Jump to content


Photo

Hijacked Browser


  • This topic is locked This topic is locked
18 replies to this topic

#1 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 25 June 2004 - 06:05 PM

I have a Dell laptop here at work that I have spent way to much time on....trying to kill the evil bastage Browser Hijack. Here is the log from HijackThis.....

Logfile of HijackThis v1.97.7
Scan saved at 4:40:34 PM, on 25/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E055E8C6-869A-4F4C-98C2-EB7F96803831} - C:\WINDOWS\System32\hagafa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man...000/java/cr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-112133087179} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/...inst/f12802.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142...s/mgaxctrl6.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {859CC95E-3E3E-11D4-935D-00A0C99D82DF} (MapLegend Class) - http://139.142.31.91...TLMapLegend.CAB
O16 - DPF: {A0D79E5E-8826-11D4-BF7F-0090273EADC0} (IndeXMap Class) - http://139.142.31.91.../WayToIndex.CAB
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

I have downloaded find&fix and CWShredder. I have scanned for virii and have both Ad-Aware and Spybot-Search and Destroy installed on the system. The user did install the "Spykiller app...ugh...since the last time I attempted to clean the system out. Any help would be greatly appreciated.

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 26 June 2004 - 02:04 PM

Please download "FINDnFIX.exe". Run the "!LOG!.bat" file and post the results into this message for further review.

#3 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 01:49 PM

Ok ..here is the log.txt.....

Microsoft Windows XP [Version 5.1.2600]
The type of the file system is NTFS.
C: is not dirty.

28/06/2004
12:14am up 0 days, 4:01
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗***Attention!***╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

╗╗Locked or 'Suspect' file(s) found...


C:\WINDOWS\System32\KBDIJ.DLL +++ File read error
\\?\C:\WINDOWS\System32\KBDIJ.DLL +++ File read error
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
╗╗╗Special 'locked' files scan in 'System32'........
**File C:\FINDnFIX\LIST.TXT
KBDIJ.DLL Can't Open!

****Filtering files in System32... (-h -s -r...) ***
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

C:\WINDOWS\SYSTEM32\
kbdij.dll Sun Jun 20 2004 11:00:54p A...R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K

No matches found.

Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\KBDIJ.DLL
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

╗╗Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

╗╗Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM


╗╗Member of...: (Admin logon required!)
User is a member of group ENGLAPTOP1\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.

╗╗Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators
Allow 0000001B -co- 10000000 ---A ---- ---- BUILTIN\Administrators
Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM
Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM
Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John
Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER
Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users
Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users
Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users
Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

Owner: ENGLAPTOP1\John

Primary Group: ENGLAPTOP1\None



╗╗╗╗╗╗Backups created...╗╗╗╗╗╗
12:15am up 0 days, 4:02
28/06/2004

A C:\FINDnFIX\winBack.hiv
--a-- - - - - - 0 06-28-2004 winback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 287 06-28-2004 winkey.reg

╗╗Performing 16bit string scan....

---------- WIN.TXT
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Turbo C++ - Copyright 1990 Borland Intl.
Null pointer assignment
Divide error
Abnormal program termination
*.DLL
SNIF.LOG
SNIF.CTL
Oops! Memory allocation failed... Contact the author please!
0123456789ABCDEF
%02d:%02d:%02d
%02d/%02d/%02d
Power SNiF %s - The Ultimate File Snifferdog. Created %s, %s.
Mar 16 1992
21:09:15
Syntax: SNiF
-/+options
mask , ...
Default options:
-a : no attribute criteria -b : no logfile comments
-c : don't ask for confirmations +d : display file(s) found
+e : enable escape key -f : snif continuously
-g : no file-contents sniffing -i : don't use a control file
-k : no user-formatted log output -l : don't make a logfile
-m : no advanced exceptions -n : no filemask exceptions
+o : criteria are logically OR'ed +r : snif recursively
-s : don't show sniffing statistics -t : no time criteria
-u : no date criteria +w : snif whole current drive
-x : don't execute trailing commands -z : no filesize criteria
-? : quick help on these options
Copyright 1991-1992, written by Carl Declerck. This program is Freeware.
Quick help on options available:
+aHSRA, -a : set attribute criterion (hidden, system, read-only, archive)
+bSTRING, -b : include comment STRING in logfile
+c, +c1, -c : ask for confirmation when executing commands
+d, -d : display files sniffed on screen
+e, -e : enable escape key whilst sniffing
+f, +f1, -f : skip to next directory/filemask when file found
+gSTRING, -g : search for STRING sequence in files (!STRING=case-sensitive)
+iFNAME, -i : use file FNAME as control file
+kSTRING, -k : use STRING as a format-string for log output
+lFNAME, -l : use file FNAME as logfile
+m, +m1-2, -m : build/activate advanced exceptions
+nMASK, -n : make an exception of filemask MASK
+o, -o : perform a logical OR/AND on following criteria
+r, -r : snif recursively in directory tree
+s, -s : show/reset sniffing statistics
+tTIME, -t : set time criterion (Thh:mm:ss or Tmmmmm)
+uDATE, -u : set date criterion (Ddd/mm/yy, Dmm-dd-yy or Ddddd)
+wXY, -w : set sniffing drive range (
=current drive)
+xSTRING, -x : execute command STRING when file found
+zSbbbbbb, -z : set filesize criterion in bytes
noinfo
SNiF %s statistics
Matching files : %5ld Amount in bytes : %ld
Directories searched : %5ld Commands executed : %ld
Masks sniffed for: %s
File: %s
Command:
Execute the above command?
%s %s%s
Sniffed ->
%5s %7ld %s %s %s
%-38s %s
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
%s %s %02d %02d:%02d:%02d %4d
!!!!!
Ff1f1
COMSPEC
COMPAQ
(null)
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
Sniffed -> C:
WINDOWS
SYSTEM32
KBDIJ.DLL
COMSPEC=C:
WINDOWS
SYSTEM32
COMMAND.COM
ALLUSERSPROFILE=C:
DOCUME
ALLUSE
APPDATA=C:
DOCUME
ADMINI
APPLIC
COMMONPROGRAMFILES=C:
PROGRA
COMMON
COMPUTERNAME=ENGLAPTOP1
EPSERVTCP=
SERVER
HOMEDRIVE=C:
HOMEPATH=
Documents and Settings
Administrator
LOGONSERVER=
ENGLAPTOP1
NUMBER
PROCESSORS=1
OS=Windows
PATH=C:
WINDOWS
system32;C:
WINDOWS;C:
WINDOWS
System32
Wbem;C:
PROGRA
ATITEC
ATICON
PROGRA
COMMON
AUTODE
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR
ARCHITECTURE=x86
PROCESSOR
IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR
LEVEL=15
PROCESSOR
REVISION=0207
PROGRAMFILES=C:
PROGRA
PROMPT=$P$G
SESSIONNAME=Console
SYSTEMDRIVE=C:
SYSTEMROOT=C:
WINDOWS
TEMP=C:
WINDOWS
TMP=C:
WINDOWS
USERDOMAIN=ENGLAPTOP1
USERNAME=Administrator
USERPROFILE=C:
DOCUME
ADMINI
BLASTER=A220 I5 D1 P330 T3
exitclean
restorezero
abort
DGROUP
MMODEL
goodbye
memory
hexval
hatoi
strfcpy
since
since
string
stringx
clean
string
clean
string
listx
clean
clean
clean
string
stringx
cross
check
build
exceptlist
filelist
unhide
filelist
ftmstr
fdtstr
fatstr
intro
options
charcat
strsubst
memfind
memifind
grepfind
readarg
check
quotes
split
filename
access
atexit
close
fcloseall
CPUTN
cprintf
gmtime
localtime
asctime
ctime
mktime
strftime
DOSENV
fclose
fflush
flushall
fopen
freopen
fdopen
fprintf
fread
fseek
ftell
getdate
gettime
getswitchar
setswitchar
gettext
puttext
movetext
printf
fputc
fputc
fputchar
FPUTN
putch
SCREENIO
VALIDATEXY
SCROLL
setupio
setvbuf
sprintf
vsprintf
stime
stpcpy
strtok
system
dostounix
unixtodos
MKNAME
tmpnam
tolower
toupper
wherexy
wherex
wherey
write
xfclose
xfflush
chdir
getdisk
setdisk
chmod
close
VideoInt
c0crtinit
crtinit
findfirst
findnext
fgetc
fgetc
Nfgetc
fgetchar
getch
getche
Ngetche
Nungetch
ungetch
getenv
ioctl
IOERROR
isatty
kbhit
lseek
LONGTOA
ultoa
memcpy
setmem
memset
movmem
memmove
setdate
settime
setjmp
longjmp
strcat
strcpy
stricmp
strlen
strncpy
tzset
ISDST
unlink
VPRINTER
write
LUDIV
LUDIV
LUDIV
LUMOD
LUMOD
LUMOD
SCOPY
SCOPY
SCOPY
malloc
realloc
LXMUL
REALCVT
spawn
DATASEG
Int0Vector
Int4Vector
Int5Vector
Int6Vector
C0argc
C0argv
C0environ
envLng
envseg
envSize
osmajor
version
osminor
errno
StartTime
heapbase
brklvl
heapbase
brklvl
heaptop
logfile
ctlfile
exlist
exdir
exalist
szlist
dtlist
tmlist
options
globfnd
confirm
except
logic
logic
stats
masks
sniflog
snifctl
atexitcnt
ctype
exitbuf
exitfopen
exitopen
streams
openfd
fmode
notUmask
heaplen
stklen
wscroll
video
directvideo
doserrno
dosErrorToSV
monthDay
tzname
timezone
daylight
first
rover
environ
ScanTodVector
RealCvtVector
loginfo
logform
start
stats
finfo
atexittbl
tmpnum
setargv
turboCrt
setenvp
AHSHIFT
AHINCR
C0.ASM
SNIF.C
ACCESS
ATEXIT
CLOSE
CLOSEALL
CPRINTF
CTIME
CTYPE
DOSENV
FCLOSE
FFLUSH
FILES
FILES2
FLUSHALL
FMODE
FOPEN
FPRINTF
FREAD
FSEEK
GETDATE
GETSWIT
GPTEXT
HEAPLEN
MOVETEXT
PRINTF
PUTCH
SCREEN
SCROLL
SETUPIO
SETVBUF
SPRINTF
STIME
STKLEN
STPCPY
STRTOK
SYSTEM
TIMECVT
TMPNAM
TOLOWER
TOUPPER
WHEREXY
WRITE
WSCROLL
XFCLOSE
XFFLUSH
CHDIR
CHMODA
CLOSEA
CRTINIT
FINDFIRS
GETCH
GETENV
IOCTL
IOERROR
ISATTY
KBHIT
LSEEK
MEMCPY
MEMSET
MOVMEM
OPENA
READA
SETDATE
SETJMP
STRCAT
STRCPY
STRICMP
STRLEN
STRNCPY
TZSET
UNLINK
VPRINTER
WRITEA
SCOPY
NEARHEAP
LXMUL
REALCVT
SETARGV
SETENVP
SPAWN
CPUTN
SCRE"IO
KNAME
>ERN>
LONGTOA
,b,SD
VPRIN
XMULVe
MToSd.cT
hDB*"
Diyzx
R$Cvt
urboC
AHSHIR0F
ACCES
PAW*Z
ows 95 / Windows NT Exe
ICWPHBK.DLL MS Windows 95 / Windows NT Exe
IDQ.DLL MS Windows 95 / Windows NT Exe
IEAKENG.DLL MS Windows 95 / Windows NT Exe
IEAKSIE.DLL MS Wi Windows NT Exe
MSVIDC32.DLL MS Windows 95 / Windows NT Exe
MSVIDCTL.DLL MS Windows 95 / Windows NT Ex
EO.DLL MS Windows: "Microsoft Video For Windows APIs"
MSW3PRT.DLL MS Windows 95 / Windows NT Exe
MSWDAT10.DLL MS Windows 95 / Windows NT Exe
MSWEBDVD.DLL MS Windows 95 / Windows NT Exe
MSWMDM.DLL MS Windows 95 / Windows NT Exe
MSWSOCK.DLL MS Windows 95 / Windows NT Exe
MSWSTR10.DLL MS Windows 95 / Windows NT Exe
MSXBDE40.DLL MS Windows 95 / Windows NT Exe
MSXBSE35.DLL MS Windows 95 / Windows NT Exe
MSXML.DLL MS Windows 95 / Windows NT Exe
MSXML2.DLL MS Windows 95 / Windows NT Exe
MSXML2R.DLL MS Windows 95 / Windows NT Exe
MSXML3.DLL MS Windows 95 / Windows NT Exe
MSXML3A.DLL MS Windows 95 / Windows NT Exe
MSXML3R.DLL MS Windows 95 / Windows NT Exe
MSXMLR.DLL MS Windows 95 / Windows NT Exe
MSYUV.DLL MS Windows 95 / Windows NT Exe
MTXCLU.DLL MS Windows 95 / Windows NT Exe
MTXDM.DLL MS Windows 95 / Windows NT Exe
MTXEX.DLL MS Windows 95 / Windows NT Exe
MTXLEGIH.DLL MS Windows 95 / Windows NT Exe
MTXOCI.DLL MS Windows 95 / Windows NT Exe
MYCOMPUT.DLL MS Windows 95 / Windows NT Exe
MYDOCS.DLL MS Windows 95 / Windows NT Exe
NARRHOOK.DLL MS Windows 95 / Windows NT Exe
NCOBJAPI.DLL MS Windows 95 / Windows NT Exe
NCXPNT.DLL MS Windows 95 / Windows NT Exe
NDDEAPI.DLL MS Windows 95 / Windows NT Exe
NDDENB32.DLL MS Windows 95 / Windows NT Exe
NETAPI.DLL MS Windows: "Microsoft LAN Manager API Library, Copyright© M..."
NETAPI32.DLL MS Windows 95 / Windows NT Exe
NETCFGX.DLL MS Windows 95 / Windows NT Exe
NETEVENT.DLL MS Windows 95 / Windows NT Exe
NETFXP
1.DLL MS Windows 95 / Windows NT Exe
NETH.DLL MS Windows 95 / Windows NT Exe
NETID.DLL MS Windows 95 / Windows NT Exe
NETLOGON.DLL MS Windows 95 / Windows NT Exe
NETMAN.DLL MS Windows 95 / Windows NT Exe
NETMSG.DLL MS Windows 95 / Windows NT Exe
NETPLWIZ.DLL MS Windows 95 / Windows NT Exe
NETRAP.DLL MS Windows 95 / Windows NT Exe
NETSHELL.DLL MS Windows 95 / Windows NT Exe
NETUI0.DLL MS Windows 95 / Windows NT Exe
NETUI1.DLL MS Windows 95 / Windows NT Exe
NETUI2.DLL MS Windows 95 / Windows NT Exe
NEWDEV.DLL MS Windows 95 / Windows NT Exe
NLHTML.DLL MS Windows 95 / Windows NT Exe
NMEVTMSG.DLL MS Windows 95 / Windows NT Exe
NMMKCERT.DLL MS Windows 95 / Windows NT Exe
NPPTOOLS.DLL MS Windows 95 / Windows NT Exe
NTDLL.DLL MS Windows 95 / Windows NT Exe
NTDSAPI.DLL MS Windows 95 / Windows NT Exe
NTDSBCLI.DLL MS Windows 95 / Windows NT Exe
NTLANMAN.DLL MS Windows 95 / Windows NT Exe
NTLANUI.DLL MS Windows 95 / Windows NT Exe
NTLANUI2.DLL MS Windows 95 / Windows NT Exe
NTLSAPI.DLL MS Windows 95 / Windows NT Exe
NTMARTA.DLL MS Windows 95 / Windows NT Exe
NTMSAPI.DLL MS Windows 95 / Windows NT Exe
NTMSDBA.DLL MS Windows 95 / Windows NT Exe
NTMSEVT.DLL MS Windows 95 / Windows NT Exe
NTMSMGR.DLL MS Windows 95 / Windows NT Exe
NTMSSVC.DLL MS Windows 95 / Windows NT Exe
NTPRINT.DLL MS Windows 95 / Windows NT Exe
NTSDEXTS.DLL MS Windows 95 / Windows NT Exe
NTSHRUI.DLL MS Windows 95 / Windows NT Exe
NTVDMD.DLL MS Windows 95 / Windows NT Exe
DISP.DLL MS Windows 95 / Windows NT Exe
NWAPI16.DLL MS Windows 95 / Windows NT Exe
NWAPI32.DLL MS Windows 95 / Windows NT Exe
NWCFG.DLL MS Windows 95 / Windows NT Exe
NWEVENT.DLL MS Windows 95 / Windows NT Exe
NWPROVAU.DLL MS Windows 95 / Windows NT Exe
NWWKS.DLL MS Windows 95 / Windows NT Exe
OAKLEY.DLL MS Windows 95 / Windows NT Exe
OBJSEL.DLL MS Windows 95 / Windows NT Exe
OCCACHE.DLL MS Windows 95 / Windows NT Exe
OCMANAGE.DLL MS Windows 95 / Windows NT Exe
ODBC16GT.DLL MS Windows: "ODBC Generic Thunk API library (16-bit), Copyrigh..."
ODBC32.DLL MS Windows 95 / Windows NT Exe
ODBC32GT.DLL MS Windows 95 / Windows NT Exe
ODBCBCP.DLL MS Windows 95 / Windows NT Exe
ODBCCONF.DLL MS Windows 95 / Windows NT Exe
ODBCCP32.DLL MS Windows 95 / Windows NT Exe
ODBCCR32.DLL MS Windows 95 / Windows NT Exe
ODBCCU32.DLL MS Windows 95 / Windows NT Exe
ODBCINT.DLL MS Windows 95 / Windows NT Exe
ODBCJI32.DLL MS Windows 95 / Windows NT Exe
ODBCJT32.DLL MS Windows 95 / Windows NT Exe
ODBCP32R.DLL MS Windows 95 / Windows NT Exe
ODBCTRAC.DLL MS Windows 95 / Windows NT Exe
ODDBSE32.DLL MS Windows 95 / Windows NT Exe
ODEXL32.DLL MS Windows 95 / Windows NT Exe
ODFOX32.DLL MS Windows 95 / Windows NT Exe
ODPDX32.DLL MS Windows 95 / Windows NT Exe
ODTEXT32.DLL MS Windows 95 / Windows NT Exe
OEMDSPIF.DLL MS Windows 95 / Windows NT Exe
OFFFILT.DLL MS Windows 95 / Windows NT Exe
OLE2.DLL MS Windows: "obj
ole2.exe"
OLE2DISP.DLL MS Windows: "OLE Automation Library"
OLE2NLS.DLL MS Windows: "National Language Support Library"
OLE32.DLL MS Windows 95 / Windows NT Exe
OLEACC.DLL MS Windows 95 / Windows NT Exe
OLEACCRC.DLL MS Windows 95 / Windows NT Exe
OLEAUT32.DLL MS Windows 95 / Windows NT Exe
OLECLI.DLL MS Windows: "OLE Client. support © Copyright Microsoft Corp...."
OLECLI32.DLL MS Windows 95 / Windows NT Exe
OLECNV32.DLL MS Windows 95 / Windows NT Exe
OLEDLG.DLL MS Windows 95 / Windows NT Exe
OLEPRN.DLL MS Windows 95 / Windows NT Exe
OLEPRO32.DLL MS Windows 95 / Windows NT Exe
OLESVR.DLL MS Windows: "OLE Server. © Copyright Microsoft Corp. 1990 - ..."
OLESVR32.DLL MS Windows 95 / Windows NT Exe
OLETHK32.DLL MS Windows 95 / Windows NT Exe
OPENGL32.DLL MS Windows 95 / Windows NT Exe
OSUNINST.DLL MS Windows 95 / Windows NT Exe
PANMAP.DLL MS Windows 95 / Windows NT Exe
PAQSP.DLL MS Windows 95 / Windows NT Exe
PAUTOENR.DLL MS Windows 95 / Windows NT Exe
PCDLIB32.DLL MS Windows 95 / Windows NT Exe
PDH.DLL MS Windows 95 / Windows NT Exe
PERFCTRS.DLL MS Windows 95 / Windows NT Exe
PERFDISK.DLL MS Windows 95 / Windows NT Exe
PERFNET.DLL MS Windows 95 / Windows NT Exe
PERFNW.DLL MS Windows 95 / Windows NT Exe
PERFOS.DLL MS Windows 95 / Windows NT Exe
PERFPROC.DLL MS Windows 95 / Windows NT Exe
PERFTS.DLL MS Windows 95 / Windows NT Exe
PHOTOWIZ.DLL MS Windows 95 / Windows NT Exe
PID.DLL MS Windows 95 / Windows NT Exe
PIDGEN.DLL MS Windows 95 / Windows NT Exe
PIFMGR.DLL MS Windows 95 / Windows NT Exe
PJLMON.DLL MS Windows 95 / Windows NT Exe
PLUSTAB.DLL MS Windows 95 / Windows NT Exe
PMSPL.DLL MS Windows: "Microsoft LAN Manager Spooler APIs, Copyright© ..."
PNCRT.DLL MS Windows 95 / Windows NT Exe
PNDX5016.DLL MS Windows: "Extract Device Node status."
PNDX5032.DLL MS Windows 95 / Windows NT Exe
PNGFILT.DLL MS Windows 95 / Windows NT Exe
POLSTORE.DLL MS Windows 95 / Windows NT Exe
POWRPROF.DLL MS Windows 95 / Windows NT Exe
PRFLBMSG.DLL MS Windows 95 / Windows NT Exe
PRINTUI.DLL MS Windows 95 / Windows NT Exe
PROFMAP.DLL MS Windows 95 / Windows NT Exe
PSAPI.DLL MS Windows 95 / Windows NT Exe
PSBASE.DLL MS Windows 95 / Windows NT Exe
PSCHDPRF.DLL MS Windows 95 / Windows NT Exe
PSISDECD.DLL MS Windows 95 / Windows NT Exe
PSNPPAGN.DLL MS Windows 95 / Windows NT Exe
PSTOREC.DLL MS Windows 95 / Windows NT Exe
PSTORSVC.DLL MS Windows 95 / Windows NT Exe
PUBDLG.DLL MS Windows 95 / Windows NT Exe
QASF.DLL MS Windows 95 / Windows NT Exe
QCAP.DLL MS Windows 95 / Windows NT Exe
QDV.DLL MS Windows 95 / Windows NT Exe
QDVD.DLL MS Windows 95 / Windows NT Exe
QEDIT.DLL MS Windows 95 / Windows NT Exe
QEDWIPES.DLL MS Windows 95 / Windows NT Exe
QMGR.DLL MS Windows 95 / Windows NT Exe
QMGRPRXY.DLL MS Windows 95 / Windows NT Exe
QOSNAME.DLL MS Windows 95 / Windows NT Exe
QUARTZ.DLL MS Windows 95 / Windows NT Exe
QUERY.DLL MS Windows 95 / Windows NT Exe
RACPLDLG.DLL MS Windows 95 / Windows NT Exe
RASADHLP.DLL MS Windows 95 / Windows NT Exe
RASAPI32.DLL MS Windows 95 / Windows NT Exe
RASAUTO.DLL MS Windows 95 / Windows NT Exe
RASCHAP.DLL MS Windows 95 / Windows NT Exe
RASCTRS.DLL MS Windows 95 / Windows NT Exe
RASDLG.DLL MS Windows 95 / Windows NT Exe
RASMAN.DLL MS Windows 95 / Windows NT Exe
RASMANS.DLL MS Windows 95 / Windows NT Exe
RASMONTR.DLL MS Windows 95 / Windows NT Exe
RASMXS.DLL MS Windows 95 / Windows NT Exe
RASPPP.DLL MS Windows 95 / Windows NT Exe
RASRAD.DLL MS Windows 95 / Windows NT Exe
RASSAPI.DLL MS Windows 95 / Windows NT Exe
RASSER.DLL MS Windows 95 / Windows NT Exe
RASTAPI.DLL MS Windows 95 / Windows NT Exe
RASTLS.DLL MS Windows 95 / Windows NT Exe
RCBDYCTL.DLL MS Windows 95 / Windows NT Exe
RDCHOST.DLL MS Windows 95 / Windows NT Exe
RDOCURS.DLL MS Windows 95 / Windows NT Exe
RDPCFGEX.DLL MS Windows 95 / Windows NT Exe
RDPDD.DLL MS Windows 95 / Windows NT Exe
RDPSND.DLL MS Windows 95 / Windows NT Exe
RDPWSX.DLL MS Windows 95 / Windows NT Exe
REGACAD.DLL MS Windows 95 / Windows NT Exe
REGAPI.DLL MS Windows 95 / Windows NT Exe
REGSVC.DLL MS Windows 95 / Windows NT Exe
REGWIZC.DLL MS Windows 95 / Windows NT Exe
REMOTEPG.DLL MS Windows 95 / Windows NT Exe
REND.DLL MS Windows 95 / Windows NT Exe
RESUTILS.DLL MS Windows 95 / Windows NT Exe
RICHED20.DLL MS Windows 95 / Windows NT Exe
RICHED32.DLL MS Windows 95 / Windows NT Exe
RMOC3260.DLL MS Windows 95 / Windows NT Exe
RNR20.DLL MS Windows 95 / Windows NT Exe
ROBOEX32.DLL MS Windows 95 / Windows NT Exe
ROUTETAB.DLL MS Windows 95 / Windows NT Exe
RPCNS4.DLL MS Windows 95 / Windows NT Exe
RPCRT4.DLL MS Windows 95 / Windows NT Exe
RPCSS.DLL MS Windows 95 / Windows NT Exe
RSAENH.DLL MS Windows 95 / Windows NT Exe
RSFSAPS.DLL MS Windows 95 / Windows NT Exe
RSHX32.DLL MS Windows 95 / Windows NT Exe
RSMPS.DLL MS Windows 95 / Windows NT Exe
RSVPMSG.DLL MS Windows 95 / Windows NT Exe
RSVPPERF.DLL MS Windows 95 / Windows NT Exe
RSVPSP.DLL MS Windows 95 / Windows NT Exe
RTCDLL.DLL MS Windows 95 / Windows NT Exe
RTIPXMIB.DLL MS Windows 95 / Windows NT Exe
RTM.DLL MS Windows 95 / Windows NT Exe
RTUTILS.DLL MS Windows 95 / Windows NT Exe
S32EVNT1.DLL MS Windows 95 / Windows NT Exe
S32STAT.DLL MS Windows 95 / Windows NT Exe
SAFRCDLG.DLL MS Windows 95 / Windows NT Exe
SAFRDM.DLL MS Windows 95 / Windows NT Exe
SAFRSLV.DLL MS Windows 95 / Windows NT Exe
SAMLIB.DLL MS Windows 95 / Windows NT Exe
SAMSRV.DLL MS Windows 95 / Windows NT Exe
SBE.DLL MS Windows 95 / Windows NT Exe
SBEIO.DLL MS Windows 95 / Windows NT Exe
SCARDDLG.DLL MS Windows 95 / Windows NT Exe
SCARDSSP.DLL MS Windows 95 / Windows NT Exe
SCCBASE.DLL MS Windows 95 / Windows NT Exe
SCCSCCP.DLL MS Windows 95 / Windows NT Exe
SCECLI.DLL MS Windows 95 / Windows NT Exe
SCESRV.DLL MS Windows 95 / Windows NT Exe
SCHANNEL.DLL MS Windows 95 / Windows NT Exe
SCHEDSVC.DLL MS Windows 95 / Windows NT Exe
SCLGNTFY.DLL MS Windows 95 / Windows NT Exe
SCP32.DLL MS Windows 95 / Windows NT Exe
SCREDIR.DLL MS Windows 95 / Windows NT Exe
SCRIPTO.DLL MS Windows 95 / Windows NT Exe
SCRIPTPW.DLL MS Windows 95 / Windows NT Exe
SCROBJ.DLL MS Windows 95 / Windows NT Exe
SCRRUN.DLL MS Windows 95 / Windows NT Exe
SDPBLB.DLL MS Windows 95 / Windows NT Exe
SECLOGON.DLL MS Windows 95 / Windows NT Exe
SECUR32.DLL MS Windows 95 / Windows NT Exe
SECURITY.DLL MS Windows 95 / Windows NT Exe
SENDCMSG.DLL MS Windows 95 / Windows NT Exe
SENDMAIL.DLL MS Windows 95 / Windows NT Exe
SENS.DLL MS Windows 95 / Windows NT Exe
SENSAPI.DLL MS Windows 95 / Windows NT Exe
SENSCFG.DLL MS Windows 95 / Windows NT Exe
SERIALUI.DLL MS Windows 95 / Windows NT Exe
SERVDEPS.DLL MS Windows 95 / Windows NT Exe
SERWVDRV.DLL MS Windows 95 / Windows NT Exe
SETUPAPI.DLL MS Windows 95 / Windows NT Exe
SETUPDD.DLL MS Windows 95 / Windows NT Exe
SETUPDLL.DLL MS Windows 95 / Windows NT Exe
SFC.DLL MS Windows 95 / Windows NT Exe
SFCFILES.DLL MS Windows 95 / Windows NT Exe
OS.DLL MS Windows 95 / Windows NT Exe
SFMAPI.DLL MS Windows 95 / Windows NT Exe
SHDOCLC.DLL MS Windows 95 / Windows NT Exe
SHDOCVW.DLL MS Windows 95 / Windows NT Exe
SHELL.DLL MS Windows: "WOW REPLACEMENT SHELL"
SHELL32.DLL MS Windows 95 / Windows NT Exe
SHELLS
1.DLL MS Windows 95 / Windows NT Exe
SHFOLDER.DLL MS Windows 95 / Windows NT Exe
SHGINA.DLL MS Windows 95 / Windows NT Exe
SHIMENG.DLL MS Windows 95 / Windows NT Exe
SHIMGVW.DLL MS Windows 95 / Windows NT Exe
SHLWAPI.DLL MS Windows 95 / Windows NT Exe
SHMEDIA.DLL MS Windows 95 / Windows NT Exe
SHSCRAP.DLL MS Windows 95 / Windows NT Exe
SHSVCS.DLL MS Windows 95 / Windows NT Exe
SIGTAB.DLL MS Windows 95 / Windows NT Exe
SISBKUP.DLL MS Windows 95 / Windows NT Exe
SKDLL.DLL MS Windows 95 / Windows NT Exe
SLAYERXP.DLL MS Windows 95 / Windows NT Exe
SLBCSP.DLL MS Windows 95 / Windows NT Exe
SLBIOP.DLL MS Windows 95 / Windows NT Exe
SLBRCCSP.DLL MS Windows 95 / Windows NT Exe
SMLOGCFG.DLL MS Windows 95 / Windows NT Exe
SNMPAPI.DLL MS Windows 95 / Windows NT Exe
SNMPSNAP.DLL MS Windows 95 / Windows NT Exe
SOFTPUB.DLL MS Windows 95 / Windows NT Exe
SPMSG.DLL MS Windows 95 / Windows NT Exe
SPNIKE.DLL MS Windows 95 / Windows NT Exe
SPOOLSS.DLL MS Windows 95 / Windows NT Exe
SPRIO600.DLL MS Windows 95 / Windows NT Exe
SPRIO800.DLL MS Windows 95 / Windows NT Exe
SPXCOINS.DLL MS Windows 95 / Windows NT Exe
SQLSRV32.DLL MS Windows 95 / Windows NT Exe
SQLUNIRL.DLL MS Windows 95 / Windows NT Exe
SQLWID.DLL MS Windows 95 / Windows NT Exe
SQLWOA.DLL MS Windows 95 / Windows NT Exe
SRCLIENT.DLL MS Windows 95 / Windows NT Exe
SRRSTR.DLL MS Windows 95 / Windows NT Exe
SRSVC.DLL MS Windows 95 / Windows NT Exe
SRVSVC.DLL MS Windows 95 / Windows NT Exe
SSDPAPI.DLL MS Windows 95 / Windows NT Exe
SSDPSRV.DLL MS Windows 95 / Windows NT Exe
STCLIENT.DLL MS Windows 95 / Windows NT Exe
STI.DLL MS Windows 95 / Windows NT Exe
CI.DLL MS Windows 95 / Windows NT Exe
STOBJECT.DLL MS Windows 95 / Windows NT Exe
STORAGE.DLL MS Windows: "obj
storage.exe"
STORPROP.DLL MS Windows 95 / Windows NT Exe
STREAMCI.DLL MS Windows 95 / Windows NT Exe
STRMDLL.DLL MS Windows 95 / Windows NT Exe
SVCPACK.DLL MS Windows 95 / Windows NT Exe
SWPRV.DLL MS Windows 95 / Windows NT Exe
SXS.DLL MS Windows 95 / Windows NT Exe
SYMEVNT1.DLL MS Windows: "SYMEvnt, Copyright 1993-1994, Symantec Corporation"
SYNCENG.DLL MS Windows 95 / Windows NT Exe
SYNCUI.DLL MS Windows 95 / Windows NT Exe
SYNTPAPI.DLL MS Windows 95 / Windows NT Exe
SYNTPCOI.DLL MS Windows 95 / Windows NT Exe
SYNTPFCS.DLL MS Windows 95 / Windows NT Exe
SYSINV.DLL MS Windows 95 / Windows NT Exe
SYSSETUP.DLL MS Windows 95 / Windows NT Exe
T2EMBED.DLL MS Windows 95 / Windows NT Exe
TAPI.DLL MS Windows: "obj
tapi.exe"
TAPI3.DLL MS Windows 95 / Windows NT Exe
TAPI32.DLL MS Windows 95 / Windows NT Exe
TAPIPERF.DLL MS Windows 95 / Windows NT Exe
TAPISRV.DLL MS Windows 95 / Windows NT Exe
TAPIUI.DLL MS Windows 95 / Windows NT Exe
TCPMIB.DLL MS Windows 95 / Windows NT Exe
TCPMON.DLL MS Windows 95 / Windows NT Exe
TCPMONUI.DLL MS Windows 95 / Windows NT Exe
TERMMGR.DLL MS Windows 95 / Windows NT Exe
TERMSRV.DLL MS Windows 95 / Windows NT Exe
THEMEUI.DLL MS Windows 95 / Windows NT Exe
TLNTSVRP.DLL MS Windows 95 / Windows NT Exe
TOOLHELP.DLL MS Windows: "TOOLHELP for WOW - Debug/Tool Helper library"
TRAFFIC.DLL MS Windows 95 / Windows NT Exe
TRKWKS.DLL MS Windows 95 / Windows NT Exe
TSAPPCMP.DLL MS Windows 95 / Windows NT Exe
TSBYUV.DLL MS Windows 95 / Windows NT Exe
TSCFGWMI.DLL MS Windows 95 / Windows NT Exe
TSD32.DLL MS Windows 95 / Windows NT Exe
TSDDD.DLL MS Windows 95 / Windows NT Exe
TXFLOG.DLL MS Windows 95 / Windows NT Exe
TYPELIB.DLL MS Windows: "OLE Automation Type Information Interfaces"
UDHISAPI.DLL MS Windows 95 / Windows NT Exe
UFAT.DLL MS Windows 95 / Windows NT Exe
ULIB.DLL MS Windows 95 / Windows NT Exe
UMANDLG.DLL MS Windows 95 / Windows NT Exe
UMDMXFRM.DLL MS Windows 95 / Windows NT Exe
UMPNPMGR.DLL MS Windows 95 / Windows NT Exe
UNIMDMAT.DLL MS Windows 95 / Windows NT Exe
UNIPLAT.DLL MS Windows 95 / Windows NT Exe
UNTFS.DLL MS Windows 95 / Windows NT Exe
UPNP.DLL MS Windows 95 / Windows NT Exe
UPNPHOST.DLL MS Windows 95 / Windows NT Exe
UPNPUI.DLL MS Windows 95 / Windows NT Exe
UREG.DLL MS Windows 95 / Windows NT Exe
URL.DLL MS Windows 95 / Windows NT Exe
URLMON.DLL MS Windows 95 / Windows NT Exe
USBMON.DLL MS Windows 95 / Windows NT Exe
USBUI.DLL MS Windows 95 / Windows NT Exe
USER32.DLL MS Windows 95 / Windows NT Exe
USERENV.DLL MS Windows 95 / Windows NT Exe
USP10.DLL MS Windows 95 / Windows NT Exe
USRCNTRA.DLL MS Windows 95 / Windows NT Exe
USRCOINA.DLL MS Windows 95 / Windows NT Exe
USRDPA.DLL MS Windows 95 / Windows NT Exe
USRDTEA.DLL MS Windows 95 / Windows NT Exe
USRFAXA.DLL MS Windows 95 / Windows NT Exe
USRLBVA.DLL MS Windows 95 / Windows NT Exe
USRRTOSA.DLL MS Windows 95 / Windows NT Exe
USRSDPIA.DLL MS Windows 95 / Windows NT Exe
USRSVPIA.DLL MS Windows 95 / Windows NT Exe
USRV42A.DLL MS Windows 95 / Windows NT Exe
USRV80A.DLL MS Windows 95 / Windows NT Exe
USRVOICA.DLL MS Windows 95 / Windows NT Exe
USRVPA.DLL MS Windows 95 / Windows NT Exe
UTILDLL.DLL MS Windows 95 / Windows NT Exe
UXTHEME.DLL MS Windows 95 / Windows NT Exe
VBAJET32.DLL MS Windows 95 / Windows NT Exe
VBAME.DLL MS Windows 95 / Windows NT Exe
VBAR332.DLL MS Windows 95 / Windows NT Exe
VBSCRIPT.DLL MS Windows 95 / Windows NT Exe
VCDEX.DLL MS Windows 95 / Windows NT Exe
VDMDBG.DLL MS Windows 95 / Windows NT Exe
VDMREDIR.DLL MS Windows 95 / Windows NT Exe
VER.DLL MS Windows: "VER - A Version stamping library"
VERIFIER.DLL MS Windows 95 / Windows NT Exe
VERSION.DLL MS Windows 95 / Windows NT Exe
VFPODBC.DLL MS Windows 95 / Windows NT Exe
VGA.DLL MS Windows 95 / Windows NT Exe
VGA256.DLL MS Windows 95 / Windows NT Exe
VGA64K.DLL MS Windows 95 / Windows NT Exe
VJOY.DLL MS Windows 95 / Windows NT Exe
VMHELPER.DLL MS Windows 95 / Windows NT Exe
VSSAPI.DLL MS Windows 95 / Windows NT Exe
PS.DLL MS Windows 95 / Windows NT Exe
VWIPXSPX.DLL MS Windows 95 / Windows NT Exe
W32TIME.DLL MS Windows 95 / Windows NT Exe
W32TOPL.DLL MS Windows 95 / Windows NT Exe
WAVEMSP.DLL MS Windows 95 / Windows NT Exe
WDIGEST.DLL MS Windows 95 / Windows NT Exe
WEBCHECK.DLL MS Windows 95 / Windows NT Exe
WEBCLNT.DLL MS Windows 95 / Windows NT Exe
WEBHITS.DLL MS Windows 95 / Windows NT Exe
WEBVW.DLL MS Windows 95 / Windows NT Exe
WIADEFUI.DLL MS Windows 95 / Windows NT Exe
WIADSS.DLL MS Windows 95 / Windows NT Exe
WIASCR.DLL MS Windows 95 / Windows NT Exe
WIASERVC.DLL MS Windows 95 / Windows NT Exe
WIASHEXT.DLL MS Windows 95 / Windows NT Exe
WIAVIDEO.DLL MS Windows 95 / Windows NT Exe
WIAVUSD.DLL MS Windows 95 / Windows NT Exe
WIFEMAN.DLL MS Windows: "WOW REPLACEMENT Font Driver Manager For WIFE"
WIN32SPL.DLL MS Windows 95 / Windows NT Exe
WIN87EM.DLL MS Windows: "Microsoft Windows 3.1 Coprocessor/Emulator Librar..."
WINBRAND.DLL MS Windows 95 / Windows NT Exe
WINFAX.DLL MS Windows 95 / Windows NT Exe
WINHTTP.DLL MS Windows 95 / Windows NT Exe
WININET.DLL MS Windows 95 / Windows NT Exe
WINIPSEC.DLL MS Windows 95 / Windows NT Exe
WINMM.DLL MS Windows 95 / Windows NT Exe
WINNLS.DLL MS Windows: "WOW REPLACEMENT WINNLS"
WINNTBBU.DLL MS Windows 95 / Windows NT Exe
WINRNR.DLL MS Windows 95 / Windows NT Exe
WINSCARD.DLL MS Windows 95 / Windows NT Exe
WINSOCK.DLL MS Windows: "BSD Socket API for Windows"
WINSRV.DLL MS Windows 95 / Windows NT Exe
WINSTA.DLL MS Windows 95 / Windows NT Exe
WINSTRM.DLL MS Windows 95 / Windows NT Exe
WINTRUST.DLL MS Windows 95 / Windows NT Exe
WKSSVC.DLL MS Windows 95 / Windows NT Exe
WLDAP32.DLL MS Windows 95 / Windows NT Exe
WLNOTIFY.DLL MS Windows 95 / Windows NT Exe
WMADMOD.DLL MS Windows 95 / Windows NT Exe
WMADMOE.DLL MS Windows 95 / Windows NT Exe
WMASF.DLL MS Windows 95 / Windows NT Exe
WMAUDSDK.DLL MS Windows 95 / Windows NT Exe
WMDMLOG.DLL MS Windows 95 / Windows NT Exe
WMDMPS.DLL MS Windows 95 / Windows NT Exe
WMERRENU.DLL MS Windows 95 / Windows NT Exe
WMERROR.DLL MS Windows 95 / Windows NT Exe
WMI.DLL MS Windows 95 / Windows NT Exe
WMIDX.DLL MS Windows 95 / Windows NT Exe
WMIPROP.DLL MS Windows 95 / Windows NT Exe
WMISCMGR.DLL MS Windows 95 / Windows NT Exe
WMNETMGR.DLL MS Windows 95 / Windows NT Exe
WMP.DLL MS Windows 95 / Windows NT Exe
WMPASF.DLL MS Windows 95 / Windows NT Exe
WMPCD.DLL MS Windows 95 / Windows NT Exe
WMPCORE.DLL MS Windows 95 / Windows NT Exe
WMPDXM.DLL MS Windows 95 / Windows NT Exe
WMPLOC.DLL MS Windows 95 / Windows NT Exe
WMPSHELL.DLL MS Windows 95 / Windows NT Exe
WMPUI.DLL MS Windows 95 / Windows NT Exe
WMSDMOD.DLL MS Windows 95 / Windows NT Exe
WMSDMOE.DLL MS Windows 95 / Windows NT Exe
WMSDMOE2.DLL MS Windows 95 / Windows NT Exe
WMSPDMOD.DLL MS Windows 95 / Windows NT Exe
WMSPDMOE.DLL MS Windows 95 / Windows NT Exe
WMSTREAM.DLL MS Windows 95 / Windows NT Exe
WMV8DMOD.DLL MS Windows 95 / Windows NT Exe
WMV9VCM.DLL MS Windows 95 / Windows NT Exe
WMVCORE.DLL MS Windows 95 / Windows NT Exe
WMVCORE2.DLL MS Windows 95 / Windows NT Exe
WMVDMOD.DLL MS Windows 95 / Windows NT Exe
WMVDMOE.DLL MS Windows 95 / Windows NT Exe
WMVDMOE2.DLL MS Windows 95 / Windows NT Exe
WOW32.DLL MS Windows 95 / Windows NT Exe
WOWFAX.DLL MS Windows 95 / Windows NT Exe
WOWFAXUI.DLL MS Windows 95 / Windows NT Exe
WS2HELP.DLL MS Windows 95 / Windows NT Exe
32.DLL MS Windows 95 / Windows NT Exe
WSECEDIT.DLL MS Windows 95 / Windows NT Exe
WSHATM.DLL MS Windows 95 / Windows NT Exe
WSHCON.DLL MS Windows 95 / Windows NT Exe
WSHEXT.DLL MS Windows 95 / Windows NT Exe
WSHIP6.DLL MS Windows 95 / Windows NT Exe
WSHISN.DLL MS Windows 95 / Windows NT Exe
WSHNETBS.DLL MS Windows 95 / Windows NT Exe
WSHRM.DLL MS Windows 95 / Windows NT Exe
WSHTCPIP.DLL MS Windows 95 / Windows NT Exe
WSNMP32.DLL MS Windows 95 / Windows NT Exe
WSOCK32.DLL MS Windows 95 / Windows NT Exe
WSTDECOD.DLL MS Windows 95 / Windows NT Exe
WTSAPI32.DLL MS Windows 95 / Windows NT Exe
WUAUENG.DLL MS Windows 95 / Windows NT Exe
WUAUSERV.DLL MS Windows 95 / Windows NT Exe
WZCDLG.DLL MS Windows 95 / Windows NT Exe
WZCSAPI.DLL MS Windows 95 / Windows NT Exe
WZCSVC.DLL MS Windows 95 / Windows NT Exe
XACTSRV.DLL MS Windows 95 / Windows NT Exe
XENROLL.DLL MS Windows 95 / Windows NT Exe
XOLEHLP.DLL MS Windows 95 / Windows NT Exe
XPSP1RES.DLL MS Windows 95 / Windows NT Exe
XPSP2RES.DLL MS Windows 95 / Windows NT Exe
ZIPFLDR.DLL MS Windows 95 / Windows NT Exe
ZLIB.DLL MS Windows 95 / Windows NT Exe
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
CREATI
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
CREATI
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
WINDOWS
SYSTEM32
SPOOL
DRIVERS
W32X86
HEWLET
WINDOWS
SYSTEM32
SPOOL
DRIVERS
W32X86
HEWLET
WINDO
**File C:\FINDnFIX\WIN.TXT


Thanks in advance.... :D

#4 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 02:51 PM

This will take couple or more steps to fix. Be sure to Follow the next set of steps carefully, in the exact order specified:
  • Open the "FINDnFIX\Keys1" Subfolder!
  • Locate the "MOVEit.bat" file, Right-Click on it and select => "edit". The file will open as empty text file.
  • Copy and paste the entire highlighted line in the following quote box
    (all one line) into that blank 'MOVEit' file:

    move C:\WINDOWS\System32\KBDIJ.DLL c:\junkxxx\KBDIJ.DLL

  • Save the file and close.
  • Get ready to restart your computer.
  • In the same folder, DoubleClick on the "FIX.bat" file.
  • You will be prompted by popup Alert to restart in 15 seconds.
  • Allow it to restart the computer!
  • On restart, Navigate to: C:\FINDnFIX\ main folder:
  • DoubleClick on the "RESTORE.bat" file.
  • It'll run and produce new log. (log1.txt) post it here!


#5 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 03:18 PM

ok did that...hee is the new log file..


28/06/2004
2:10pm up 0 days, 0:01

Microsoft Windows XP [Version 5.1.2600]
The type of the file system is NTFS.
C: is not dirty.

*Locked files...
\\?\C:\WINDOWS\System32\KBDIJ.DLL +++ File read error

╗╗╗Filtering files in System32.......( 'R;H;S') ╗╗╗
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

C:\WINDOWS\SYSTEM32\
kbdij.dll Sun Jun 20 2004 11:00:54p A...R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K

No matches found.
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\KBDIJ.DLL
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

No matches found.
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.



Search text: ŢSTREAMINGDEVICESETUP2Ů «CASE Insensitive Match
No Files to Search

Run Time(sec) 0

move C:\windows\system32\kbdij.dll c:\junkxxx\kbdij.dll


╗╗Permissions:
Directory "C:\junkxxx\."
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators
Allow 0000001B -co- 101F01FF ---A DSPO rw+x BUILTIN\Administrators
Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM
Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM
Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John
Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER
Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users
Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users
Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users
Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

Owner: ENGLAPTOP1\John

Primary Group: ENGLAPTOP1\None

Directory "C:\junkxxx\.."
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000000 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators
Allow 0000000B -co- 10000000 ---A ---- ---- BUILTIN\Administrators
Allow 00000000 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM
Allow 0000000B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM
Allow 0000000B -co- 10000000 ---A ---- ---- \CREATOR OWNER
Allow 00000000 t--- 001200A9 ---- -S-- r--x BUILTIN\Users
Allow 0000000B -co- A0000000 R-X- ---- ---- BUILTIN\Users
Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Users
Allow 0000000A -c-- 00000002 ---- ---- -w-- BUILTIN\Users
Allow 00000000 t--- 001200A9 ---- -S-- r--x \Everyone

Owner: BUILTIN\Administrators

Primary Group: BUILTIN\Administrators


╗╗Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

╗╗Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access ENGLAPTOP1\Administrator
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Full access ENGLAPTOP1\Administrator



---------- WIN.TXT

---------- NEWWIN.TXT
f¨AppInit_DLLsÍ?ŠG└   C
**File C:\FINDnFIX\NEWWIN.TXT
     !  Ç  !      #  └  #  ?          ?       $ ?    ýgď─%▓CF╣čYŚ˘      ýgď─%▓CF╣čYŚ˘   ýgď─%▓CF╣čYŚ đ   vk     └UDeviceNotSelectedTimeout­   1 5 Ç'  ě đ   vk  Ç'   leGDIProcessHandleQuotaq~ ­   9 0 ~ └q~ Ó   vk  Ç   e Spooler ­   y e s Ó   vk  Ç    swapdisk ě  ` ? ╚ đ   vk  P   trTransmissionRetryTimeoutđ   vk  Ç'   S USERProcessHandleQuotab Ó   ě  ` ? ╚ ° H ě   vk < p   f¨AppInit_DLLsÍ?ŠG└   C : \ W I N D O W S \ S y s t e m 3 2 \ k b d i j . d l l P  ś"
**File C:\FINDnFIX\NEWWIN.TXT
00001360: 01 00 00 00 01 00 66 F9 . 5F 44 4C 4C 73 D6 8D E6 ......f¨ _DLLsÍ?Š
**File C:\FINDnFIX\NEWWIN.TXT
     !  Ç  !      #  └  #  ?          ?       $ ?    ýgď─%▓CF╣čYŚ˘      ýgď─%▓CF╣čYŚ˘   ýgď─%▓CF╣čYŚ đ   vk     └UDeviceNotSelectedTimeout­   1 5 Ç'  ě đ   vk  Ç'   leGDIProcessHandleQuotaq~ ­   9 0 ~ └q~ Ó   vk  Ç   e Spooler ­   y e s Ó   vk  Ç    swapdisk ě  ` ? ╚ đ   vk  P   trTransmissionRetryTimeoutđ   vk  Ç'   S USERProcessHandleQuotab Ó   ě  ` ? ╚ ° H ě   vk < p   f¨AppInit_DLLsÍ?ŠG└   C : \ W I N D O W S \ S y s t e m 3 2 \ k b d i j . d l l P  ś"

Thanks again... :D

#6 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 03:30 PM

Please follow the steps again - Be sure to save the moveit.bat files as I am showing no changes and the same file is where it was.

#7 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 03:52 PM

I re ran the procees again and got the same result.


28/06/2004
2:38pm up 0 days, 0:01

Microsoft Windows XP [Version 5.1.2600]
The type of the file system is NTFS.
C: is not dirty.

*Locked files...
\\?\C:\WINDOWS\System32\KBDIJ.DLL +++ File read error

╗╗╗Filtering files in System32.......( 'R;H;S') ╗╗╗
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

C:\WINDOWS\SYSTEM32\
kbdij.dll Sun Jun 20 2004 11:00:54p A...R 57,344 56.00 K

1 item found: 1 file, 0 directories.
Total of file sizes: 57,344 bytes 56.00 K

No matches found.
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:\WINDOWS\SYSTEM32\KBDIJ.DLL
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

No matches found.
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.



Search text: ŢSTREAMINGDEVICESETUP2Ů «CASE Insensitive Match
No Files to Search

Run Time(sec) 0

move C:\WINDOWS\System32\KBDIJ.DLL c:\junkxxx\KBDIJ.DLL


╗╗Permissions:
Directory "C:\junkxxx\."
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators
Allow 0000001B -co- 101F01FF ---A DSPO rw+x BUILTIN\Administrators
Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM
Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM
Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John
Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER
Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users
Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users
Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users
Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

Owner: ENGLAPTOP1\John

Primary Group: ENGLAPTOP1\None

Directory "C:\junkxxx\.."
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000000 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators
Allow 0000000B -co- 10000000 ---A ---- ---- BUILTIN\Administrators
Allow 00000000 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM
Allow 0000000B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM
Allow 0000000B -co- 10000000 ---A ---- ---- \CREATOR OWNER
Allow 00000000 t--- 001200A9 ---- -S-- r--x BUILTIN\Users
Allow 0000000B -co- A0000000 R-X- ---- ---- BUILTIN\Users
Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Users
Allow 0000000A -c-- 00000002 ---- ---- -w-- BUILTIN\Users
Allow 00000000 t--- 001200A9 ---- -S-- r--x \Everyone

Owner: BUILTIN\Administrators

Primary Group: BUILTIN\Administrators


╗╗Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

╗╗Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access ENGLAPTOP1\Administrator
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Full access ENGLAPTOP1\Administrator



---------- WIN.TXT

---------- NEWWIN.TXT
f¨AppInit_DLLsÍ?ŠG└   C
**File C:\FINDnFIX\NEWWIN.TXT
     !  Ç  !      #  └  #  ?          ?       $ ?    ýgď─%▓CF╣čYŚ˘      ýgď─%▓CF╣čYŚ˘   ýgď─%▓CF╣čYŚ T╔Šwđ   vk     └UDeviceNotSelectedTimeout­   1 5 Ç'  ě đ   vk  Ç'   leGDIProcessHandleQuotaq~ ­   9 0 ~ └q~ Ó   vk  Ç   e Spooler ­   y e s Ó   vk  Ç    swapdisk ě  ` ? ╚ đ   vk  P   trTransmissionRetryTimeoutđ   vk  Ç'   S USERProcessHandleQuotab Ó   ě  ` ? ╚ ° H ě   vk < p   f¨AppInit_DLLsÍ?ŠG└   C : \ W I N D O W S \ S y s t e m 3 2 \ k b d i j . d l l P 
**File C:\FINDnFIX\NEWWIN.TXT
00001360: 01 00 00 00 01 00 66 F9 . 5F 44 4C 4C 73 D6 8D E6 ......f¨ _DLLsÍ?Š
**File C:\FINDnFIX\NEWWIN.TXT
     !  Ç  !      #  └ 



I have re run Hijackthis and have enclosed the log for it. I hope this helps.

Logfile of HijackThis v1.97.7
Scan saved at 2:44:53 PM, on 28/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E055E8C6-869A-4F4C-98C2-EB7F96803831} - C:\WINDOWS\System32\hagafa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man...000/java/cr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-112133087179} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/...inst/f12802.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142...s/mgaxctrl6.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {859CC95E-3E3E-11D4-935D-00A0C99D82DF} (MapLegend Class) - http://139.142.31.91...TLMapLegend.CAB
O16 - DPF: {A0D79E5E-8826-11D4-BF7F-0090273EADC0} (IndeXMap Class) - http://139.142.31.91.../WayToIndex.CAB
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

Sorry bout this...I am not sure what is the problem...The user may have looged in and out while I was away from the system.

#8 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 03:58 PM

Can you open the C:\FINDnFIX\Keys1\MOVEit.bat, clcik on "Edit" => "Select All" => "Edit" => "Copy" and paste the contents here. Someothing is not working as it shpuld so I need to check the syntax of your file.

#9 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 04:06 PM

here is the file...
move C:\WINDOWS\System32\KBDIJ.DLL c:\junkxxx\KBDIJ.DLL

#10 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 04:47 PM

Can you click on "Start" => "Run" and type in cmd to bring up a command prompt. Type in the command exactly as it is listed and tell me if you are getting any errors etc? This may be a hidden or locked file?

#11 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 05:11 PM

It says the system cannot find the file specified.

#12 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 08:38 PM

Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders".

Then try the change again. I would like to ascertain if it is a hidden file or a read only file - I am leaning towards hidden...

#13 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 10:17 PM

I have all the settings like that already. The file kbdij.dll does not show up anywhere. I searched for it in the registry and found some entries in there that pertained to it...and I deleted them. I have run Ad-Aware is safe mode...cleaned out all of the files it found...hagafa.dll being one of them. I searched the registry for hagafa.dll but no entries were found. I have emptied the recycle bin and have loggged on to this site. The following is the current Hijackthis log....

Logfile of HijackThis v1.97.7
Scan saved at 9:11:48 PM, on 28/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man...000/java/cr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-112133087179} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/...inst/f12802.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...ector/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142...s/mgaxctrl6.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {859CC95E-3E3E-11D4-935D-00A0C99D82DF} (MapLegend Class) - http://139.142.31.91...TLMapLegend.CAB
O16 - DPF: {A0D79E5E-8826-11D4-BF7F-0090273EADC0} (IndeXMap Class) - http://139.142.31.91.../WayToIndex.CAB
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

and the current find and fix log......

Microsoft Windows XP [Version 5.1.2600]
The type of the file system is NTFS.
C: is not dirty.

28/06/2004
9:14pm up 0 days, 0:23
╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗***Attention!***╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

╗╗Locked or 'Suspect' file(s) found...


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗
╗╗╗Special 'locked' files scan in 'System32'........
**File C:\FINDnFIX\LIST.TXT

****Filtering files in System32... (-h -s -r...) ***
╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

No matches found.

No matches found.

Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗*╗╗╗

╗╗Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

╗╗Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Full access ENGLAPTOP1\Administrator
(ID-IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
QWCEN-DS-- BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM
Full access ENGLAPTOP1\Administrator


╗╗Member of...: (Admin logon required!)
User is a member of group ENGLAPTOP1\None.
User is a member of group \Everyone.
User is a member of group BUILTIN\Administrators.
User is a member of group BUILTIN\Users.
User is a member of group \LOCAL.
User is a member of group NT AUTHORITY\INTERACTIVE.
User is a member of group NT AUTHORITY\Authenticated Users.

╗╗Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators
Allow 0000001B -co- 101F01FF ---A DSPO rw+x BUILTIN\Administrators
Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM
Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM
Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John
Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER
Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users
Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users
Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users
Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

Owner: ENGLAPTOP1\John

Primary Group: ENGLAPTOP1\None



╗╗╗╗╗╗Backups created...╗╗╗╗╗╗
9:15pm up 0 days, 0:23
28/06/2004

A C:\FINDnFIX\winBack.hiv
--a-- - - - - - 0 06-28-2004 winback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 287 06-28-2004 winkey.reg

╗╗Performing 16bit string scan....

---------- WIN.TXT
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

Turbo C++ - Copyright 1990 Borland Intl.
Null pointer assignment
Divide error
Abnormal program termination
*.DLL
SNIF.LOG
SNIF.CTL
Oops! Memory allocation failed... Contact the author please!
0123456789ABCDEF
%02d:%02d:%02d
%02d/%02d/%02d
Power SNiF %s - The Ultimate File Snifferdog. Created %s, %s.
Mar 16 1992
21:09:15
Syntax: SNiF
-/+options
mask , ...
Default options:
-a : no attribute criteria -b : no logfile comments
-c : don't ask for confirmations +d : display file(s) found
+e : enable escape key -f : snif continuously
-g : no file-contents sniffing -i : don't use a control file
-k : no user-formatted log output -l : don't make a logfile
-m : no advanced exceptions -n : no filemask exceptions
+o : criteria are logically OR'ed +r : snif recursively
-s : don't show sniffing statistics -t : no time criteria
-u : no date criteria +w : snif whole current drive
-x : don't execute trailing commands -z : no filesize criteria
-? : quick help on these options
Copyright 1991-1992, written by Carl Declerck. This program is Freeware.
Quick help on options available:
+aHSRA, -a : set attribute criterion (hidden, system, read-only, archive)
+bSTRING, -b : include comment STRING in logfile
+c, +c1, -c : ask for confirmation when executing commands
+d, -d : display files sniffed on screen
+e, -e : enable escape key whilst sniffing
+f, +f1, -f : skip to next directory/filemask when file found
+gSTRING, -g : search for STRING sequence in files (!STRING=case-sensitive)
+iFNAME, -i : use file FNAME as control file
+kSTRING, -k : use STRING as a format-string for log output
+lFNAME, -l : use file FNAME as logfile
+m, +m1-2, -m : build/activate advanced exceptions
+nMASK, -n : make an exception of filemask MASK
+o, -o : perform a logical OR/AND on following criteria
+r, -r : snif recursively in directory tree
+s, -s : show/reset sniffing statistics
+tTIME, -t : set time criterion (Thh:mm:ss or Tmmmmm)
+uDATE, -u : set date criterion (Ddd/mm/yy, Dmm-dd-yy or Ddddd)
+wXY, -w : set sniffing drive range (
=current drive)
+xSTRING, -x : execute command STRING when file found
+zSbbbbbb, -z : set filesize criterion in bytes
noinfo
SNiF %s statistics
Matching files : %5ld Amount in bytes : %ld
Directories searched : %5ld Commands executed : %ld
Masks sniffed for: %s
File: %s
Command:
Execute the above command?
%s %s%s
Sniffed ->
%5s %7ld %s %s %s
%-38s %s
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
%s %s %02d %02d:%02d:%02d %4d
!!!!!
Ff1f1
COMSPEC
COMPAQ
(null)
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.
COMSPEC=C:
WINDOWS
SYSTEM32
COMMAND.COM
ALLUSERSPROFILE=C:
DOCUME
ALLUSE
APPDATA=C:
DOCUME
ADMINI
APPLIC
CLIENTNAME=Console
COMMONPROGRAMFILES=C:
PROGRA
COMMON
COMPUTERNAME=ENGLAPTOP1
EPSERVTCP=
SERVER
HOMEDRIVE=C:
HOMEPATH=
Documents and Settings
Administrator
LOGONSERVER=
ENGLAPTOP1
NUMBER
PROCESSORS=1
OS=Windows
PATH=C:
WINDOWS
system32;C:
WINDOWS;C:
WINDOWS
System32
Wbem;C:
PROGRA
ATITEC
ATICON
PROGRA
COMMON
AUTODE
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR
ARCHITECTURE=x86
PROCESSOR
IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR
LEVEL=15
PROCESSOR
REVISION=0207
PROGRAMFILES=C:
PROGRA
PROMPT=$P$G
SESSIONNAME=Console
SYSTEMDRIVE=C:
SYSTEMROOT=C:
WINDOWS
TEMP=C:
WINDOWS
TMP=C:
WINDOWS
USERDOMAIN=ENGLAPTOP1
USERNAME=Administrator
USERPROFILE=C:
DOCUME
ADMINI
BLASTER=A220 I5 D1 P330 T3
exitclean
restorezero
abort
DGROUP
MMODEL
goodbye
memory
hexval
hatoi
strfcpy
since
since
string
stringx
clean
string
clean
string
listx
clean
clean
clean
string
stringx
cross
check
build
exceptlist
filelist
unhide
filelist
ftmstr
fdtstr
fatstr
intro
options
charcat
strsubst
memfind
memifind
grepfind
readarg
check
quotes
split
filename
access
atexit
close
fcloseall
CPUTN
cprintf
gmtime
localtime
asctime
ctime
mktime
strftime
DOSENV
fclose
fflush
flushall
fopen
freopen
fdopen
fprintf
fread
fseek
ftell
getdate
gettime
getswitchar
setswitchar
gettext
puttext
movetext
printf
fputc
fputc
fputchar
FPUTN
putch
SCREENIO
VALIDATEXY
SCROLL
setupio
setvbuf
sprintf
vsprintf
stime
stpcpy
strtok
system
dostounix
unixtodos
MKNAME
tmpnam
tolower
toupper
wherexy
wherex
wherey
write
xfclose
xfflush
chdir
getdisk
setdisk
chmod
close
VideoInt
c0crtinit
crtinit
findfirst
findnext
fgetc
fgetc
Nfgetc
fgetchar
getch
getche
Ngetche
Nungetch
ungetch
getenv
ioctl
IOERROR
isatty
kbhit
lseek
LONGTOA
ultoa
memcpy
setmem
memset
movmem
memmove
setdate
settime
setjmp
longjmp
strcat
strcpy
stricmp
strlen
strncpy
tzset
ISDST
unlink
VPRINTER
write
LUDIV
LUDIV
LUDIV
LUMOD
LUMOD
LUMOD
SCOPY
SCOPY
SCOPY
malloc
realloc
LXMUL
REALCVT
spawn
DATASEG
Int0Vector
Int4Vector
Int5Vector
Int6Vector
C0argc
C0argv
C0environ
envLng
envseg
envSize
osmajor
version
osminor
errno
StartTime
heapbase
brklvl
heapbase
brklvl
heaptop
logfile
ctlfile
exlist
exdir
exalist
szlist
dtlist
tmlist
options
globfnd
confirm
except
logic
logic
stats
masks
sniflog
snifctl
atexitcnt
ctype
exitbuf
exitfopen
exitopen
streams
openfd
fmode
notUmask
heaplen
stklen
wscroll
video
directvideo
doserrno
dosErrorToSV
monthDay
tzname
timezone
daylight
first
rover
environ
ScanTodVector
RealCvtVector
loginfo
logform
start
stats
finfo
atexittbl
tmpnum
setargv
turboCrt
setenvp
AHSHIFT
AHINCR
C0.ASM
SNIF.C
ACCESS
ATEXIT
CLOSE
CLOSEALL
CPRINTF
CTIME
CTYPE
DOSENV
FCLOSE
FFLUSH
FILES
FILES2
FLUSHALL
FMODE
FOPEN
FPRINTF
FREAD
FSEEK
GETDATE
GETSWIT
GPTEXT
HEAPLEN
MOVETEXT
PRINTF
PUTCH
SCREEN
SCROLL
SETUPIO
SETVBUF
SPRINTF
STIME
STKLEN
STPCPY
STRTOK
SYSTEM
TIMECVT
TMPNAM
TOLOWER
TOUPPER
WHEREXY
WRITE
WSCROLL
XFCLOSE
XFFLUSH
CHDIR
CHMODA
CLOSEA
CRTINIT
FINDFIRS
GETCH
GETENV
IOCTL
IOERROR
ISATTY
KBHIT
LSEEK
MEMCPY
MEMSET
MOVMEM
OPENA
READA
SETDATE
SETJMP
STRCAT
STRCPY
STRICMP
STRLEN
STRNCPY
TZSET
UNLINK
VPRINTER
WRITEA
SCOPY
NEARHEAP
LXMUL
REALCVT
SETARGV
SETENVP
SPAWN
CPUTN
SCRE"IO
KNAME
>ERN>
LONGTOA
,b,SD
VPRIN
XMULVe
MToSd.cT
hDB*"
Diyzx
R$Cvt
urboC
AHSHIR0F
ACCES
PAW*Z
ows 95 / Windows NT Exe
IDQ.DLL MS Windows 95 / Windows NT Exe
IEAKENG.DLL MS Windows 95 / Windows NT Exe
IEAKSIE.DLL MS Windows 95 / Windows NT Exe
IEAKUI.DLL MS WiDLL MS Windows 95 / Windows NT Exe
MSVIDEO.DLL MS Windows: "Microsoft Video For Windows APIs"
MSW3PRT
Windows 95 / Windows NT Exe
MSWDAT10.DLL MS Windows 95 / Windows NT Exe
MSWEBDVD.DLL MS Windows 95 / Windows NT Exe
MSWMDM.DLL MS Windows 95 / Windows NT Exe
MSWSOCK.DLL MS Windows 95 / Windows NT Exe
MSWSTR10.DLL MS Windows 95 / Windows NT Exe
MSXBDE40.DLL MS Windows 95 / Windows NT Exe
MSXBSE35.DLL MS Windows 95 / Windows NT Exe
MSXML.DLL MS Windows 95 / Windows NT Exe
MSXML2.DLL MS Windows 95 / Windows NT Exe
MSXML2R.DLL MS Windows 95 / Windows NT Exe
MSXML3.DLL MS Windows 95 / Windows NT Exe
MSXML3A.DLL MS Windows 95 / Windows NT Exe
MSXML3R.DLL MS Windows 95 / Windows NT Exe
MSXMLR.DLL MS Windows 95 / Windows NT Exe
MSYUV.DLL MS Windows 95 / Windows NT Exe
MTXCLU.DLL MS Windows 95 / Windows NT Exe
MTXDM.DLL MS Windows 95 / Windows NT Exe
MTXEX.DLL MS Windows 95 / Windows NT Exe
MTXLEGIH.DLL MS Windows 95 / Windows NT Exe
MTXOCI.DLL MS Windows 95 / Windows NT Exe
MYCOMPUT.DLL MS Windows 95 / Windows NT Exe
MYDOCS.DLL MS Windows 95 / Windows NT Exe
NARRHOOK.DLL MS Windows 95 / Windows NT Exe
NCOBJAPI.DLL MS Windows 95 / Windows NT Exe
NCXPNT.DLL MS Windows 95 / Windows NT Exe
NDDEAPI.DLL MS Windows 95 / Windows NT Exe
NDDENB32.DLL MS Windows 95 / Windows NT Exe
NETAPI.DLL MS Windows: "Microsoft LAN Manager API Library, Copyright© M..."
NETAPI32.DLL MS Windows 95 / Windows NT Exe
NETCFGX.DLL MS Windows 95 / Windows NT Exe
NETEVENT.DLL MS Windows 95 / Windows NT Exe
NETFXP
1.DLL MS Windows 95 / Windows NT Exe
NETH.DLL MS Windows 95 / Windows NT Exe
NETID.DLL MS Windows 95 / Windows NT Exe
NETLOGON.DLL MS Windows 95 / Windows NT Exe
NETMAN.DLL MS Windows 95 / Windows NT Exe
NETMSG.DLL MS Windows 95 / Windows NT Exe
NETPLWIZ.DLL MS Windows 95 / Windows NT Exe
NETRAP.DLL MS Windows 95 / Windows NT Exe
NETSHELL.DLL MS Windows 95 / Windows NT Exe
NETUI0.DLL MS Windows 95 / Windows NT Exe
NETUI1.DLL MS Windows 95 / Windows NT Exe
NETUI2.DLL MS Windows 95 / Windows NT Exe
NEWDEV.DLL MS Windows 95 / Windows NT Exe
NLHTML.DLL MS Windows 95 / Windows NT Exe
NMEVTMSG.DLL MS Windows 95 / Windows NT Exe
NMMKCERT.DLL MS Windows 95 / Windows NT Exe
NPPTOOLS.DLL MS Windows 95 / Windows NT Exe
NTDLL.DLL MS Windows 95 / Windows NT Exe
NTDSAPI.DLL MS Windows 95 / Windows NT Exe
NTDSBCLI.DLL MS Windows 95 / Windows NT Exe
NTLANMAN.DLL MS Windows 95 / Windows NT Exe
NTLANUI.DLL MS Windows 95 / Windows NT Exe
NTLANUI2.DLL MS Windows 95 / Windows NT Exe
NTLSAPI.DLL MS Windows 95 / Windows NT Exe
NTMARTA.DLL MS Windows 95 / Windows NT Exe
NTMSAPI.DLL MS Windows 95 / Windows NT Exe
NTMSDBA.DLL MS Windows 95 / Windows NT Exe
NTMSEVT.DLL MS Windows 95 / Windows NT Exe
NTMSMGR.DLL MS Windows 95 / Windows NT Exe
NTMSSVC.DLL MS Windows 95 / Windows NT Exe
NTPRINT.DLL MS Windows 95 / Windows NT Exe
NTSDEXTS.DLL MS Windows 95 / Windows NT Exe
NTSHRUI.DLL MS Windows 95 / Windows NT Exe
NTVDMD.DLL MS Windows 95 / Windows NT Exe
DISP.DLL MS Windows 95 / Windows NT Exe
NWAPI16.DLL MS Windows 95 / Windows NT Exe
NWAPI32.DLL MS Windows 95 / Windows NT Exe
NWCFG.DLL MS Windows 95 / Windows NT Exe
NWEVENT.DLL MS Windows 95 / Windows NT Exe
NWPROVAU.DLL MS Windows 95 / Windows NT Exe
NWWKS.DLL MS Windows 95 / Windows NT Exe
OAKLEY.DLL MS Windows 95 / Windows NT Exe
OBJSEL.DLL MS Windows 95 / Windows NT Exe
OCCACHE.DLL MS Windows 95 / Windows NT Exe
OCMANAGE.DLL MS Windows 95 / Windows NT Exe
ODBC16GT.DLL MS Windows: "ODBC Generic Thunk API library (16-bit), Copyrigh..."
ODBC32.DLL MS Windows 95 / Windows NT Exe
ODBC32GT.DLL MS Windows 95 / Windows NT Exe
ODBCBCP.DLL MS Windows 95 / Windows NT Exe
ODBCCONF.DLL MS Windows 95 / Windows NT Exe
ODBCCP32.DLL MS Windows 95 / Windows NT Exe
ODBCCR32.DLL MS Windows 95 / Windows NT Exe
ODBCCU32.DLL MS Windows 95 / Windows NT Exe
ODBCINT.DLL MS Windows 95 / Windows NT Exe
ODBCJI32.DLL MS Windows 95 / Windows NT Exe
ODBCJT32.DLL MS Windows 95 / Windows NT Exe
ODBCP32R.DLL MS Windows 95 / Windows NT Exe
ODBCTRAC.DLL MS Windows 95 / Windows NT Exe
ODDBSE32.DLL MS Windows 95 / Windows NT Exe
ODEXL32.DLL MS Windows 95 / Windows NT Exe
ODFOX32.DLL MS Windows 95 / Windows NT Exe
ODPDX32.DLL MS Windows 95 / Windows NT Exe
ODTEXT32.DLL MS Windows 95 / Windows NT Exe
OEMDSPIF.DLL MS Windows 95 / Windows NT Exe
OFFFILT.DLL MS Windows 95 / Windows NT Exe
OLE2.DLL MS Windows: "obj
ole2.exe"
OLE2DISP.DLL MS Windows: "OLE Automation Library"
OLE2NLS.DLL MS Windows: "National Language Support Library"
OLE32.DLL MS Windows 95 / Windows NT Exe
OLEACC.DLL MS Windows 95 / Windows NT Exe
OLEACCRC.DLL MS Windows 95 / Windows NT Exe
OLEAUT32.DLL MS Windows 95 / Windows NT Exe
OLECLI.DLL MS Windows: "OLE Client. support © Copyright Microsoft Corp...."
OLECLI32.DLL MS Windows 95 / Windows NT Exe
OLECNV32.DLL MS Windows 95 / Windows NT Exe
OLEDLG.DLL MS Windows 95 / Windows NT Exe
OLEPRN.DLL MS Windows 95 / Windows NT Exe
OLEPRO32.DLL MS Windows 95 / Windows NT Exe
OLESVR.DLL MS Windows: "OLE Server. © Copyright Microsoft Corp. 1990 - ..."
OLESVR32.DLL MS Windows 95 / Windows NT Exe
OLETHK32.DLL MS Windows 95 / Windows NT Exe
OPENGL32.DLL MS Windows 95 / Windows NT Exe
OSUNINST.DLL MS Windows 95 / Windows NT Exe
PANMAP.DLL MS Windows 95 / Windows NT Exe
PAQSP.DLL MS Windows 95 / Windows NT Exe
PAUTOENR.DLL MS Windows 95 / Windows NT Exe
PCDLIB32.DLL MS Windows 95 / Windows NT Exe
PDH.DLL MS Windows 95 / Windows NT Exe
PERFCTRS.DLL MS Windows 95 / Windows NT Exe
PERFDISK.DLL MS Windows 95 / Windows NT Exe
PERFNET.DLL MS Windows 95 / Windows NT Exe
PERFNW.DLL MS Windows 95 / Windows NT Exe
PERFOS.DLL MS Windows 95 / Windows NT Exe
PERFPROC.DLL MS Windows 95 / Windows NT Exe
PERFTS.DLL MS Windows 95 / Windows NT Exe
PHOTOWIZ.DLL MS Windows 95 / Windows NT Exe
PID.DLL MS Windows 95 / Windows NT Exe
PIDGEN.DLL MS Windows 95 / Windows NT Exe
PIFMGR.DLL MS Windows 95 / Windows NT Exe
PJLMON.DLL MS Windows 95 / Windows NT Exe
PLUSTAB.DLL MS Windows 95 / Windows NT Exe
PMSPL.DLL MS Windows: "Microsoft LAN Manager Spooler APIs, Copyright© ..."
PNCRT.DLL MS Windows 95 / Windows NT Exe
PNDX5016.DLL MS Windows: "Extract Device Node status."
PNDX5032.DLL MS Windows 95 / Windows NT Exe
PNGFILT.DLL MS Windows 95 / Windows NT Exe
POLSTORE.DLL MS Windows 95 / Windows NT Exe
POWRPROF.DLL MS Windows 95 / Windows NT Exe
PRFLBMSG.DLL MS Windows 95 / Windows NT Exe
PRINTUI.DLL MS Windows 95 / Windows NT Exe
PROFMAP.DLL MS Windows 95 / Windows NT Exe
PSAPI.DLL MS Windows 95 / Windows NT Exe
PSBASE.DLL MS Windows 95 / Windows NT Exe
PSCHDPRF.DLL MS Windows 95 / Windows NT Exe
PSISDECD.DLL MS Windows 95 / Windows NT Exe
PSNPPAGN.DLL MS Windows 95 / Windows NT Exe
PSTOREC.DLL MS Windows 95 / Windows NT Exe
PSTORSVC.DLL MS Windows 95 / Windows NT Exe
PUBDLG.DLL MS Windows 95 / Windows NT Exe
QASF.DLL MS Windows 95 / Windows NT Exe
QCAP.DLL MS Windows 95 / Windows NT Exe
QDV.DLL MS Windows 95 / Windows NT Exe
QDVD.DLL MS Windows 95 / Windows NT Exe
QEDIT.DLL MS Windows 95 / Windows NT Exe
QEDWIPES.DLL MS Windows 95 / Windows NT Exe
QMGR.DLL MS Windows 95 / Windows NT Exe
QMGRPRXY.DLL MS Windows 95 / Windows NT Exe
QOSNAME.DLL MS Windows 95 / Windows NT Exe
QUARTZ.DLL MS Windows 95 / Windows NT Exe
QUERY.DLL MS Windows 95 / Windows NT Exe
RACPLDLG.DLL MS Windows 95 / Windows NT Exe
RASADHLP.DLL MS Windows 95 / Windows NT Exe
RASAPI32.DLL MS Windows 95 / Windows NT Exe
RASAUTO.DLL MS Windows 95 / Windows NT Exe
RASCHAP.DLL MS Windows 95 / Windows NT Exe
RASCTRS.DLL MS Windows 95 / Windows NT Exe
RASDLG.DLL MS Windows 95 / Windows NT Exe
RASMAN.DLL MS Windows 95 / Windows NT Exe
RASMANS.DLL MS Windows 95 / Windows NT Exe
RASMONTR.DLL MS Windows 95 / Windows NT Exe
RASMXS.DLL MS Windows 95 / Windows NT Exe
RASPPP.DLL MS Windows 95 / Windows NT Exe
RASRAD.DLL MS Windows 95 / Windows NT Exe
RASSAPI.DLL MS Windows 95 / Windows NT Exe
RASSER.DLL MS Windows 95 / Windows NT Exe
RASTAPI.DLL MS Windows 95 / Windows NT Exe
RASTLS.DLL MS Windows 95 / Windows NT Exe
RCBDYCTL.DLL MS Windows 95 / Windows NT Exe
RDCHOST.DLL MS Windows 95 / Windows NT Exe
RDOCURS.DLL MS Windows 95 / Windows NT Exe
RDPCFGEX.DLL MS Windows 95 / Windows NT Exe
RDPDD.DLL MS Windows 95 / Windows NT Exe
RDPSND.DLL MS Windows 95 / Windows NT Exe
RDPWSX.DLL MS Windows 95 / Windows NT Exe
REGACAD.DLL MS Windows 95 / Windows NT Exe
REGAPI.DLL MS Windows 95 / Windows NT Exe
REGSVC.DLL MS Windows 95 / Windows NT Exe
REGWIZC.DLL MS Windows 95 / Windows NT Exe
REMOTEPG.DLL MS Windows 95 / Windows NT Exe
REND.DLL MS Windows 95 / Windows NT Exe
RESUTILS.DLL MS Windows 95 / Windows NT Exe
RICHED20.DLL MS Windows 95 / Windows NT Exe
RICHED32.DLL MS Windows 95 / Windows NT Exe
RMOC3260.DLL MS Windows 95 / Windows NT Exe
RNR20.DLL MS Windows 95 / Windows NT Exe
ROBOEX32.DLL MS Windows 95 / Windows NT Exe
ROUTETAB.DLL MS Windows 95 / Windows NT Exe
RPCNS4.DLL MS Windows 95 / Windows NT Exe
RPCRT4.DLL MS Windows 95 / Windows NT Exe
RPCSS.DLL MS Windows 95 / Windows NT Exe
RSAENH.DLL MS Windows 95 / Windows NT Exe
RSFSAPS.DLL MS Windows 95 / Windows NT Exe
RSHX32.DLL MS Windows 95 / Windows NT Exe
RSMPS.DLL MS Windows 95 / Windows NT Exe
RSVPMSG.DLL MS Windows 95 / Windows NT Exe
RSVPPERF.DLL MS Windows 95 / Windows NT Exe
RSVPSP.DLL MS Windows 95 / Windows NT Exe
RTCDLL.DLL MS Windows 95 / Windows NT Exe
RTIPXMIB.DLL MS Windows 95 / Windows NT Exe
RTM.DLL MS Windows 95 / Windows NT Exe
RTUTILS.DLL MS Windows 95 / Windows NT Exe
S32EVNT1.DLL MS Windows 95 / Windows NT Exe
S32STAT.DLL MS Windows 95 / Windows NT Exe
SAFRCDLG.DLL MS Windows 95 / Windows NT Exe
SAFRDM.DLL MS Windows 95 / Windows NT Exe
SAFRSLV.DLL MS Windows 95 / Windows NT Exe
SAMLIB.DLL MS Windows 95 / Windows NT Exe
SAMSRV.DLL MS Windows 95 / Windows NT Exe
SBE.DLL MS Windows 95 / Windows NT Exe
SBEIO.DLL MS Windows 95 / Windows NT Exe
SCARDDLG.DLL MS Windows 95 / Windows NT Exe
SCARDSSP.DLL MS Windows 95 / Windows NT Exe
SCCBASE.DLL MS Windows 95 / Windows NT Exe
SCCSCCP.DLL MS Windows 95 / Windows NT Exe
SCECLI.DLL MS Windows 95 / Windows NT Exe
SCESRV.DLL MS Windows 95 / Windows NT Exe
SCHANNEL.DLL MS Windows 95 / Windows NT Exe
SCHEDSVC.DLL MS Windows 95 / Windows NT Exe
SCLGNTFY.DLL MS Windows 95 / Windows NT Exe
SCP32.DLL MS Windows 95 / Windows NT Exe
SCREDIR.DLL MS Windows 95 / Windows NT Exe
SCRIPTO.DLL MS Windows 95 / Windows NT Exe
SCRIPTPW.DLL MS Windows 95 / Windows NT Exe
SCROBJ.DLL MS Windows 95 / Windows NT Exe
SCRRUN.DLL MS Windows 95 / Windows NT Exe
SDPBLB.DLL MS Windows 95 / Windows NT Exe
SECLOGON.DLL MS Windows 95 / Windows NT Exe
SECUR32.DLL MS Windows 95 / Windows NT Exe
SECURITY.DLL MS Windows 95 / Windows NT Exe
SENDCMSG.DLL MS Windows 95 / Windows NT Exe
SENDMAIL.DLL MS Windows 95 / Windows NT Exe
SENS.DLL MS Windows 95 / Windows NT Exe
SENSAPI.DLL MS Windows 95 / Windows NT Exe
SENSCFG.DLL MS Windows 95 / Windows NT Exe
SERIALUI.DLL MS Windows 95 / Windows NT Exe
SERVDEPS.DLL MS Windows 95 / Windows NT Exe
SERWVDRV.DLL MS Windows 95 / Windows NT Exe
SETUPAPI.DLL MS Windows 95 / Windows NT Exe
SETUPDD.DLL MS Windows 95 / Windows NT Exe
SETUPDLL.DLL MS Windows 95 / Windows NT Exe
SFC.DLL MS Windows 95 / Windows NT Exe
SFCFILES.DLL MS Windows 95 / Windows NT Exe
OS.DLL MS Windows 95 / Windows NT Exe
SFMAPI.DLL MS Windows 95 / Windows NT Exe
SHDOCLC.DLL MS Windows 95 / Windows NT Exe
SHDOCVW.DLL MS Windows 95 / Windows NT Exe
SHELL.DLL MS Windows: "WOW REPLACEMENT SHELL"
SHELL32.DLL MS Windows 95 / Windows NT Exe
SHELLS
1.DLL MS Windows 95 / Windows NT Exe
SHFOLDER.DLL MS Windows 95 / Windows NT Exe
SHGINA.DLL MS Windows 95 / Windows NT Exe
SHIMENG.DLL MS Windows 95 / Windows NT Exe
SHIMGVW.DLL MS Windows 95 / Windows NT Exe
SHLWAPI.DLL MS Windows 95 / Windows NT Exe
SHMEDIA.DLL MS Windows 95 / Windows NT Exe
SHSCRAP.DLL MS Windows 95 / Windows NT Exe
SHSVCS.DLL MS Windows 95 / Windows NT Exe
SIGTAB.DLL MS Windows 95 / Windows NT Exe
SISBKUP.DLL MS Windows 95 / Windows NT Exe
SKDLL.DLL MS Windows 95 / Windows NT Exe
SLAYERXP.DLL MS Windows 95 / Windows NT Exe
SLBCSP.DLL MS Windows 95 / Windows NT Exe
SLBIOP.DLL MS Windows 95 / Windows NT Exe
SLBRCCSP.DLL MS Windows 95 / Windows NT Exe
SMLOGCFG.DLL MS Windows 95 / Windows NT Exe
SNMPAPI.DLL MS Windows 95 / Windows NT Exe
SNMPSNAP.DLL MS Windows 95 / Windows NT Exe
SOFTPUB.DLL MS Windows 95 / Windows NT Exe
SPMSG.DLL MS Windows 95 / Windows NT Exe
SPNIKE.DLL MS Windows 95 / Windows NT Exe
SPOOLSS.DLL MS Windows 95 / Windows NT Exe
SPRIO600.DLL MS Windows 95 / Windows NT Exe
SPRIO800.DLL MS Windows 95 / Windows NT Exe
SPXCOINS.DLL MS Windows 95 / Windows NT Exe
SQLSRV32.DLL MS Windows 95 / Windows NT Exe
SQLUNIRL.DLL MS Windows 95 / Windows NT Exe
SQLWID.DLL MS Windows 95 / Windows NT Exe
SQLWOA.DLL MS Windows 95 / Windows NT Exe
SRCLIENT.DLL MS Windows 95 / Windows NT Exe
SRRSTR.DLL MS Windows 95 / Windows NT Exe
SRSVC.DLL MS Windows 95 / Windows NT Exe
SRVSVC.DLL MS Windows 95 / Windows NT Exe
SSDPAPI.DLL MS Windows 95 / Windows NT Exe
SSDPSRV.DLL MS Windows 95 / Windows NT Exe
STCLIENT.DLL MS Windows 95 / Windows NT Exe
STI.DLL MS Windows 95 / Windows NT Exe
CI.DLL MS Windows 95 / Windows NT Exe
STOBJECT.DLL MS Windows 95 / Windows NT Exe
STORAGE.DLL MS Windows: "obj
storage.exe"
STORPROP.DLL MS Windows 95 / Windows NT Exe
STREAMCI.DLL MS Windows 95 / Windows NT Exe
STRMDLL.DLL MS Windows 95 / Windows NT Exe
SVCPACK.DLL MS Windows 95 / Windows NT Exe
SWPRV.DLL MS Windows 95 / Windows NT Exe
SXS.DLL MS Windows 95 / Windows NT Exe
SYMEVNT1.DLL MS Windows: "SYMEvnt, Copyright 1993-1994, Symantec Corporation"
SYNCENG.DLL MS Windows 95 / Windows NT Exe
SYNCUI.DLL MS Windows 95 / Windows NT Exe
SYNTPAPI.DLL MS Windows 95 / Windows NT Exe
SYNTPCOI.DLL MS Windows 95 / Windows NT Exe
SYNTPFCS.DLL MS Windows 95 / Windows NT Exe
SYSINV.DLL MS Windows 95 / Windows NT Exe
SYSSETUP.DLL MS Windows 95 / Windows NT Exe
T2EMBED.DLL MS Windows 95 / Windows NT Exe
TAPI.DLL MS Windows: "obj
tapi.exe"
TAPI3.DLL MS Windows 95 / Windows NT Exe
TAPI32.DLL MS Windows 95 / Windows NT Exe
TAPIPERF.DLL MS Windows 95 / Windows NT Exe
TAPISRV.DLL MS Windows 95 / Windows NT Exe
TAPIUI.DLL MS Windows 95 / Windows NT Exe
TCPMIB.DLL MS Windows 95 / Windows NT Exe
TCPMON.DLL MS Windows 95 / Windows NT Exe
TCPMONUI.DLL MS Windows 95 / Windows NT Exe
TERMMGR.DLL MS Windows 95 / Windows NT Exe
TERMSRV.DLL MS Windows 95 / Windows NT Exe
THEMEUI.DLL MS Windows 95 / Windows NT Exe
TLNTSVRP.DLL MS Windows 95 / Windows NT Exe
TOOLHELP.DLL MS Windows: "TOOLHELP for WOW - Debug/Tool Helper library"
TRAFFIC.DLL MS Windows 95 / Windows NT Exe
TRKWKS.DLL MS Windows 95 / Windows NT Exe
TSAPPCMP.DLL MS Windows 95 / Windows NT Exe
TSBYUV.DLL MS Windows 95 / Windows NT Exe
TSCFGWMI.DLL MS Windows 95 / Windows NT Exe
TSD32.DLL MS Windows 95 / Windows NT Exe
TSDDD.DLL MS Windows 95 / Windows NT Exe
TXFLOG.DLL MS Windows 95 / Windows NT Exe
TYPELIB.DLL MS Windows: "OLE Automation Type Information Interfaces"
UDHISAPI.DLL MS Windows 95 / Windows NT Exe
UFAT.DLL MS Windows 95 / Windows NT Exe
ULIB.DLL MS Windows 95 / Windows NT Exe
UMANDLG.DLL MS Windows 95 / Windows NT Exe
UMDMXFRM.DLL MS Windows 95 / Windows NT Exe
UMPNPMGR.DLL MS Windows 95 / Windows NT Exe
UNIMDMAT.DLL MS Windows 95 / Windows NT Exe
UNIPLAT.DLL MS Windows 95 / Windows NT Exe
UNTFS.DLL MS Windows 95 / Windows NT Exe
UPNP.DLL MS Windows 95 / Windows NT Exe
UPNPHOST.DLL MS Windows 95 / Windows NT Exe
UPNPUI.DLL MS Windows 95 / Windows NT Exe
UREG.DLL MS Windows 95 / Windows NT Exe
URL.DLL MS Windows 95 / Windows NT Exe
URLMON.DLL MS Windows 95 / Windows NT Exe
USBMON.DLL MS Windows 95 / Windows NT Exe
USBUI.DLL MS Windows 95 / Windows NT Exe
USER32.DLL MS Windows 95 / Windows NT Exe
USERENV.DLL MS Windows 95 / Windows NT Exe
USP10.DLL MS Windows 95 / Windows NT Exe
USRCNTRA.DLL MS Windows 95 / Windows NT Exe
USRCOINA.DLL MS Windows 95 / Windows NT Exe
USRDPA.DLL MS Windows 95 / Windows NT Exe
USRDTEA.DLL MS Windows 95 / Windows NT Exe
USRFAXA.DLL MS Windows 95 / Windows NT Exe
USRLBVA.DLL MS Windows 95 / Windows NT Exe
USRRTOSA.DLL MS Windows 95 / Windows NT Exe
USRSDPIA.DLL MS Windows 95 / Windows NT Exe
USRSVPIA.DLL MS Windows 95 / Windows NT Exe
USRV42A.DLL MS Windows 95 / Windows NT Exe
USRV80A.DLL MS Windows 95 / Windows NT Exe
USRVOICA.DLL MS Windows 95 / Windows NT Exe
USRVPA.DLL MS Windows 95 / Windows NT Exe
UTILDLL.DLL MS Windows 95 / Windows NT Exe
UXTHEME.DLL MS Windows 95 / Windows NT Exe
VBAJET32.DLL MS Windows 95 / Windows NT Exe
VBAME.DLL MS Windows 95 / Windows NT Exe
VBAR332.DLL MS Windows 95 / Windows NT Exe
VBSCRIPT.DLL MS Windows 95 / Windows NT Exe
VCDEX.DLL MS Windows 95 / Windows NT Exe
VDMDBG.DLL MS Windows 95 / Windows NT Exe
VDMREDIR.DLL MS Windows 95 / Windows NT Exe
VER.DLL MS Windows: "VER - A Version stamping library"
VERIFIER.DLL MS Windows 95 / Windows NT Exe
VERSION.DLL MS Windows 95 / Windows NT Exe
VFPODBC.DLL MS Windows 95 / Windows NT Exe
VGA.DLL MS Windows 95 / Windows NT Exe
VGA256.DLL MS Windows 95 / Windows NT Exe
VGA64K.DLL MS Windows 95 / Windows NT Exe
VJOY.DLL MS Windows 95 / Windows NT Exe
VMHELPER.DLL MS Windows 95 / Windows NT Exe
VSSAPI.DLL MS Windows 95 / Windows NT Exe
PS.DLL MS Windows 95 / Windows NT Exe
VWIPXSPX.DLL MS Windows 95 / Windows NT Exe
W32TIME.DLL MS Windows 95 / Windows NT Exe
W32TOPL.DLL MS Windows 95 / Windows NT Exe
WAVEMSP.DLL MS Windows 95 / Windows NT Exe
WDIGEST.DLL MS Windows 95 / Windows NT Exe
WEBCHECK.DLL MS Windows 95 / Windows NT Exe
WEBCLNT.DLL MS Windows 95 / Windows NT Exe
WEBHITS.DLL MS Windows 95 / Windows NT Exe
WEBVW.DLL MS Windows 95 / Windows NT Exe
WIADEFUI.DLL MS Windows 95 / Windows NT Exe
WIADSS.DLL MS Windows 95 / Windows NT Exe
WIASCR.DLL MS Windows 95 / Windows NT Exe
WIASERVC.DLL MS Windows 95 / Windows NT Exe
WIASHEXT.DLL MS Windows 95 / Windows NT Exe
WIAVIDEO.DLL MS Windows 95 / Windows NT Exe
WIAVUSD.DLL MS Windows 95 / Windows NT Exe
WIFEMAN.DLL MS Windows: "WOW REPLACEMENT Font Driver Manager For WIFE"
WIN32SPL.DLL MS Windows 95 / Windows NT Exe
WIN87EM.DLL MS Windows: "Microsoft Windows 3.1 Coprocessor/Emulator Librar..."
WINBRAND.DLL MS Windows 95 / Windows NT Exe
WINFAX.DLL MS Windows 95 / Windows NT Exe
WINHTTP.DLL MS Windows 95 / Windows NT Exe
WININET.DLL MS Windows 95 / Windows NT Exe
WINIPSEC.DLL MS Windows 95 / Windows NT Exe
WINMM.DLL MS Windows 95 / Windows NT Exe
WINNLS.DLL MS Windows: "WOW REPLACEMENT WINNLS"
WINNTBBU.DLL MS Windows 95 / Windows NT Exe
WINRNR.DLL MS Windows 95 / Windows NT Exe
WINSCARD.DLL MS Windows 95 / Windows NT Exe
WINSOCK.DLL MS Windows: "BSD Socket API for Windows"
WINSRV.DLL MS Windows 95 / Windows NT Exe
WINSTA.DLL MS Windows 95 / Windows NT Exe
WINSTRM.DLL MS Windows 95 / Windows NT Exe
WINTRUST.DLL MS Windows 95 / Windows NT Exe
WKSSVC.DLL MS Windows 95 / Windows NT Exe
WLDAP32.DLL MS Windows 95 / Windows NT Exe
WLNOTIFY.DLL MS Windows 95 / Windows NT Exe
WMADMOD.DLL MS Windows 95 / Windows NT Exe
WMADMOE.DLL MS Windows 95 / Windows NT Exe
WMASF.DLL MS Windows 95 / Windows NT Exe
WMAUDSDK.DLL MS Windows 95 / Windows NT Exe
WMDMLOG.DLL MS Windows 95 / Windows NT Exe
WMDMPS.DLL MS Windows 95 / Windows NT Exe
WMERRENU.DLL MS Windows 95 / Windows NT Exe
WMERROR.DLL MS Windows 95 / Windows NT Exe
WMI.DLL MS Windows 95 / Windows NT Exe
WMIDX.DLL MS Windows 95 / Windows NT Exe
WMIPROP.DLL MS Windows 95 / Windows NT Exe
WMISCMGR.DLL MS Windows 95 / Windows NT Exe
WMNETMGR.DLL MS Windows 95 / Windows NT Exe
WMP.DLL MS Windows 95 / Windows NT Exe
WMPASF.DLL MS Windows 95 / Windows NT Exe
WMPCD.DLL MS Windows 95 / Windows NT Exe
WMPCORE.DLL MS Windows 95 / Windows NT Exe
WMPDXM.DLL MS Windows 95 / Windows NT Exe
WMPLOC.DLL MS Windows 95 / Windows NT Exe
WMPSHELL.DLL MS Windows 95 / Windows NT Exe
WMPUI.DLL MS Windows 95 / Windows NT Exe
WMSDMOD.DLL MS Windows 95 / Windows NT Exe
WMSDMOE.DLL MS Windows 95 / Windows NT Exe
WMSDMOE2.DLL MS Windows 95 / Windows NT Exe
WMSPDMOD.DLL MS Windows 95 / Windows NT Exe
WMSPDMOE.DLL MS Windows 95 / Windows NT Exe
WMSTREAM.DLL MS Windows 95 / Windows NT Exe
WMV8DMOD.DLL MS Windows 95 / Windows NT Exe
WMV9VCM.DLL MS Windows 95 / Windows NT Exe
WMVCORE.DLL MS Windows 95 / Windows NT Exe
WMVCORE2.DLL MS Windows 95 / Windows NT Exe
WMVDMOD.DLL MS Windows 95 / Windows NT Exe
WMVDMOE.DLL MS Windows 95 / Windows NT Exe
WMVDMOE2.DLL MS Windows 95 / Windows NT Exe
WOW32.DLL MS Windows 95 / Windows NT Exe
WOWFAX.DLL MS Windows 95 / Windows NT Exe
WOWFAXUI.DLL MS Windows 95 / Windows NT Exe
WS2HELP.DLL MS Windows 95 / Windows NT Exe
32.DLL MS Windows 95 / Windows NT Exe
WSECEDIT.DLL MS Windows 95 / Windows NT Exe
WSHATM.DLL MS Windows 95 / Windows NT Exe
WSHCON.DLL MS Windows 95 / Windows NT Exe
WSHEXT.DLL MS Windows 95 / Windows NT Exe
WSHIP6.DLL MS Windows 95 / Windows NT Exe
WSHISN.DLL MS Windows 95 / Windows NT Exe
WSHNETBS.DLL MS Windows 95 / Windows NT Exe
WSHRM.DLL MS Windows 95 / Windows NT Exe
WSHTCPIP.DLL MS Windows 95 / Windows NT Exe
WSNMP32.DLL MS Windows 95 / Windows NT Exe
WSOCK32.DLL MS Windows 95 / Windows NT Exe
WSTDECOD.DLL MS Windows 95 / Windows NT Exe
WTSAPI32.DLL MS Windows 95 / Windows NT Exe
WUAUENG.DLL MS Windows 95 / Windows NT Exe
WUAUSERV.DLL MS Windows 95 / Windows NT Exe
WZCDLG.DLL MS Windows 95 / Windows NT Exe
WZCSAPI.DLL MS Windows 95 / Windows NT Exe
WZCSVC.DLL MS Windows 95 / Windows NT Exe
XACTSRV.DLL MS Windows 95 / Windows NT Exe
XENROLL.DLL MS Windows 95 / Windows NT Exe
XOLEHLP.DLL MS Windows 95 / Windows NT Exe
XPSP1RES.DLL MS Windows 95 / Windows NT Exe
XPSP2RES.DLL MS Windows 95 / Windows NT Exe
ZIPFLDR.DLL MS Windows 95 / Windows NT Exe
ZLIB.DLL MS Windows 95 / Windows NT Exe
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
CREATI
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
CREATI
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
WINDOWS
SYSTEM32
MACROMED
SHOCKW
XTRAS
DOWNLOAD
SHOCKW
WINDOWS
SYSTEM32
SPOOL
DRIVERS
W32X86
HEWLET
WINDOWS
SYSTEM32
SPOOL
DRIVERS
W32X86
HEWLET
WINDO
**File C:\FINDnFIX\WIN.TXT


I would appear that it is gone...at least the kbdij.dll version....but will it come back. I have installed Spyblaster and my hope is that this will prevent further attacks. Please advise.

#14 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 10:58 PM

Just a note...all of the above info was while I was running in administrator mode. I have since logged on as the user and have checked his Highjack log. It had a couple of reference to about:blank which I deleted. Would you like to see the users logs...they are almost identical to the admin's now.

Thanks again.... :D .

#15 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 11:46 PM

The good news is that yes, it is gone :) Nice work.

Can you run HijackThis and delete ALL O16 entries - There are quite a few bad ones there and deleting all will not harm anything. If you need the apps, they will simply get downloaded the next time you visit the relevant site. ONLY the O16 entries though - Nothing else.

Reboot and post a new HijackThis log for further review.

Also ...
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

#16 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 12:12 AM

Ok...here is what I hope to be the last of this...hehe. My latest log file in admin mode.....

Logfile of HijackThis v1.97.7
Scan saved at 11:10:01 PM, on 28/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man...000/java/cr.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142...s/mgaxctrl6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

Oh by the way...you are the man....:).

#17 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 29 June 2004 - 01:02 AM

Yes, you are indeed clean :)

The following is a recommended maintenance regime for Windows XP:
  • The following DIRECTORY CONTENTS (But not the directory), need to be regularly emptied. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". Click on "Apply to All Folders" and then respond "Yes" when prompted and click on "OK" to apply the change.
    • %windir%\prefetch\
    • %windir%\Temp\
    • %temp%\
    • %userprofile%\Local Settings\Temp\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
  • Click on "Start" => "Settings" => "Control Panel" => "Internet Options". Click on "Delete Files", select "Delete All Offline Content" and click on "OK". Click on "OK" once more to close the options panel.
  • Right click on "Recycle Bin" and select "Empty Recycle Bin" and respond "Yes" when prompted.
  • Back-Up your files. You can use Windows backup which must be installed from the XP CD <cd-Drive>\valuadd\msft\ntbackup. Be sure to back up the following:
    • Office documents
    • Email data - Messages and address book
    • Games saves.
    • Digital Photos and other artwork.
    • Moveis that you have created or edited.
    • MP3's and other music files.
    • Browser favorites and bookmarks.
    • Downloaded files/programs.
    • Passwords, security codes etc for anything that is password protected like Quicken.
    • Activation codes for applications doownloaded and registered.
  • Do not go without an anti-virus program. Free ones include:
  • Be sure to run a periodic Trojan Scan with any of the following programs:
  • Use a Firewall such as ZoneAlarm
  • Regularly scan for adware and spyware using the following programs:
  • Defragment your system. Click on "Start" => "Programs" => "Accessories" => "System Tools" => "Disk Defragmenter".
  • Update your system. Go to Microsoft Windows Update and download all critical updates for your system.
  • Cleanup Your Disk. Click on "Start" => "Programs" => "Accessories" => "System Tools" => "Disk Cleanup".
  • Clear your icon cache. Delete the following file: %userprofile%\Local Settings\Application Data\IconCache.db. Reboot.


#18 Svenborg

Svenborg

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 09:12 AM

Again...thank you for all your help. Without people like you this thing called the internet would be nothing but a seething pit of goo.....:).

#19 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 29 June 2004 - 09:32 AM

It has been a pleasure to help you :)

The problems here look to be resolved so I will close the thread. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

If you would like to make a contribution to help support SpywareInfo, please check this link for more information.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button