
C:\WINDOWS\SYSTEM\UNIDRV.HLP OK
C:\WINDOWS\SYSTEM\TSSOFT32.ACM OK
C:\WINDOWS\SYSTEM\OEMREG.BIN OK
C:\WINDOWS\SYSTEM\DRVVFP.CNT OK
C:\WINDOWS\SYSTEM\MODEM.CPL OK
C:\WINDOWS\SYSTEM\AVICAP32.DLL OK
C:\WINDOWS\SYSTEM\AVIFIL32.DLL OK
C:\WINDOWS\SYSTEM\AVIFILE.DLL OK
C:\WINDOWS\SYSTEM\BATMETER.DLL OK
C:\WINDOWS\SYSTEM\DCIMAN32.DLL OK
C:\WINDOWS\SYSTEM\DDRAW.DLL OK
C:\WINDOWS\SYSTEM\DMBAND.DLL OK
C:\WINDOWS\SYSTEM\IR32_32.DLL OK
C:\WINDOWS\SYSTEM\MAINCP16.DLL OK
C:\WINDOWS\SYSTEM\MCIQTZ32.DLL OK
C:\WINDOWS\SYSTEM\MMSYSTEM.DLL OK
C:\WINDOWS\SYSTEM\3D Text.scr OK
C:\WINDOWS\SYSTEM\MSCMS.DLL OK
C:\WINDOWS\SYSTEM\MSJTER40.DLL OK
C:\WINDOWS\SYSTEM\MSORCL32.DLL OK
C:\WINDOWS\SYSTEM\MSVCRT20.DLL OK
C:\WINDOWS\SYSTEM\MSVIDEO.DLL OK
C:\WINDOWS\SYSTEM\MYDOCS.DLL OK
C:\WINDOWS\SYSTEM\MSWDAT10.DLL OK
C:\WINDOWS\SYSTEM\TSP3216S.DLL OK
C:\WINDOWS\SYSTEM\LFKODAK.DLL OK
C:\WINDOWS\SYSTEM\MCICDA.DRV OK
C:\WINDOWS\SYSTEM\MCIQTZ.DRV OK
C:\WINDOWS\SYSTEM\MCIWAVE.DRV OK
C:\WINDOWS\SYSTEM\MIDIMAP.DRV OK
C:\WINDOWS\SYSTEM\Show Desktop.scf OK
C:\WINDOWS\SYSTEM\MSGAME.VXD OK
C:\WINDOWS\SYSTEM\IMAADP32.ACM OK
C:\WINDOWS\SYSTEM\VRTWD.386 OK
C:\WINDOWS\SYSTEM\LHACM.ACM OK
C:\WINDOWS\SYSTEM\OAFVXD.VXO OK
C:\WINDOWS\SYSTEM\D3DIM.DLL OK
C:\WINDOWS\SYSTEM\LMOUSE.DRV OK
C:\WINDOWS\SYSTEM\LMOUSE.VXD OK
C:\WINDOWS\SYSTEM\LMOUSE16.DLL OK
C:\WINDOWS\SYSTEM\LMOUSE32.DLL OK
C:\WINDOWS\SYSTEM\COMNCTR.DLL OK
C:\WINDOWS\SYSTEM\LOGILANG.DLL OK
C:\WINDOWS\SYSTEM\MSASN1.DLL OK
C:\WINDOWS\SYSTEM\OWSHTCP.VXO OK
C:\WINDOWS\SYSTEM\OWSOCK32.DLO OK
C:\WINDOWS\SYSTEM\SBAWE.VXD OK
C:\WINDOWS\SYSTEM\LWASTK32.DLL OK
C:\WINDOWS\SYSTEM\DRLAY.DLL OK
C:\WINDOWS\SYSTEM\CMGR32.DLL OK
C:\WINDOWS\SYSTEM\MSSCMC32.DLL OK
C:\WINDOWS\SYSTEM\MSVBVM50.DLL OK
C:\WINDOWS\SYSTEM\L3CODECA.ACM OK
C:\WINDOWS\SYSTEM\SBAWE32.DRV OK
C:\WINDOWS\SYSTEM\LTSCR10N.DLL OK
C:\WINDOWS\SYSTEM\CP_28592.NLS OK
C:\WINDOWS\SYSTEM\CP_28595.NLS OK
C:\WINDOWS\SYSTEM\CP_28593.NLS OK
C:\WINDOWS\SYSTEM\CP_28594.NLS OK
C:\WINDOWS\SYSTEM\CP_437.NLS OK
C:\WINDOWS\SYSTEM\LXASUSCI.DLL OK
C:\WINDOWS\SYSTEM\CP_852.NLS OK
C:\WINDOWS\SYSTEM\NETDI.DLL OK
C:\WINDOWS\SYSTEM\MOUSE.DRV OK
C:\WINDOWS\SYSTEM\COOL.DLL OK
C:\WINDOWS\SYSTEM\OLE2CONV.DLL OK
C:\WINDOWS\SYSTEM\OLE2DISP.DLL OK
C:\WINDOWS\SYSTEM\OLE2NLS.DLL OK
C:\WINDOWS\SYSTEM\OLE32.DLL OK
C:\WINDOWS\SYSTEM\LXASUSCI.EXE OK
C:\WINDOWS\SYSTEM\DMMCARD.VXD OK
C:\WINDOWS\SYSTEM\SYNCENG.DLL OK
C:\WINDOWS\SYSTEM\VBAJET32.DLL OK
C:\WINDOWS\SYSTEM\STDOLE32.TLB OK
C:\WINDOWS\SYSTEM\atl.dll OK
C:\WINDOWS\SYSTEM\VGAFULL.3GR OK
C:\WINDOWS\SYSTEM\IAC25_32.AX OK
C:\WINDOWS\SYSTEM\PCDLIB32.DLL OK
C:\WINDOWS\SYSTEM\MMCI.DLL OK
C:\WINDOWS\SYSTEM\OLEDLG.DLL OK
C:\WINDOWS\SYSTEM\PANMAP.DLL OK
C:\WINDOWS\SYSTEM\VIVOG723.ACM OK
C:\WINDOWS\SYSTEM\MSRLE32.DLL OK
C:\WINDOWS\SYSTEM\SYSINV.DLL OK
C:\WINDOWS\SYSTEM\MSISYS.VXD OK
C:\WINDOWS\SYSTEM\EISA.VXD OK
C:\WINDOWS\SYSTEM\MMDEVLDR.VXD OK
C:\WINDOWS\SYSTEM\TDC.OCX OK
C:\WINDOWS\SYSTEM\MMLOCUSR.DLL OK
C:\WINDOWS\SYSTEM\MSR2CENU.DLL OK
C:\WINDOWS\SYSTEM\WINSPOOL.DRV OK
C:\WINDOWS\SYSTEM\IR41_32.AX OK
C:\WINDOWS\SYSTEM\IVFSRC.AX OK
C:\WINDOWS\SYSTEM\L3CODECX.AX OK
C:\WINDOWS\SYSTEM\MCISEQ.DRV OK
C:\WINDOWS\SYSTEM\MSACM.DRV OK
C:\WINDOWS\SYSTEM\QUARTZ.VXD OK
C:\WINDOWS\SYSTEM\DUNSETUP.EXE OK
C:\WINDOWS\SYSTEM\DLLHOST.EXE OK
C:\WINDOWS\SYSTEM\CLRAMD.AX OK
C:\WINDOWS\SYSTEM\MPG2SPLT.AX OK
C:\WINDOWS\SYSTEM\MKCOMPAT.EXE OK
C:\WINDOWS\SYSTEM\MSENCODE.DLL OK
C:\WINDOWS\SYSTEM\LPTENUM.VXD OK
C:\WINDOWS\SYSTEM\SW3DPRO.VXD OK
C:\WINDOWS\SYSTEM\MSAUD32.ACM OK
C:\WINDOWS\SYSTEM\VVAUDFLT.AX OK
C:\WINDOWS\SYSTEM\SFCDLL.DLL OK
C:\WINDOWS\SYSTEM\MSRCLR40.DLL OK
C:\WINDOWS\SYSTEM\SFC.EXE OK
C:\WINDOWS\SYSTEM\DESK.CPL OK
C:\WINDOWS\SYSTEM\LFBMP70N.DLL OK
C:\WINDOWS\SYSTEM\ENABLE3.DLL OK
C:\WINDOWS\SYSTEM\DISPDIB.DLL OK
C:\WINDOWS\SYSTEM\DPLAY.DLL OK
C:\WINDOWS\SYSTEM\FTSRCH.DLL OK
C:\WINDOWS\SYSTEM\GCDEF.DLL OK
C:\WINDOWS\SYSTEM\Flying Windows.scr OK
C:\WINDOWS\SYSTEM\PID.DLL OK
C:\WINDOWS\SYSTEM\SIMPDATA.TLB OK
C:\WINDOWS\SYSTEM\SQLSRV32.DLL OK
C:\WINDOWS\SYSTEM\GDI.EXE OK
C:\WINDOWS\SYSTEM\IMGST_TR.INI OK
C:\WINDOWS\SYSTEM\folder.htt OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 1)=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 1)=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 1)=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 1)=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 1)=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 1)=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 5)=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 5)=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 5)=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 5)=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 5)=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\folder.htt=>(JAVASCRIPT 5)=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\INETCPLC.DLL OK
C:\WINDOWS\SYSTEM\Blank Screen.scr OK
C:\WINDOWS\SYSTEM\COMMDLG.DLL OK
C:\WINDOWS\SYSTEM\LTWND10N.DLL OK
C:\WINDOWS\SYSTEM\DINPUT.DLL OK
C:\WINDOWS\SYSTEM\Mystify Your Mind.scr OK
C:\WINDOWS\SYSTEM\VVVIDFLT.AX OK
C:\WINDOWS\SYSTEM\desktop.ini OK
C:\WINDOWS\SYSTEM\TM20DEC.AX OK
C:\WINDOWS\SYSTEM\VOXMSDEC.AX OK
C:\WINDOWS\SYSTEM\VOXMVDEC.AX OK
C:\WINDOWS\SYSTEM\MIDIMAP.CFG OK
C:\WINDOWS\SYSTEM\MSORCL32.CNT OK
C:\WINDOWS\SYSTEM\VMODCTL.DLL OK
C:\WINDOWS\SYSTEM\SERWVDRV.DRV OK
C:\WINDOWS\SYSTEM\WAVEWRAP.DRV OK
C:\WINDOWS\SYSTEM\UNIMDM.TSP OK
C:\WINDOWS\SYSTEM\UNIMODEM.VXD OK
C:\WINDOWS\SYSTEM\INLOADER.DLL OK
C:\WINDOWS\SYSTEM\ODBCINST.CNT OK
C:\WINDOWS\SYSTEM\ODBCJET.CNT OK
C:\WINDOWS\SYSTEM\WUPDINFO.DLL OK
C:\WINDOWS\SYSTEM\MC32.QTC OK
C:\WINDOWS\SYSTEM\VNBT.386 OK
C:\WINDOWS\SYSTEM\VTCP.386 OK
C:\WINDOWS\SYSTEM\VTDI.386 OK
C:\WINDOWS\SYSTEM\VUDP.386 OK
C:\WINDOWS\SYSTEM\ODBCCP32.CPL OK
C:\WINDOWS\SYSTEM\POWERCFG.CPL OK
C:\WINDOWS\SYSTEM\DHCPCSVC.DLL OK
C:\WINDOWS\SYSTEM\MSHTMLER.DLL OK
C:\WINDOWS\SYSTEM\MSHTMLER.DLL=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\MSHTMLER.DLL=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\MSHTMLER.DLL=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\MSHTMLER.DLL=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\ptftp32c.dll OK
C:\WINDOWS\SYSTEM\MSAFD.DLL OK
C:\WINDOWS\SYSTEM\OWSASRV.EXO OK
C:\WINDOWS\SYSTEM\LPT.VXD OK
C:\WINDOWS\SYSTEM\ptsmt32c.dll OK
C:\WINDOWS\SYSTEM\INTL.CPL OK
C:\WINDOWS\SYSTEM\MMSYS.CPL OK
C:\WINDOWS\SYSTEM\RPCLTS3.DLL OK
C:\WINDOWS\SYSTEM\RSVPSP.DLL OK
C:\WINDOWS\SYSTEM\ACCESS.CPL OK
C:\WINDOWS\SYSTEM\mvidntld.dll OK
C:\WINDOWS\SYSTEM\ASYCPICT.DLL OK
C:\WINDOWS\SYSTEM\COMM.DRV OK
C:\WINDOWS\SYSTEM\LOCPROXY.EXE OK
C:\WINDOWS\SYSTEM\SAGE.EXE OK
C:\WINDOWS\SYSTEM\TELNET.HLP OK
C:\WINDOWS\SYSTEM\NDISWMI.SYS OK
C:\WINDOWS\SYSTEM\DFS.VXD OK
C:\WINDOWS\SYSTEM\12520437.CPX OK
C:\WINDOWS\SYSTEM\NDIS.VXD OK
C:\WINDOWS\SYSTEM\NDIS2SUP.VXD OK
C:\WINDOWS\SYSTEM\NWSERVER.VXD OK
C:\WINDOWS\SYSTEM\VNETSUP.VXD OK
C:\WINDOWS\SYSTEM\VREDIR.VXD OK
C:\WINDOWS\SYSTEM\VSERVER.VXD OK
C:\WINDOWS\SYSTEM\WSOCK.VXD OK
C:\WINDOWS\SYSTEM\WSOCK2.VXD OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MBADPID.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MBADPID.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MBADPID.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MBADPID.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MBADPID.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONGRAT.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONGRAT.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONGRAT.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONGRAT.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONGRAT.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONNECT.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONNECT.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONNECT.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONNECT.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MCONNECT.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULA.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULA.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULA.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULA.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULA.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULAWAR.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULAWAR.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULAWAR.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULAWAR.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MEULAWAR.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MINSTALL.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MINSTALL.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MLAN.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MLAN.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MLAN.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MLAN.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MLAN.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 9) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 10) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 12) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 13) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 15) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 16) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 18) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 19) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 22) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MPID.HTM=>(JAVASCRIPT 23) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGISTE.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGISTE.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGISTE.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGISTE.HTM=>(JAVASCRIPT 9) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGKB.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGKB.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGKBCM.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MREGKBCM.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MSTART.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MSTART.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MSTART.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MSTART.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MSTART.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MSTART.HTM=>(JAVASCRIPT 8) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 8) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 9) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 10) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 11) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 17) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 18) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTAPI.HTM=>(JAVASCRIPT 19) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MTEMPLAT.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MUSEMODE.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MUSEMODE.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MUSERINF.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MUSERINF.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MUSERINF.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MUSERINF.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\MSNSETUP\MMSOBSHE.CSS OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\BADPID.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\BADPID.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\BADPID.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\BADPID.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\BADPID.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONGRATS.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONGRATS.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONGRATS.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONGRATS.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONGRATS.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONNECT.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONNECT.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\CONNECT.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULA.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULA.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULA.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULA.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULA.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULAWARN.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULAWARN.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULAWARN.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULAWARN.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\EULAWARN.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\INSTALLD.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\INSTALLD.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 9) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 10) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 12) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 13) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 15) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 16) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 18) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 19) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 22) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\PID.HTM=>(JAVASCRIPT 23) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGISTER.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGISTER.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGISTER.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGISTER.HTM=>(JAVASCRIPT 9) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGKB.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGKB.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGKBCMT.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\REGKBCMT.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\START.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\START.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\START.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\START.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\START.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\START.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\START.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 8) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 9) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 12) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TAPI.HTM=>(JAVASCRIPT 13) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\TEMPLATE.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\USEMODEM.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\USEMODEM.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\USERINFO.HTM OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\USERINFO.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\USERINFO.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\USERINFO.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\SETUP\MSOBSHEL.CSS OK
C:\WINDOWS\SYSTEM\OOBE\MSOBMAIN.DLL OK
C:\WINDOWS\SYSTEM\OOBE\MSOBSHEL.DLL OK
C:\WINDOWS\SYSTEM\OOBE\MSOBSTUB.DLL OK
C:\WINDOWS\SYSTEM\OOBE\MSOBWEB.DLL OK
C:\WINDOWS\SYSTEM\OOBE\OBEIP.DUN OK
C:\WINDOWS\SYSTEM\OOBE\MSOOBE.EXE OK
C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\BIN.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\BINF.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\BINFS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\BINS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\CARDBACK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\CLUBS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\DBLCLICK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\DIAMONDS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\DRAGGING.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\GIF.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\GIFS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\GIFT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\IE.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\IES.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MENULFT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MENUMID.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MENURHT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MOUSE1.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MOVING.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MYCOMP.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MYCOMPS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MYDOC.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\MYDOCS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\NTPAD.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\NTPADS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\NTPADT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\PAINT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\PAINTS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\PAINTT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\PSTITLFT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\PSTITMID.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\PSTITRHT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\SNGLCLK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\SPADES.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\STRTLFT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\STRTLFTP.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\STRTMID.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\STRTMIDP.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\STRTRHT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\STRTRHTP.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\TTIP_LFT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\TTIP_MID.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\TTIP_RHT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\TTIPLNP.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\WELCOME.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\IMAGES\ACE.GIF OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE10.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE10.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE10.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE10.HTM=>(JAVASCRIPT 12) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE11.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE11.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE11.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE2.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE2.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE2.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE3.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE3.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE3.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE4.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE4.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE4.HTM=>(JAVASCRIPT 8) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE5.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE5.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE5.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE6.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE6.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE6.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE6.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE7.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE7.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE7.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE8.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE8.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE8.HTM=>(JAVASCRIPT 10) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE9.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE9.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE9.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\MOUSE\MOUSE.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPOPT.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPOPT.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPOPT.HTM=>(IFRAME) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPOPT.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPSGNUP.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPSGNUP.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPSGNUP.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ISPSGNUP.HTM=>(JAVASCRIPT 10) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\MSN.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\SPEEDY2.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\SPEEDY2.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\SPEEDY3.HTM OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\SPEEDY3.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\SPEEDY3.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\HTML\ISPSGNUP\ACME.HTM OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGLEFTDO.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGLEFTUP.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGPHONE1.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGRIGHTD.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BLACK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BLUEPIX.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CFGANI.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CLICK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CLICKL.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CLICKR.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\COA.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CON_ANI.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CON_OFF.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CONFETTI.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CONGRATS.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DEFAULT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DEFAULTL.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DEFAULTR.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DIAL_ANI.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DIAL_OFF.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DIALING.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DIALTONE.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DISABLDL.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DISABLDR.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DISABLED.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\FLAG.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\FLAGANI.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\GRADIENT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\HOVER.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\HOVERL.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\HOVERR.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTCLK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTCLKW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTDEF.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTDEFW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTDSLD.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTDSLDW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTHVR.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LFTHVRW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\MSNIALOG.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\MSNIAOLD.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\MSNLOGO.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\MSNWTRMK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\NEG_ANI.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\NEG_OFF.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\OEMLOGO.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\OFFTBAMX.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\OFFTBDSC.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\OFFTBJCB.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\OFFTBMC.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\OFFTBVSA.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\ONTBAMX.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\ONTBDSC.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\ONTBJCB.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\ONTBMC.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\ONTBVSA.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\PASSPORT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\REGISTER.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTCLK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTCLKW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTDEF.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTDEFW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTDSLD.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTDSLDW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTHVR.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\RHTHVRW.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\TABAMEX.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\TABDISCO.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\TABMC.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\TABVISA.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\WATERMRK.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\WM_KEY.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\WM_PC.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\WM_PENCL.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\WM_PHONE.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\WM_PPORT.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\YLLWBAR.GIF OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGAMEX.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGCC.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGDISCOV.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGJCB.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGMC.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BGVISA.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CNNCTERR.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\CONNECT.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DIALTONE.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\DRPSHDW.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\ERROR.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\EULA.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\HNDSHAKE.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\INSTALLD.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\LOGO.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\MSN.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\PID.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\PK.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\REG.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\START.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\STATBACK.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\STATBAR.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\TAPI.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\TOOBUSY.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\WATERMRK.JPG OK
C:\WINDOWS\SYSTEM\OOBE\IMAGES\BALL_ANI.GIF OK
C:\WINDOWS\SYSTEM\OOBE\MSOBSHEL.HTM OK
C:\WINDOWS\SYSTEM\OOBE\MSOBSHEL.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\MSOBSHEL.HTM=>(IFRAME) OK
C:\WINDOWS\SYSTEM\OOBE\MSOBSHEL.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\DIALTONE.HTM OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\DIALTONE.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\DIALTONE.HTM=>(JAVASCRIPT 6) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\ERROR.HTM OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\ERROR.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\ERROR.HTM=>(JAVASCRIPT 3) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\ERROR.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\HNDSHAKE.HTM OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\HNDSHAKE.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\HNDSHAKE.HTM=>(JAVASCRIPT 2) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\HNDSHAKE.HTM=>(JAVASCRIPT 4) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\HNDSHAKE.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\HNDSHAKE.HTM=>(JAVASCRIPT 7) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\HNDSHAKE.HTM=>(JAVASCRIPT 8) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\INSERROR.HTM OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\INSERROR.HTM=>(JAVASCRIPT 1) OK
C:\WINDOWS\SYSTEM\OOBE\ERROR\INSERROR.HTM=>(JAVASCRIPT 5) OK
C:\WINDOWS&#

Edited by DS88, 08 October 2005 - 01:00 PM.

  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Good! It looks like Bit Defender took care of a few things for you.

I'm curious about these lines. They are very unusual to see in your log.

O4 - Startup: Forget Me Not.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\Accessories\MSPAINT.EXE


Do you know why the Paint program is set up to automatically start with Windows?
  • 0

#10
DS88

DS88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
First, thank you thank you thank you for all the help.

Second, I believe it's because of the Create a card program I've got that will pop up reminders for important dates, ie birthdays, anniversary etc etc.
  • 0

Advertisements


#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
As long as you are familiar with those programs. I've just never seen paint running on startup before, so I wanted to ask about it.

How are things working for you now? Any problems?
  • 0

#12
DS88

DS88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
System is running a lot smoother, the number of pop-ups have been reduced significantly if not all together. I'll post another HJT for your inspection, and if you think it looks good, I'll make sure to keep updating the bitdefender.

I would donate to paypal, but at the moment I'm broke, but I will do is if anyone I know complains about spyware I'll send them over and I'm sure they will donate..

Logfile of HijackThis v1.99.1
Scan saved at 2:12:39 PM, on 10/8/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 95\DMHKEY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\PROGRAM FILES\POP UP STOPPER AND AD KILLER\PUSAK.EXE" -minimized
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NORTON AUTO-PROTECT] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender8\bdinit.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Norton Program Scheduler.LNK = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 95\DMHKEY.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\Accessories\MSPAINT.EXE
O4 - Global Startup: zonealarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
It looks clean to me! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :)
  • 0

#14
DS88

DS88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Update, I'm starting to get more pop ups again. Should I run BD again?
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Yes, and also post a new hijackthis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP