• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Svenborg

Hijacked Browser

19 posts in this topic

I have a Dell laptop here at work that I have spent way to much time on....trying to kill the evil bastage Browser Hijack. Here is the log from HijackThis.....

 

Logfile of HijackThis v1.97.7

Scan saved at 4:40:34 PM, on 25/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\NILaunch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell\AccessDirect\DadTray.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\Program Files\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\JOHN~1.ENG\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {E055E8C6-869A-4F4C-98C2-EB7F96803831} - C:\WINDOWS\System32\hagafa.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe

O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man.com:8000/java/cr.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {11111111-1111-1111-1111-112133087179} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f12802.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142/tgpub/tgutil/controls/mgaxctrl6.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {859CC95E-3E3E-11D4-935D-00A0C99D82DF} (MapLegend Class) - http://139.142.31.91/Spin1/bin/ATLMapLegend.CAB

O16 - DPF: {A0D79E5E-8826-11D4-BF7F-0090273EADC0} (IndeXMap Class) - http://139.142.31.91/Spin1/bin/WayToIndex.CAB

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

 

I have downloaded find&fix and CWShredder. I have scanned for virii and have both Ad-Aware and Spybot-Search and Destroy installed on the system. The user did install the "Spykiller app...ugh...since the last time I attempted to clean the system out. Any help would be greatly appreciated.

Share this post


Link to post
Share on other sites

Ok ..here is the log.txt.....

 

Microsoft Windows XP [Version 5.1.2600]

The type of the file system is NTFS.

C: is not dirty.

 

28/06/2004

12:14am up 0 days, 4:01

»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»

Files listed in this section (in System32) are not always definitive!

Always Double Check and be sure the file pointed doesn't exist!

 

»»Locked or 'Suspect' file(s) found...

 

 

C:\WINDOWS\System32\KBDIJ.DLL +++ File read error

\\?\C:\WINDOWS\System32\KBDIJ.DLL +++ File read error

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»Special 'locked' files scan in 'System32'........

**File C:\FINDnFIX\LIST.TXT

KBDIJ.DLL Can't Open!

 

****Filtering files in System32... (-h -s -r...) ***

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

C:\WINDOWS\SYSTEM32\

kbdij.dll Sun Jun 20 2004 11:00:54p A...R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

No matches found.

 

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\KBDIJ.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(NI) ALLOW Read BUILTIN\Users

(IO) ALLOW Read BUILTIN\Users

(NI) ALLOW Read BUILTIN\Power Users

(IO) ALLOW Read BUILTIN\Power Users

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access BUILTIN\Administrators

(NI) ALLOW Full access NT AUTHORITY\SYSTEM

(IO) ALLOW Full access NT AUTHORITY\SYSTEM

(NI) ALLOW Full access BUILTIN\Administrators

(IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

Read BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

 

 

»»Member of...: (Admin logon required!)

User is a member of group ENGLAPTOP1\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group \LOCAL.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 0000001B -co- 10000000 ---A ---- ---- BUILTIN\Administrators

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John

Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER

Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users

Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users

Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users

Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

 

Owner: ENGLAPTOP1\John

 

Primary Group: ENGLAPTOP1\None

 

 

 

»»»»»»Backups created...»»»»»»

12:15am up 0 days, 4:02

28/06/2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 0 06-28-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 06-28-2004 winkey.reg

 

»»Performing 16bit string scan....

 

---------- WIN.TXT

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

Turbo C++ - Copyright 1990 Borland Intl.

Null pointer assignment

Divide error

Abnormal program termination

*.DLL

SNIF.LOG

SNIF.CTL

Oops! Memory allocation failed... Contact the author please!

0123456789ABCDEF

%02d:%02d:%02d

%02d/%02d/%02d

Power SNiF %s - The Ultimate File Snifferdog. Created %s, %s.

Mar 16 1992

21:09:15

Syntax: SNiF

-/+options

mask , ...

Default options:

-a : no attribute criteria -b : no logfile comments

-c : don't ask for confirmations +d : display file(s) found

+e : enable escape key -f : snif continuously

-g : no file-contents sniffing -i : don't use a control file

-k : no user-formatted log output -l : don't make a logfile

-m : no advanced exceptions -n : no filemask exceptions

+o : criteria are logically OR'ed +r : snif recursively

-s : don't show sniffing statistics -t : no time criteria

-u : no date criteria +w : snif whole current drive

-x : don't execute trailing commands -z : no filesize criteria

-? : quick help on these options

Copyright 1991-1992, written by Carl Declerck. This program is Freeware.

Quick help on options available:

+aHSRA, -a : set attribute criterion (hidden, system, read-only, archive)

+bSTRING, -b : include comment STRING in logfile

+c, +c1, -c : ask for confirmation when executing commands

+d, -d : display files sniffed on screen

+e, -e : enable escape key whilst sniffing

+f, +f1, -f : skip to next directory/filemask when file found

+gSTRING, -g : search for STRING sequence in files (!STRING=case-sensitive)

+iFNAME, -i : use file FNAME as control file

+kSTRING, -k : use STRING as a format-string for log output

+lFNAME, -l : use file FNAME as logfile

+m, +m1-2, -m : build/activate advanced exceptions

+nMASK, -n : make an exception of filemask MASK

+o, -o : perform a logical OR/AND on following criteria

+r, -r : snif recursively in directory tree

+s, -s : show/reset sniffing statistics

+tTIME, -t : set time criterion (Thh:mm:ss or Tmmmmm)

+uDATE, -u : set date criterion (Ddd/mm/yy, Dmm-dd-yy or Ddddd)

+wXY, -w : set sniffing drive range (

=current drive)

+xSTRING, -x : execute command STRING when file found

+zSbbbbbb, -z : set filesize criterion in bytes

noinfo

SNiF %s statistics

Matching files : %5ld Amount in bytes : %ld

Directories searched : %5ld Commands executed : %ld

Masks sniffed for: %s

File: %s

Command:

Execute the above command?

%s %s%s

Sniffed ->

%5s %7ld %s %s %s

%-38s %s

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

January

February

March

April

August

September

October

November

December

%s %s %02d %02d:%02d:%02d %4d

!!!!!

Ff1f1

COMSPEC

COMPAQ

(null)

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

Sniffed -> C:

WINDOWS

SYSTEM32

KBDIJ.DLL

COMSPEC=C:

WINDOWS

SYSTEM32

COMMAND.COM

ALLUSERSPROFILE=C:

DOCUME

ALLUSE

APPDATA=C:

DOCUME

ADMINI

APPLIC

COMMONPROGRAMFILES=C:

PROGRA

COMMON

COMPUTERNAME=ENGLAPTOP1

EPSERVTCP=

SERVER

HOMEDRIVE=C:

HOMEPATH=

Documents and Settings

Administrator

LOGONSERVER=

ENGLAPTOP1

NUMBER

PROCESSORS=1

OS=Windows

PATH=C:

WINDOWS

system32;C:

WINDOWS;C:

WINDOWS

System32

Wbem;C:

PROGRA

ATITEC

ATICON

PROGRA

COMMON

AUTODE

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR

ARCHITECTURE=x86

PROCESSOR

IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel

PROCESSOR

LEVEL=15

PROCESSOR

REVISION=0207

PROGRAMFILES=C:

PROGRA

PROMPT=$P$G

SESSIONNAME=Console

SYSTEMDRIVE=C:

SYSTEMROOT=C:

WINDOWS

TEMP=C:

WINDOWS

TMP=C:

WINDOWS

USERDOMAIN=ENGLAPTOP1

USERNAME=Administrator

USERPROFILE=C:

DOCUME

ADMINI

BLASTER=A220 I5 D1 P330 T3

exitclean

restorezero

abort

DGROUP

MMODEL

goodbye

memory

hexval

hatoi

strfcpy

since

since

string

stringx

clean

string

clean

string

listx

clean

clean

clean

string

stringx

cross

check

build

exceptlist

filelist

unhide

filelist

ftmstr

fdtstr

fatstr

intro

options

charcat

strsubst

memfind

memifind

grepfind

readarg

check

quotes

split

filename

access

atexit

close

fcloseall

CPUTN

cprintf

gmtime

localtime

asctime

ctime

mktime

strftime

DOSENV

fclose

fflush

flushall

fopen

freopen

fdopen

fprintf

fread

fseek

ftell

getdate

gettime

getswitchar

setswitchar

gettext

puttext

movetext

printf

fputc

fputc

fputchar

FPUTN

putch

SCREENIO

VALIDATEXY

SCROLL

setupio

setvbuf

sprintf

vsprintf

stime

stpcpy

strtok

system

dostounix

unixtodos

MKNAME

tmpnam

tolower

toupper

wherexy

wherex

wherey

write

xfclose

xfflush

chdir

getdisk

setdisk

chmod

close

VideoInt

c0crtinit

crtinit

findfirst

findnext

fgetc

fgetc

Nfgetc

fgetchar

getch

getche

Ngetche

Nungetch

ungetch

getenv

ioctl

IOERROR

isatty

kbhit

lseek

LONGTOA

ultoa

memcpy

setmem

memset

movmem

memmove

setdate

settime

setjmp

longjmp

strcat

strcpy

stricmp

strlen

strncpy

tzset

ISDST

unlink

VPRINTER

write

LUDIV

LUDIV

LUDIV

LUMOD

LUMOD

LUMOD

SCOPY

SCOPY

SCOPY

malloc

realloc

LXMUL

REALCVT

spawn

DATASEG

Int0Vector

Int4Vector

Int5Vector

Int6Vector

C0argc

C0argv

C0environ

envLng

envseg

envSize

osmajor

version

osminor

errno

StartTime

heapbase

brklvl

heapbase

brklvl

heaptop

logfile

ctlfile

exlist

exdir

exalist

szlist

dtlist

tmlist

options

globfnd

confirm

except

logic

logic

stats

masks

sniflog

snifctl

atexitcnt

ctype

exitbuf

exitfopen

exitopen

streams

openfd

fmode

notUmask

heaplen

stklen

wscroll

video

directvideo

doserrno

dosErrorToSV

monthDay

tzname

timezone

daylight

first

rover

environ

ScanTodVector

RealCvtVector

loginfo

logform

start

stats

finfo

atexittbl

tmpnum

setargv

turboCrt

setenvp

AHSHIFT

AHINCR

C0.ASM

SNIF.C

ACCESS

ATEXIT

CLOSE

CLOSEALL

CPRINTF

CTIME

CTYPE

DOSENV

FCLOSE

FFLUSH

FILES

FILES2

FLUSHALL

FMODE

FOPEN

FPRINTF

FREAD

FSEEK

GETDATE

GETSWIT

GPTEXT

HEAPLEN

MOVETEXT

PRINTF

PUTCH

SCREEN

SCROLL

SETUPIO

SETVBUF

SPRINTF

STIME

STKLEN

STPCPY

STRTOK

SYSTEM

TIMECVT

TMPNAM

TOLOWER

TOUPPER

WHEREXY

WRITE

WSCROLL

XFCLOSE

XFFLUSH

CHDIR

CHMODA

CLOSEA

CRTINIT

FINDFIRS

GETCH

GETENV

IOCTL

IOERROR

ISATTY

KBHIT

LSEEK

MEMCPY

MEMSET

MOVMEM

OPENA

READA

SETDATE

SETJMP

STRCAT

STRCPY

STRICMP

STRLEN

STRNCPY

TZSET

UNLINK

VPRINTER

WRITEA

SCOPY

NEARHEAP

LXMUL

REALCVT

SETARGV

SETENVP

SPAWN

CPUTN

SCRE"IO

KNAME

>ERN>

LONGTOA

,b,SD

VPRIN

XMULVe

MToSd.cT

hDB*"

Diyzx

R$Cvt

urboC

AHSHIR0F

ACCES

PAW*Z

ows 95 / Windows NT Exe

ICWPHBK.DLL MS Windows 95 / Windows NT Exe

IDQ.DLL MS Windows 95 / Windows NT Exe

IEAKENG.DLL MS Windows 95 / Windows NT Exe

IEAKSIE.DLL MS Wi Windows NT Exe

MSVIDC32.DLL MS Windows 95 / Windows NT Exe

MSVIDCTL.DLL MS Windows 95 / Windows NT Ex

EO.DLL MS Windows: "Microsoft Video For Windows APIs"

MSW3PRT.DLL MS Windows 95 / Windows NT Exe

MSWDAT10.DLL MS Windows 95 / Windows NT Exe

MSWEBDVD.DLL MS Windows 95 / Windows NT Exe

MSWMDM.DLL MS Windows 95 / Windows NT Exe

MSWSOCK.DLL MS Windows 95 / Windows NT Exe

MSWSTR10.DLL MS Windows 95 / Windows NT Exe

MSXBDE40.DLL MS Windows 95 / Windows NT Exe

MSXBSE35.DLL MS Windows 95 / Windows NT Exe

MSXML.DLL MS Windows 95 / Windows NT Exe

MSXML2.DLL MS Windows 95 / Windows NT Exe

MSXML2R.DLL MS Windows 95 / Windows NT Exe

MSXML3.DLL MS Windows 95 / Windows NT Exe

MSXML3A.DLL MS Windows 95 / Windows NT Exe

MSXML3R.DLL MS Windows 95 / Windows NT Exe

MSXMLR.DLL MS Windows 95 / Windows NT Exe

MSYUV.DLL MS Windows 95 / Windows NT Exe

MTXCLU.DLL MS Windows 95 / Windows NT Exe

MTXDM.DLL MS Windows 95 / Windows NT Exe

MTXEX.DLL MS Windows 95 / Windows NT Exe

MTXLEGIH.DLL MS Windows 95 / Windows NT Exe

MTXOCI.DLL MS Windows 95 / Windows NT Exe

MYCOMPUT.DLL MS Windows 95 / Windows NT Exe

MYDOCS.DLL MS Windows 95 / Windows NT Exe

NARRHOOK.DLL MS Windows 95 / Windows NT Exe

NCOBJAPI.DLL MS Windows 95 / Windows NT Exe

NCXPNT.DLL MS Windows 95 / Windows NT Exe

NDDEAPI.DLL MS Windows 95 / Windows NT Exe

NDDENB32.DLL MS Windows 95 / Windows NT Exe

NETAPI.DLL MS Windows: "Microsoft LAN Manager API Library, Copyright© M..."

NETAPI32.DLL MS Windows 95 / Windows NT Exe

NETCFGX.DLL MS Windows 95 / Windows NT Exe

NETEVENT.DLL MS Windows 95 / Windows NT Exe

NETFXP

1.DLL MS Windows 95 / Windows NT Exe

NETH.DLL MS Windows 95 / Windows NT Exe

NETID.DLL MS Windows 95 / Windows NT Exe

NETLOGON.DLL MS Windows 95 / Windows NT Exe

NETMAN.DLL MS Windows 95 / Windows NT Exe

NETMSG.DLL MS Windows 95 / Windows NT Exe

NETPLWIZ.DLL MS Windows 95 / Windows NT Exe

NETRAP.DLL MS Windows 95 / Windows NT Exe

NETSHELL.DLL MS Windows 95 / Windows NT Exe

NETUI0.DLL MS Windows 95 / Windows NT Exe

NETUI1.DLL MS Windows 95 / Windows NT Exe

NETUI2.DLL MS Windows 95 / Windows NT Exe

NEWDEV.DLL MS Windows 95 / Windows NT Exe

NLHTML.DLL MS Windows 95 / Windows NT Exe

NMEVTMSG.DLL MS Windows 95 / Windows NT Exe

NMMKCERT.DLL MS Windows 95 / Windows NT Exe

NPPTOOLS.DLL MS Windows 95 / Windows NT Exe

NTDLL.DLL MS Windows 95 / Windows NT Exe

NTDSAPI.DLL MS Windows 95 / Windows NT Exe

NTDSBCLI.DLL MS Windows 95 / Windows NT Exe

NTLANMAN.DLL MS Windows 95 / Windows NT Exe

NTLANUI.DLL MS Windows 95 / Windows NT Exe

NTLANUI2.DLL MS Windows 95 / Windows NT Exe

NTLSAPI.DLL MS Windows 95 / Windows NT Exe

NTMARTA.DLL MS Windows 95 / Windows NT Exe

NTMSAPI.DLL MS Windows 95 / Windows NT Exe

NTMSDBA.DLL MS Windows 95 / Windows NT Exe

NTMSEVT.DLL MS Windows 95 / Windows NT Exe

NTMSMGR.DLL MS Windows 95 / Windows NT Exe

NTMSSVC.DLL MS Windows 95 / Windows NT Exe

NTPRINT.DLL MS Windows 95 / Windows NT Exe

NTSDEXTS.DLL MS Windows 95 / Windows NT Exe

NTSHRUI.DLL MS Windows 95 / Windows NT Exe

NTVDMD.DLL MS Windows 95 / Windows NT Exe

DISP.DLL MS Windows 95 / Windows NT Exe

NWAPI16.DLL MS Windows 95 / Windows NT Exe

NWAPI32.DLL MS Windows 95 / Windows NT Exe

NWCFG.DLL MS Windows 95 / Windows NT Exe

NWEVENT.DLL MS Windows 95 / Windows NT Exe

NWPROVAU.DLL MS Windows 95 / Windows NT Exe

NWWKS.DLL MS Windows 95 / Windows NT Exe

OAKLEY.DLL MS Windows 95 / Windows NT Exe

OBJSEL.DLL MS Windows 95 / Windows NT Exe

OCCACHE.DLL MS Windows 95 / Windows NT Exe

OCMANAGE.DLL MS Windows 95 / Windows NT Exe

ODBC16GT.DLL MS Windows: "ODBC Generic Thunk API library (16-bit), Copyrigh..."

ODBC32.DLL MS Windows 95 / Windows NT Exe

ODBC32GT.DLL MS Windows 95 / Windows NT Exe

ODBCBCP.DLL MS Windows 95 / Windows NT Exe

ODBCCONF.DLL MS Windows 95 / Windows NT Exe

ODBCCP32.DLL MS Windows 95 / Windows NT Exe

ODBCCR32.DLL MS Windows 95 / Windows NT Exe

ODBCCU32.DLL MS Windows 95 / Windows NT Exe

ODBCINT.DLL MS Windows 95 / Windows NT Exe

ODBCJI32.DLL MS Windows 95 / Windows NT Exe

ODBCJT32.DLL MS Windows 95 / Windows NT Exe

ODBCP32R.DLL MS Windows 95 / Windows NT Exe

ODBCTRAC.DLL MS Windows 95 / Windows NT Exe

ODDBSE32.DLL MS Windows 95 / Windows NT Exe

ODEXL32.DLL MS Windows 95 / Windows NT Exe

ODFOX32.DLL MS Windows 95 / Windows NT Exe

ODPDX32.DLL MS Windows 95 / Windows NT Exe

ODTEXT32.DLL MS Windows 95 / Windows NT Exe

OEMDSPIF.DLL MS Windows 95 / Windows NT Exe

OFFFILT.DLL MS Windows 95 / Windows NT Exe

OLE2.DLL MS Windows: "obj

ole2.exe"

OLE2DISP.DLL MS Windows: "OLE Automation Library"

OLE2NLS.DLL MS Windows: "National Language Support Library"

OLE32.DLL MS Windows 95 / Windows NT Exe

OLEACC.DLL MS Windows 95 / Windows NT Exe

OLEACCRC.DLL MS Windows 95 / Windows NT Exe

OLEAUT32.DLL MS Windows 95 / Windows NT Exe

OLECLI.DLL MS Windows: "OLE Client. support © Copyright Microsoft Corp...."

OLECLI32.DLL MS Windows 95 / Windows NT Exe

OLECNV32.DLL MS Windows 95 / Windows NT Exe

OLEDLG.DLL MS Windows 95 / Windows NT Exe

OLEPRN.DLL MS Windows 95 / Windows NT Exe

OLEPRO32.DLL MS Windows 95 / Windows NT Exe

OLESVR.DLL MS Windows: "OLE Server. © Copyright Microsoft Corp. 1990 - ..."

OLESVR32.DLL MS Windows 95 / Windows NT Exe

OLETHK32.DLL MS Windows 95 / Windows NT Exe

OPENGL32.DLL MS Windows 95 / Windows NT Exe

OSUNINST.DLL MS Windows 95 / Windows NT Exe

PANMAP.DLL MS Windows 95 / Windows NT Exe

PAQSP.DLL MS Windows 95 / Windows NT Exe

PAUTOENR.DLL MS Windows 95 / Windows NT Exe

PCDLIB32.DLL MS Windows 95 / Windows NT Exe

PDH.DLL MS Windows 95 / Windows NT Exe

PERFCTRS.DLL MS Windows 95 / Windows NT Exe

PERFDISK.DLL MS Windows 95 / Windows NT Exe

PERFNET.DLL MS Windows 95 / Windows NT Exe

PERFNW.DLL MS Windows 95 / Windows NT Exe

PERFOS.DLL MS Windows 95 / Windows NT Exe

PERFPROC.DLL MS Windows 95 / Windows NT Exe

PERFTS.DLL MS Windows 95 / Windows NT Exe

PHOTOWIZ.DLL MS Windows 95 / Windows NT Exe

PID.DLL MS Windows 95 / Windows NT Exe

PIDGEN.DLL MS Windows 95 / Windows NT Exe

PIFMGR.DLL MS Windows 95 / Windows NT Exe

PJLMON.DLL MS Windows 95 / Windows NT Exe

PLUSTAB.DLL MS Windows 95 / Windows NT Exe

PMSPL.DLL MS Windows: "Microsoft LAN Manager Spooler APIs, Copyright© ..."

PNCRT.DLL MS Windows 95 / Windows NT Exe

PNDX5016.DLL MS Windows: "Extract Device Node status."

PNDX5032.DLL MS Windows 95 / Windows NT Exe

PNGFILT.DLL MS Windows 95 / Windows NT Exe

POLSTORE.DLL MS Windows 95 / Windows NT Exe

POWRPROF.DLL MS Windows 95 / Windows NT Exe

PRFLBMSG.DLL MS Windows 95 / Windows NT Exe

PRINTUI.DLL MS Windows 95 / Windows NT Exe

PROFMAP.DLL MS Windows 95 / Windows NT Exe

PSAPI.DLL MS Windows 95 / Windows NT Exe

PSBASE.DLL MS Windows 95 / Windows NT Exe

PSCHDPRF.DLL MS Windows 95 / Windows NT Exe

PSISDECD.DLL MS Windows 95 / Windows NT Exe

PSNPPAGN.DLL MS Windows 95 / Windows NT Exe

PSTOREC.DLL MS Windows 95 / Windows NT Exe

PSTORSVC.DLL MS Windows 95 / Windows NT Exe

PUBDLG.DLL MS Windows 95 / Windows NT Exe

QASF.DLL MS Windows 95 / Windows NT Exe

QCAP.DLL MS Windows 95 / Windows NT Exe

QDV.DLL MS Windows 95 / Windows NT Exe

QDVD.DLL MS Windows 95 / Windows NT Exe

QEDIT.DLL MS Windows 95 / Windows NT Exe

QEDWIPES.DLL MS Windows 95 / Windows NT Exe

QMGR.DLL MS Windows 95 / Windows NT Exe

QMGRPRXY.DLL MS Windows 95 / Windows NT Exe

QOSNAME.DLL MS Windows 95 / Windows NT Exe

QUARTZ.DLL MS Windows 95 / Windows NT Exe

QUERY.DLL MS Windows 95 / Windows NT Exe

RACPLDLG.DLL MS Windows 95 / Windows NT Exe

RASADHLP.DLL MS Windows 95 / Windows NT Exe

RASAPI32.DLL MS Windows 95 / Windows NT Exe

RASAUTO.DLL MS Windows 95 / Windows NT Exe

RASCHAP.DLL MS Windows 95 / Windows NT Exe

RASCTRS.DLL MS Windows 95 / Windows NT Exe

RASDLG.DLL MS Windows 95 / Windows NT Exe

RASMAN.DLL MS Windows 95 / Windows NT Exe

RASMANS.DLL MS Windows 95 / Windows NT Exe

RASMONTR.DLL MS Windows 95 / Windows NT Exe

RASMXS.DLL MS Windows 95 / Windows NT Exe

RASPPP.DLL MS Windows 95 / Windows NT Exe

RASRAD.DLL MS Windows 95 / Windows NT Exe

RASSAPI.DLL MS Windows 95 / Windows NT Exe

RASSER.DLL MS Windows 95 / Windows NT Exe

RASTAPI.DLL MS Windows 95 / Windows NT Exe

RASTLS.DLL MS Windows 95 / Windows NT Exe

RCBDYCTL.DLL MS Windows 95 / Windows NT Exe

RDCHOST.DLL MS Windows 95 / Windows NT Exe

RDOCURS.DLL MS Windows 95 / Windows NT Exe

RDPCFGEX.DLL MS Windows 95 / Windows NT Exe

RDPDD.DLL MS Windows 95 / Windows NT Exe

RDPSND.DLL MS Windows 95 / Windows NT Exe

RDPWSX.DLL MS Windows 95 / Windows NT Exe

REGACAD.DLL MS Windows 95 / Windows NT Exe

REGAPI.DLL MS Windows 95 / Windows NT Exe

REGSVC.DLL MS Windows 95 / Windows NT Exe

REGWIZC.DLL MS Windows 95 / Windows NT Exe

REMOTEPG.DLL MS Windows 95 / Windows NT Exe

REND.DLL MS Windows 95 / Windows NT Exe

RESUTILS.DLL MS Windows 95 / Windows NT Exe

RICHED20.DLL MS Windows 95 / Windows NT Exe

RICHED32.DLL MS Windows 95 / Windows NT Exe

RMOC3260.DLL MS Windows 95 / Windows NT Exe

RNR20.DLL MS Windows 95 / Windows NT Exe

ROBOEX32.DLL MS Windows 95 / Windows NT Exe

ROUTETAB.DLL MS Windows 95 / Windows NT Exe

RPCNS4.DLL MS Windows 95 / Windows NT Exe

RPCRT4.DLL MS Windows 95 / Windows NT Exe

RPCSS.DLL MS Windows 95 / Windows NT Exe

RSAENH.DLL MS Windows 95 / Windows NT Exe

RSFSAPS.DLL MS Windows 95 / Windows NT Exe

RSHX32.DLL MS Windows 95 / Windows NT Exe

RSMPS.DLL MS Windows 95 / Windows NT Exe

RSVPMSG.DLL MS Windows 95 / Windows NT Exe

RSVPPERF.DLL MS Windows 95 / Windows NT Exe

RSVPSP.DLL MS Windows 95 / Windows NT Exe

RTCDLL.DLL MS Windows 95 / Windows NT Exe

RTIPXMIB.DLL MS Windows 95 / Windows NT Exe

RTM.DLL MS Windows 95 / Windows NT Exe

RTUTILS.DLL MS Windows 95 / Windows NT Exe

S32EVNT1.DLL MS Windows 95 / Windows NT Exe

S32STAT.DLL MS Windows 95 / Windows NT Exe

SAFRCDLG.DLL MS Windows 95 / Windows NT Exe

SAFRDM.DLL MS Windows 95 / Windows NT Exe

SAFRSLV.DLL MS Windows 95 / Windows NT Exe

SAMLIB.DLL MS Windows 95 / Windows NT Exe

SAMSRV.DLL MS Windows 95 / Windows NT Exe

SBE.DLL MS Windows 95 / Windows NT Exe

SBEIO.DLL MS Windows 95 / Windows NT Exe

SCARDDLG.DLL MS Windows 95 / Windows NT Exe

SCARDSSP.DLL MS Windows 95 / Windows NT Exe

SCCBASE.DLL MS Windows 95 / Windows NT Exe

SCCSCCP.DLL MS Windows 95 / Windows NT Exe

SCECLI.DLL MS Windows 95 / Windows NT Exe

SCESRV.DLL MS Windows 95 / Windows NT Exe

SCHANNEL.DLL MS Windows 95 / Windows NT Exe

SCHEDSVC.DLL MS Windows 95 / Windows NT Exe

SCLGNTFY.DLL MS Windows 95 / Windows NT Exe

SCP32.DLL MS Windows 95 / Windows NT Exe

SCREDIR.DLL MS Windows 95 / Windows NT Exe

SCRIPTO.DLL MS Windows 95 / Windows NT Exe

SCRIPTPW.DLL MS Windows 95 / Windows NT Exe

SCROBJ.DLL MS Windows 95 / Windows NT Exe

SCRRUN.DLL MS Windows 95 / Windows NT Exe

SDPBLB.DLL MS Windows 95 / Windows NT Exe

SECLOGON.DLL MS Windows 95 / Windows NT Exe

SECUR32.DLL MS Windows 95 / Windows NT Exe

SECURITY.DLL MS Windows 95 / Windows NT Exe

SENDCMSG.DLL MS Windows 95 / Windows NT Exe

SENDMAIL.DLL MS Windows 95 / Windows NT Exe

SENS.DLL MS Windows 95 / Windows NT Exe

SENSAPI.DLL MS Windows 95 / Windows NT Exe

SENSCFG.DLL MS Windows 95 / Windows NT Exe

SERIALUI.DLL MS Windows 95 / Windows NT Exe

SERVDEPS.DLL MS Windows 95 / Windows NT Exe

SERWVDRV.DLL MS Windows 95 / Windows NT Exe

SETUPAPI.DLL MS Windows 95 / Windows NT Exe

SETUPDD.DLL MS Windows 95 / Windows NT Exe

SETUPDLL.DLL MS Windows 95 / Windows NT Exe

SFC.DLL MS Windows 95 / Windows NT Exe

SFCFILES.DLL MS Windows 95 / Windows NT Exe

OS.DLL MS Windows 95 / Windows NT Exe

SFMAPI.DLL MS Windows 95 / Windows NT Exe

SHDOCLC.DLL MS Windows 95 / Windows NT Exe

SHDOCVW.DLL MS Windows 95 / Windows NT Exe

SHELL.DLL MS Windows: "WOW REPLACEMENT SHELL"

SHELL32.DLL MS Windows 95 / Windows NT Exe

SHELLS

1.DLL MS Windows 95 / Windows NT Exe

SHFOLDER.DLL MS Windows 95 / Windows NT Exe

SHGINA.DLL MS Windows 95 / Windows NT Exe

SHIMENG.DLL MS Windows 95 / Windows NT Exe

SHIMGVW.DLL MS Windows 95 / Windows NT Exe

SHLWAPI.DLL MS Windows 95 / Windows NT Exe

SHMEDIA.DLL MS Windows 95 / Windows NT Exe

SHSCRAP.DLL MS Windows 95 / Windows NT Exe

SHSVCS.DLL MS Windows 95 / Windows NT Exe

SIGTAB.DLL MS Windows 95 / Windows NT Exe

SISBKUP.DLL MS Windows 95 / Windows NT Exe

SKDLL.DLL MS Windows 95 / Windows NT Exe

SLAYERXP.DLL MS Windows 95 / Windows NT Exe

SLBCSP.DLL MS Windows 95 / Windows NT Exe

SLBIOP.DLL MS Windows 95 / Windows NT Exe

SLBRCCSP.DLL MS Windows 95 / Windows NT Exe

SMLOGCFG.DLL MS Windows 95 / Windows NT Exe

SNMPAPI.DLL MS Windows 95 / Windows NT Exe

SNMPSNAP.DLL MS Windows 95 / Windows NT Exe

SOFTPUB.DLL MS Windows 95 / Windows NT Exe

SPMSG.DLL MS Windows 95 / Windows NT Exe

SPNIKE.DLL MS Windows 95 / Windows NT Exe

SPOOLSS.DLL MS Windows 95 / Windows NT Exe

SPRIO600.DLL MS Windows 95 / Windows NT Exe

SPRIO800.DLL MS Windows 95 / Windows NT Exe

SPXCOINS.DLL MS Windows 95 / Windows NT Exe

SQLSRV32.DLL MS Windows 95 / Windows NT Exe

SQLUNIRL.DLL MS Windows 95 / Windows NT Exe

SQLWID.DLL MS Windows 95 / Windows NT Exe

SQLWOA.DLL MS Windows 95 / Windows NT Exe

SRCLIENT.DLL MS Windows 95 / Windows NT Exe

SRRSTR.DLL MS Windows 95 / Windows NT Exe

SRSVC.DLL MS Windows 95 / Windows NT Exe

SRVSVC.DLL MS Windows 95 / Windows NT Exe

SSDPAPI.DLL MS Windows 95 / Windows NT Exe

SSDPSRV.DLL MS Windows 95 / Windows NT Exe

STCLIENT.DLL MS Windows 95 / Windows NT Exe

STI.DLL MS Windows 95 / Windows NT Exe

CI.DLL MS Windows 95 / Windows NT Exe

STOBJECT.DLL MS Windows 95 / Windows NT Exe

STORAGE.DLL MS Windows: "obj

storage.exe"

STORPROP.DLL MS Windows 95 / Windows NT Exe

STREAMCI.DLL MS Windows 95 / Windows NT Exe

STRMDLL.DLL MS Windows 95 / Windows NT Exe

SVCPACK.DLL MS Windows 95 / Windows NT Exe

SWPRV.DLL MS Windows 95 / Windows NT Exe

SXS.DLL MS Windows 95 / Windows NT Exe

SYMEVNT1.DLL MS Windows: "SYMEvnt, Copyright 1993-1994, Symantec Corporation"

SYNCENG.DLL MS Windows 95 / Windows NT Exe

SYNCUI.DLL MS Windows 95 / Windows NT Exe

SYNTPAPI.DLL MS Windows 95 / Windows NT Exe

SYNTPCOI.DLL MS Windows 95 / Windows NT Exe

SYNTPFCS.DLL MS Windows 95 / Windows NT Exe

SYSINV.DLL MS Windows 95 / Windows NT Exe

SYSSETUP.DLL MS Windows 95 / Windows NT Exe

T2EMBED.DLL MS Windows 95 / Windows NT Exe

TAPI.DLL MS Windows: "obj

tapi.exe"

TAPI3.DLL MS Windows 95 / Windows NT Exe

TAPI32.DLL MS Windows 95 / Windows NT Exe

TAPIPERF.DLL MS Windows 95 / Windows NT Exe

TAPISRV.DLL MS Windows 95 / Windows NT Exe

TAPIUI.DLL MS Windows 95 / Windows NT Exe

TCPMIB.DLL MS Windows 95 / Windows NT Exe

TCPMON.DLL MS Windows 95 / Windows NT Exe

TCPMONUI.DLL MS Windows 95 / Windows NT Exe

TERMMGR.DLL MS Windows 95 / Windows NT Exe

TERMSRV.DLL MS Windows 95 / Windows NT Exe

THEMEUI.DLL MS Windows 95 / Windows NT Exe

TLNTSVRP.DLL MS Windows 95 / Windows NT Exe

TOOLHELP.DLL MS Windows: "TOOLHELP for WOW - Debug/Tool Helper library"

TRAFFIC.DLL MS Windows 95 / Windows NT Exe

TRKWKS.DLL MS Windows 95 / Windows NT Exe

TSAPPCMP.DLL MS Windows 95 / Windows NT Exe

TSBYUV.DLL MS Windows 95 / Windows NT Exe

TSCFGWMI.DLL MS Windows 95 / Windows NT Exe

TSD32.DLL MS Windows 95 / Windows NT Exe

TSDDD.DLL MS Windows 95 / Windows NT Exe

TXFLOG.DLL MS Windows 95 / Windows NT Exe

TYPELIB.DLL MS Windows: "OLE Automation Type Information Interfaces"

UDHISAPI.DLL MS Windows 95 / Windows NT Exe

UFAT.DLL MS Windows 95 / Windows NT Exe

ULIB.DLL MS Windows 95 / Windows NT Exe

UMANDLG.DLL MS Windows 95 / Windows NT Exe

UMDMXFRM.DLL MS Windows 95 / Windows NT Exe

UMPNPMGR.DLL MS Windows 95 / Windows NT Exe

UNIMDMAT.DLL MS Windows 95 / Windows NT Exe

UNIPLAT.DLL MS Windows 95 / Windows NT Exe

UNTFS.DLL MS Windows 95 / Windows NT Exe

UPNP.DLL MS Windows 95 / Windows NT Exe

UPNPHOST.DLL MS Windows 95 / Windows NT Exe

UPNPUI.DLL MS Windows 95 / Windows NT Exe

UREG.DLL MS Windows 95 / Windows NT Exe

URL.DLL MS Windows 95 / Windows NT Exe

URLMON.DLL MS Windows 95 / Windows NT Exe

USBMON.DLL MS Windows 95 / Windows NT Exe

USBUI.DLL MS Windows 95 / Windows NT Exe

USER32.DLL MS Windows 95 / Windows NT Exe

USERENV.DLL MS Windows 95 / Windows NT Exe

USP10.DLL MS Windows 95 / Windows NT Exe

USRCNTRA.DLL MS Windows 95 / Windows NT Exe

USRCOINA.DLL MS Windows 95 / Windows NT Exe

USRDPA.DLL MS Windows 95 / Windows NT Exe

USRDTEA.DLL MS Windows 95 / Windows NT Exe

USRFAXA.DLL MS Windows 95 / Windows NT Exe

USRLBVA.DLL MS Windows 95 / Windows NT Exe

USRRTOSA.DLL MS Windows 95 / Windows NT Exe

USRSDPIA.DLL MS Windows 95 / Windows NT Exe

USRSVPIA.DLL MS Windows 95 / Windows NT Exe

USRV42A.DLL MS Windows 95 / Windows NT Exe

USRV80A.DLL MS Windows 95 / Windows NT Exe

USRVOICA.DLL MS Windows 95 / Windows NT Exe

USRVPA.DLL MS Windows 95 / Windows NT Exe

UTILDLL.DLL MS Windows 95 / Windows NT Exe

UXTHEME.DLL MS Windows 95 / Windows NT Exe

VBAJET32.DLL MS Windows 95 / Windows NT Exe

VBAME.DLL MS Windows 95 / Windows NT Exe

VBAR332.DLL MS Windows 95 / Windows NT Exe

VBSCRIPT.DLL MS Windows 95 / Windows NT Exe

VCDEX.DLL MS Windows 95 / Windows NT Exe

VDMDBG.DLL MS Windows 95 / Windows NT Exe

VDMREDIR.DLL MS Windows 95 / Windows NT Exe

VER.DLL MS Windows: "VER - A Version stamping library"

VERIFIER.DLL MS Windows 95 / Windows NT Exe

VERSION.DLL MS Windows 95 / Windows NT Exe

VFPODBC.DLL MS Windows 95 / Windows NT Exe

VGA.DLL MS Windows 95 / Windows NT Exe

VGA256.DLL MS Windows 95 / Windows NT Exe

VGA64K.DLL MS Windows 95 / Windows NT Exe

VJOY.DLL MS Windows 95 / Windows NT Exe

VMHELPER.DLL MS Windows 95 / Windows NT Exe

VSSAPI.DLL MS Windows 95 / Windows NT Exe

PS.DLL MS Windows 95 / Windows NT Exe

VWIPXSPX.DLL MS Windows 95 / Windows NT Exe

W32TIME.DLL MS Windows 95 / Windows NT Exe

W32TOPL.DLL MS Windows 95 / Windows NT Exe

WAVEMSP.DLL MS Windows 95 / Windows NT Exe

WDIGEST.DLL MS Windows 95 / Windows NT Exe

WEBCHECK.DLL MS Windows 95 / Windows NT Exe

WEBCLNT.DLL MS Windows 95 / Windows NT Exe

WEBHITS.DLL MS Windows 95 / Windows NT Exe

WEBVW.DLL MS Windows 95 / Windows NT Exe

WIADEFUI.DLL MS Windows 95 / Windows NT Exe

WIADSS.DLL MS Windows 95 / Windows NT Exe

WIASCR.DLL MS Windows 95 / Windows NT Exe

WIASERVC.DLL MS Windows 95 / Windows NT Exe

WIASHEXT.DLL MS Windows 95 / Windows NT Exe

WIAVIDEO.DLL MS Windows 95 / Windows NT Exe

WIAVUSD.DLL MS Windows 95 / Windows NT Exe

WIFEMAN.DLL MS Windows: "WOW REPLACEMENT Font Driver Manager For WIFE"

WIN32SPL.DLL MS Windows 95 / Windows NT Exe

WIN87EM.DLL MS Windows: "Microsoft Windows 3.1 Coprocessor/Emulator Librar..."

WINBRAND.DLL MS Windows 95 / Windows NT Exe

WINFAX.DLL MS Windows 95 / Windows NT Exe

WINHTTP.DLL MS Windows 95 / Windows NT Exe

WININET.DLL MS Windows 95 / Windows NT Exe

WINIPSEC.DLL MS Windows 95 / Windows NT Exe

WINMM.DLL MS Windows 95 / Windows NT Exe

WINNLS.DLL MS Windows: "WOW REPLACEMENT WINNLS"

WINNTBBU.DLL MS Windows 95 / Windows NT Exe

WINRNR.DLL MS Windows 95 / Windows NT Exe

WINSCARD.DLL MS Windows 95 / Windows NT Exe

WINSOCK.DLL MS Windows: "BSD Socket API for Windows"

WINSRV.DLL MS Windows 95 / Windows NT Exe

WINSTA.DLL MS Windows 95 / Windows NT Exe

WINSTRM.DLL MS Windows 95 / Windows NT Exe

WINTRUST.DLL MS Windows 95 / Windows NT Exe

WKSSVC.DLL MS Windows 95 / Windows NT Exe

WLDAP32.DLL MS Windows 95 / Windows NT Exe

WLNOTIFY.DLL MS Windows 95 / Windows NT Exe

WMADMOD.DLL MS Windows 95 / Windows NT Exe

WMADMOE.DLL MS Windows 95 / Windows NT Exe

WMASF.DLL MS Windows 95 / Windows NT Exe

WMAUDSDK.DLL MS Windows 95 / Windows NT Exe

WMDMLOG.DLL MS Windows 95 / Windows NT Exe

WMDMPS.DLL MS Windows 95 / Windows NT Exe

WMERRENU.DLL MS Windows 95 / Windows NT Exe

WMERROR.DLL MS Windows 95 / Windows NT Exe

WMI.DLL MS Windows 95 / Windows NT Exe

WMIDX.DLL MS Windows 95 / Windows NT Exe

WMIPROP.DLL MS Windows 95 / Windows NT Exe

WMISCMGR.DLL MS Windows 95 / Windows NT Exe

WMNETMGR.DLL MS Windows 95 / Windows NT Exe

WMP.DLL MS Windows 95 / Windows NT Exe

WMPASF.DLL MS Windows 95 / Windows NT Exe

WMPCD.DLL MS Windows 95 / Windows NT Exe

WMPCORE.DLL MS Windows 95 / Windows NT Exe

WMPDXM.DLL MS Windows 95 / Windows NT Exe

WMPLOC.DLL MS Windows 95 / Windows NT Exe

WMPSHELL.DLL MS Windows 95 / Windows NT Exe

WMPUI.DLL MS Windows 95 / Windows NT Exe

WMSDMOD.DLL MS Windows 95 / Windows NT Exe

WMSDMOE.DLL MS Windows 95 / Windows NT Exe

WMSDMOE2.DLL MS Windows 95 / Windows NT Exe

WMSPDMOD.DLL MS Windows 95 / Windows NT Exe

WMSPDMOE.DLL MS Windows 95 / Windows NT Exe

WMSTREAM.DLL MS Windows 95 / Windows NT Exe

WMV8DMOD.DLL MS Windows 95 / Windows NT Exe

WMV9VCM.DLL MS Windows 95 / Windows NT Exe

WMVCORE.DLL MS Windows 95 / Windows NT Exe

WMVCORE2.DLL MS Windows 95 / Windows NT Exe

WMVDMOD.DLL MS Windows 95 / Windows NT Exe

WMVDMOE.DLL MS Windows 95 / Windows NT Exe

WMVDMOE2.DLL MS Windows 95 / Windows NT Exe

WOW32.DLL MS Windows 95 / Windows NT Exe

WOWFAX.DLL MS Windows 95 / Windows NT Exe

WOWFAXUI.DLL MS Windows 95 / Windows NT Exe

WS2HELP.DLL MS Windows 95 / Windows NT Exe

32.DLL MS Windows 95 / Windows NT Exe

WSECEDIT.DLL MS Windows 95 / Windows NT Exe

WSHATM.DLL MS Windows 95 / Windows NT Exe

WSHCON.DLL MS Windows 95 / Windows NT Exe

WSHEXT.DLL MS Windows 95 / Windows NT Exe

WSHIP6.DLL MS Windows 95 / Windows NT Exe

WSHISN.DLL MS Windows 95 / Windows NT Exe

WSHNETBS.DLL MS Windows 95 / Windows NT Exe

WSHRM.DLL MS Windows 95 / Windows NT Exe

WSHTCPIP.DLL MS Windows 95 / Windows NT Exe

WSNMP32.DLL MS Windows 95 / Windows NT Exe

WSOCK32.DLL MS Windows 95 / Windows NT Exe

WSTDECOD.DLL MS Windows 95 / Windows NT Exe

WTSAPI32.DLL MS Windows 95 / Windows NT Exe

WUAUENG.DLL MS Windows 95 / Windows NT Exe

WUAUSERV.DLL MS Windows 95 / Windows NT Exe

WZCDLG.DLL MS Windows 95 / Windows NT Exe

WZCSAPI.DLL MS Windows 95 / Windows NT Exe

WZCSVC.DLL MS Windows 95 / Windows NT Exe

XACTSRV.DLL MS Windows 95 / Windows NT Exe

XENROLL.DLL MS Windows 95 / Windows NT Exe

XOLEHLP.DLL MS Windows 95 / Windows NT Exe

XPSP1RES.DLL MS Windows 95 / Windows NT Exe

XPSP2RES.DLL MS Windows 95 / Windows NT Exe

ZIPFLDR.DLL MS Windows 95 / Windows NT Exe

ZLIB.DLL MS Windows 95 / Windows NT Exe

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

CREATI

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

CREATI

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

WINDOWS

SYSTEM32

SPOOL

DRIVERS

W32X86

HEWLET

WINDOWS

SYSTEM32

SPOOL

DRIVERS

W32X86

HEWLET

WINDO

**File C:\FINDnFIX\WIN.TXT

 

Thanks in advance.... :D

Share this post


Link to post
Share on other sites

This will take couple or more steps to fix. Be sure to Follow the next set of steps carefully, in the exact order specified:

  • Open the "FINDnFIX\Keys1" Subfolder!
  • Locate the "MOVEit.bat" file, Right-Click on it and select => "edit". The file will open as empty text file.
  • Copy and paste the entire highlighted line in the following quote box
    (all one line) into that blank 'MOVEit' file:
    move C:\WINDOWS\System32\KBDIJ.DLL c:\junkxxx\KBDIJ.DLL

  • Save the file and close.
  • Get ready to restart your computer.
  • In the same folder, DoubleClick on the "FIX.bat" file.
  • You will be prompted by popup Alert to restart in 15 seconds.
  • Allow it to restart the computer!
  • On restart, Navigate to: C:\FINDnFIX\ main folder:
  • DoubleClick on the "RESTORE.bat" file.
  • It'll run and produce new log. (log1.txt) post it here!

Share this post


Link to post
Share on other sites

ok did that...hee is the new log file..

 

 

28/06/2004

2:10pm up 0 days, 0:01

 

Microsoft Windows XP [Version 5.1.2600]

The type of the file system is NTFS.

C: is not dirty.

 

*Locked files...

\\?\C:\WINDOWS\System32\KBDIJ.DLL +++ File read error

 

»»»Filtering files in System32.......( 'R;H;S') »»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

C:\WINDOWS\SYSTEM32\

kbdij.dll Sun Jun 20 2004 11:00:54p A...R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\KBDIJ.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

 

 

Search text: ÝSTREAMINGDEVICESETUP2Þ ®CASE Insensitive Match

No Files to Search

 

Run Time(sec) 0

 

move C:\windows\system32\kbdij.dll c:\junkxxx\kbdij.dll

 

 

»»Permissions:

Directory "C:\junkxxx\."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 0000001B -co- 101F01FF ---A DSPO rw+x BUILTIN\Administrators

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John

Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER

Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users

Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users

Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users

Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

 

Owner: ENGLAPTOP1\John

 

Primary Group: ENGLAPTOP1\None

 

Directory "C:\junkxxx\.."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000000 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 0000000B -co- 10000000 ---A ---- ---- BUILTIN\Administrators

Allow 00000000 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 0000000B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM

Allow 0000000B -co- 10000000 ---A ---- ---- \CREATOR OWNER

Allow 00000000 t--- 001200A9 ---- -S-- r--x BUILTIN\Users

Allow 0000000B -co- A0000000 R-X- ---- ---- BUILTIN\Users

Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Users

Allow 0000000A -c-- 00000002 ---- ---- -w-- BUILTIN\Users

Allow 00000000 t--- 001200A9 ---- -S-- r--x \Everyone

 

Owner: BUILTIN\Administrators

 

Primary Group: BUILTIN\Administrators

 

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access ENGLAPTOP1\Administrator

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

QWCEN-DS-- BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access ENGLAPTOP1\Administrator

 

 

 

---------- WIN.TXT

 

---------- NEWWIN.TXT

fùAppInit_DLLsÖ?æGÀÿÿÿC

**File C:\FINDnFIX\NEWWIN.TXT

! € ! # À # ? ? $ ? ìgÔÄ%²CF¹ŸY—ô ìgÔÄ%²CF¹ŸY—ô ìgÔÄ%²CF¹ŸY— Ðÿÿÿvk ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 €' Ø Ðÿÿÿvk €' leGDIProcessHandleQuotaq~ ðÿÿÿ9 0 ~ Àq~ àÿÿÿvk € e Spooler ðÿÿÿy e s àÿÿÿvk € swapdisk Ø ` ? È Ðÿÿÿvk P trTransmissionRetryTimeoutÐÿÿÿvk €' S USERProcessHandleQuotab àÿÿÿØ ` ? È ø H Øÿÿÿvk < p fùAppInit_DLLsÖ?æGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ k b d i j . d l l P ˜"

**File C:\FINDnFIX\NEWWIN.TXT

00001360: 01 00 00 00 01 00 66 F9 . 5F 44 4C 4C 73 D6 8D E6 ......fù _DLLsÖ?æ

**File C:\FINDnFIX\NEWWIN.TXT

! € ! # À # ? ? $ ? ìgÔÄ%²CF¹ŸY—ô ìgÔÄ%²CF¹ŸY—ô ìgÔÄ%²CF¹ŸY— Ðÿÿÿvk ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 €' Ø Ðÿÿÿvk €' leGDIProcessHandleQuotaq~ ðÿÿÿ9 0 ~ Àq~ àÿÿÿvk € e Spooler ðÿÿÿy e s àÿÿÿvk € swapdisk Ø ` ? È Ðÿÿÿvk P trTransmissionRetryTimeoutÐÿÿÿvk €' S USERProcessHandleQuotab àÿÿÿØ ` ? È ø H Øÿÿÿvk < p fùAppInit_DLLsÖ?æGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ k b d i j . d l l P ˜"

 

Thanks again... :D

Share this post


Link to post
Share on other sites

Please follow the steps again - Be sure to save the moveit.bat files as I am showing no changes and the same file is where it was.

Share this post


Link to post
Share on other sites

I re ran the procees again and got the same result.

 

 

28/06/2004

2:38pm up 0 days, 0:01

 

Microsoft Windows XP [Version 5.1.2600]

The type of the file system is NTFS.

C: is not dirty.

 

*Locked files...

\\?\C:\WINDOWS\System32\KBDIJ.DLL +++ File read error

 

»»»Filtering files in System32.......( 'R;H;S') »»»

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

C:\WINDOWS\SYSTEM32\

kbdij.dll Sun Jun 20 2004 11:00:54p A...R 57,344 56.00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 57,344 bytes 56.00 K

 

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

Sniffed -> C:\WINDOWS\SYSTEM32\KBDIJ.DLL

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

No matches found.

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

 

 

Search text: ÝSTREAMINGDEVICESETUP2Þ ®CASE Insensitive Match

No Files to Search

 

Run Time(sec) 0

 

move C:\WINDOWS\System32\KBDIJ.DLL c:\junkxxx\KBDIJ.DLL

 

 

»»Permissions:

Directory "C:\junkxxx\."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 0000001B -co- 101F01FF ---A DSPO rw+x BUILTIN\Administrators

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John

Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER

Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users

Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users

Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users

Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

 

Owner: ENGLAPTOP1\John

 

Primary Group: ENGLAPTOP1\None

 

Directory "C:\junkxxx\.."

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000000 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 0000000B -co- 10000000 ---A ---- ---- BUILTIN\Administrators

Allow 00000000 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 0000000B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM

Allow 0000000B -co- 10000000 ---A ---- ---- \CREATOR OWNER

Allow 00000000 t--- 001200A9 ---- -S-- r--x BUILTIN\Users

Allow 0000000B -co- A0000000 R-X- ---- ---- BUILTIN\Users

Allow 00000002 tc-- 00000004 ---- ---- --+- BUILTIN\Users

Allow 0000000A -c-- 00000002 ---- ---- -w-- BUILTIN\Users

Allow 00000000 t--- 001200A9 ---- -S-- r--x \Everyone

 

Owner: BUILTIN\Administrators

 

Primary Group: BUILTIN\Administrators

 

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access ENGLAPTOP1\Administrator

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

QWCEN-DS-- BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access ENGLAPTOP1\Administrator

 

 

 

---------- WIN.TXT

 

---------- NEWWIN.TXT

fùAppInit_DLLsÖ?æGÀÿÿÿC

**File C:\FINDnFIX\NEWWIN.TXT

! € ! # À # ? ? $ ? ìgÔÄ%²CF¹ŸY—ô ìgÔÄ%²CF¹ŸY—ô ìgÔÄ%²CF¹ŸY— TÉæwÐÿÿÿvk ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5 €' Ø Ðÿÿÿvk €' leGDIProcessHandleQuotaq~ ðÿÿÿ9 0 ~ Àq~ àÿÿÿvk € e Spooler ðÿÿÿy e s àÿÿÿvk € swapdisk Ø ` ? È Ðÿÿÿvk P trTransmissionRetryTimeoutÐÿÿÿvk €' S USERProcessHandleQuotab àÿÿÿØ ` ? È ø H Øÿÿÿvk < p fùAppInit_DLLsÖ?æGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ k b d i j . d l l P

**File C:\FINDnFIX\NEWWIN.TXT

00001360: 01 00 00 00 01 00 66 F9 . 5F 44 4C 4C 73 D6 8D E6 ......fù _DLLsÖ?æ

**File C:\FINDnFIX\NEWWIN.TXT

! € ! # À

 

 

 

I have re run Hijackthis and have enclosed the log for it. I hope this helps.

 

Logfile of HijackThis v1.97.7

Scan saved at 2:44:53 PM, on 28/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\Command Software\Command AntiVirus\schscnt.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Dell\AccessDirect\DadTray.exe

C:\WINDOWS\System32\NILaunch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {E055E8C6-869A-4F4C-98C2-EB7F96803831} - C:\WINDOWS\System32\hagafa.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe

O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man.com:8000/java/cr.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {11111111-1111-1111-1111-112133087179} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f12802.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142/tgpub/tgutil/controls/mgaxctrl6.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {859CC95E-3E3E-11D4-935D-00A0C99D82DF} (MapLegend Class) - http://139.142.31.91/Spin1/bin/ATLMapLegend.CAB

O16 - DPF: {A0D79E5E-8826-11D4-BF7F-0090273EADC0} (IndeXMap Class) - http://139.142.31.91/Spin1/bin/WayToIndex.CAB

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

 

Sorry bout this...I am not sure what is the problem...The user may have looged in and out while I was away from the system.

Share this post


Link to post
Share on other sites

Can you open the C:\FINDnFIX\Keys1\MOVEit.bat, clcik on "Edit" => "Select All" => "Edit" => "Copy" and paste the contents here. Someothing is not working as it shpuld so I need to check the syntax of your file.

Share this post


Link to post
Share on other sites

Can you click on "Start" => "Run" and type in cmd to bring up a command prompt. Type in the command exactly as it is listed and tell me if you are getting any errors etc? This may be a hidden or locked file?

Share this post


Link to post
Share on other sites

Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders".

 

Then try the change again. I would like to ascertain if it is a hidden file or a read only file - I am leaning towards hidden...

Share this post


Link to post
Share on other sites

I have all the settings like that already. The file kbdij.dll does not show up anywhere. I searched for it in the registry and found some entries in there that pertained to it...and I deleted them. I have run Ad-Aware is safe mode...cleaned out all of the files it found...hagafa.dll being one of them. I searched the registry for hagafa.dll but no entries were found. I have emptied the recycle bin and have loggged on to this site. The following is the current Hijackthis log....

 

Logfile of HijackThis v1.97.7

Scan saved at 9:11:48 PM, on 28/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Command Software\Command AntiVirus\schscnt.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Dell\AccessDirect\DadTray.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\NILaunch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijack this\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe

O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man.com:8000/java/cr.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {11111111-1111-1111-1111-112133087179} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f12802.exe

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142/tgpub/tgutil/controls/mgaxctrl6.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {859CC95E-3E3E-11D4-935D-00A0C99D82DF} (MapLegend Class) - http://139.142.31.91/Spin1/bin/ATLMapLegend.CAB

O16 - DPF: {A0D79E5E-8826-11D4-BF7F-0090273EADC0} (IndeXMap Class) - http://139.142.31.91/Spin1/bin/WayToIndex.CAB

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

 

and the current find and fix log......

 

Microsoft Windows XP [Version 5.1.2600]

The type of the file system is NTFS.

C: is not dirty.

 

28/06/2004

9:14pm up 0 days, 0:23

»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»

Files listed in this section (in System32) are not always definitive!

Always Double Check and be sure the file pointed doesn't exist!

 

»»Locked or 'Suspect' file(s) found...

 

 

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»Special 'locked' files scan in 'System32'........

**File C:\FINDnFIX\LIST.TXT

 

****Filtering files in System32... (-h -s -r...) ***

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

No matches found.

 

No matches found.

 

Sniffing..........

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

 

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

 

»»Size of Windows key:

(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

 

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

 

»»Security settings for 'Windows' key:

 

 

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above

Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)

This program is Freeware, use it on your own risk!

 

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

(ID-NI) ALLOW Read BUILTIN\Users

(ID-IO) ALLOW Read BUILTIN\Users

(ID-NI) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-IO) ALLOW QWCEN-DS-- BUILTIN\Power Users

(ID-NI) ALLOW Full access BUILTIN\Administrators

(ID-IO) ALLOW Full access BUILTIN\Administrators

(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM

(ID-NI) ALLOW Full access ENGLAPTOP1\Administrator

(ID-IO) ALLOW Full access CREATOR OWNER

 

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

Read BUILTIN\Users

QWCEN-DS-- BUILTIN\Power Users

Full access BUILTIN\Administrators

Full access NT AUTHORITY\SYSTEM

Full access ENGLAPTOP1\Administrator

 

 

»»Member of...: (Admin logon required!)

User is a member of group ENGLAPTOP1\None.

User is a member of group \Everyone.

User is a member of group BUILTIN\Administrators.

User is a member of group BUILTIN\Users.

User is a member of group \LOCAL.

User is a member of group NT AUTHORITY\INTERACTIVE.

User is a member of group NT AUTHORITY\Authenticated Users.

 

»»Dir 'junkxxx' was created with the following permissions...

(FAT32=NA)

Directory "C:\junkxxx"

Permissions:

Type Flags Inh. Mask Gen. Std. File Group or User

======= ======== ==== ======== ==== ==== ==== ================

Allow 00000010 t--- 001F01FF ---- DSPO rw+x BUILTIN\Administrators

Allow 0000001B -co- 101F01FF ---A DSPO rw+x BUILTIN\Administrators

Allow 00000010 t--- 001F01FF ---- DSPO rw+x NT AUTHORITY\SYSTEM

Allow 0000001B -co- 10000000 ---A ---- ---- NT AUTHORITY\SYSTEM

Allow 00000010 t--- 001F01FF ---- DSPO rw+x ENGLAPTOP1\John

Allow 0000001B -co- 10000000 ---A ---- ---- \CREATOR OWNER

Allow 00000010 t--- 001200A9 ---- -S-- r--x BUILTIN\Users

Allow 0000001B -co- A0000000 R-X- ---- ---- BUILTIN\Users

Allow 00000012 tc-- 00000004 ---- ---- --+- BUILTIN\Users

Allow 00000012 tc-- 00000002 ---- ---- -w-- BUILTIN\Users

 

Owner: ENGLAPTOP1\John

 

Primary Group: ENGLAPTOP1\None

 

 

 

»»»»»»Backups created...»»»»»»

9:15pm up 0 days, 0:23

28/06/2004

 

A C:\FINDnFIX\winBack.hiv

--a-- - - - - - 0 06-28-2004 winback.hiv

A C:\FINDnFIX\keys1\winkey.reg

--a-- - - - - - 287 06-28-2004 winkey.reg

 

»»Performing 16bit string scan....

 

---------- WIN.TXT

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

 

Turbo C++ - Copyright 1990 Borland Intl.

Null pointer assignment

Divide error

Abnormal program termination

*.DLL

SNIF.LOG

SNIF.CTL

Oops! Memory allocation failed... Contact the author please!

0123456789ABCDEF

%02d:%02d:%02d

%02d/%02d/%02d

Power SNiF %s - The Ultimate File Snifferdog. Created %s, %s.

Mar 16 1992

21:09:15

Syntax: SNiF

-/+options

mask , ...

Default options:

-a : no attribute criteria -b : no logfile comments

-c : don't ask for confirmations +d : display file(s) found

+e : enable escape key -f : snif continuously

-g : no file-contents sniffing -i : don't use a control file

-k : no user-formatted log output -l : don't make a logfile

-m : no advanced exceptions -n : no filemask exceptions

+o : criteria are logically OR'ed +r : snif recursively

-s : don't show sniffing statistics -t : no time criteria

-u : no date criteria +w : snif whole current drive

-x : don't execute trailing commands -z : no filesize criteria

-? : quick help on these options

Copyright 1991-1992, written by Carl Declerck. This program is Freeware.

Quick help on options available:

+aHSRA, -a : set attribute criterion (hidden, system, read-only, archive)

+bSTRING, -b : include comment STRING in logfile

+c, +c1, -c : ask for confirmation when executing commands

+d, -d : display files sniffed on screen

+e, -e : enable escape key whilst sniffing

+f, +f1, -f : skip to next directory/filemask when file found

+gSTRING, -g : search for STRING sequence in files (!STRING=case-sensitive)

+iFNAME, -i : use file FNAME as control file

+kSTRING, -k : use STRING as a format-string for log output

+lFNAME, -l : use file FNAME as logfile

+m, +m1-2, -m : build/activate advanced exceptions

+nMASK, -n : make an exception of filemask MASK

+o, -o : perform a logical OR/AND on following criteria

+r, -r : snif recursively in directory tree

+s, -s : show/reset sniffing statistics

+tTIME, -t : set time criterion (Thh:mm:ss or Tmmmmm)

+uDATE, -u : set date criterion (Ddd/mm/yy, Dmm-dd-yy or Ddddd)

+wXY, -w : set sniffing drive range (

=current drive)

+xSTRING, -x : execute command STRING when file found

+zSbbbbbb, -z : set filesize criterion in bytes

noinfo

SNiF %s statistics

Matching files : %5ld Amount in bytes : %ld

Directories searched : %5ld Commands executed : %ld

Masks sniffed for: %s

File: %s

Command:

Execute the above command?

%s %s%s

Sniffed ->

%5s %7ld %s %s %s

%-38s %s

Sunday

Monday

Tuesday

Wednesday

Thursday

Friday

Saturday

January

February

March

April

August

September

October

November

December

%s %s %02d %02d:%02d:%02d %4d

!!!!!

Ff1f1

COMSPEC

COMPAQ

(null)

Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.

COMSPEC=C:

WINDOWS

SYSTEM32

COMMAND.COM

ALLUSERSPROFILE=C:

DOCUME

ALLUSE

APPDATA=C:

DOCUME

ADMINI

APPLIC

CLIENTNAME=Console

COMMONPROGRAMFILES=C:

PROGRA

COMMON

COMPUTERNAME=ENGLAPTOP1

EPSERVTCP=

SERVER

HOMEDRIVE=C:

HOMEPATH=

Documents and Settings

Administrator

LOGONSERVER=

ENGLAPTOP1

NUMBER

PROCESSORS=1

OS=Windows

PATH=C:

WINDOWS

system32;C:

WINDOWS;C:

WINDOWS

System32

Wbem;C:

PROGRA

ATITEC

ATICON

PROGRA

COMMON

AUTODE

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR

ARCHITECTURE=x86

PROCESSOR

IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel

PROCESSOR

LEVEL=15

PROCESSOR

REVISION=0207

PROGRAMFILES=C:

PROGRA

PROMPT=$P$G

SESSIONNAME=Console

SYSTEMDRIVE=C:

SYSTEMROOT=C:

WINDOWS

TEMP=C:

WINDOWS

TMP=C:

WINDOWS

USERDOMAIN=ENGLAPTOP1

USERNAME=Administrator

USERPROFILE=C:

DOCUME

ADMINI

BLASTER=A220 I5 D1 P330 T3

exitclean

restorezero

abort

DGROUP

MMODEL

goodbye

memory

hexval

hatoi

strfcpy

since

since

string

stringx

clean

string

clean

string

listx

clean

clean

clean

string

stringx

cross

check

build

exceptlist

filelist

unhide

filelist

ftmstr

fdtstr

fatstr

intro

options

charcat

strsubst

memfind

memifind

grepfind

readarg

check

quotes

split

filename

access

atexit

close

fcloseall

CPUTN

cprintf

gmtime

localtime

asctime

ctime

mktime

strftime

DOSENV

fclose

fflush

flushall

fopen

freopen

fdopen

fprintf

fread

fseek

ftell

getdate

gettime

getswitchar

setswitchar

gettext

puttext

movetext

printf

fputc

fputc

fputchar

FPUTN

putch

SCREENIO

VALIDATEXY

SCROLL

setupio

setvbuf

sprintf

vsprintf

stime

stpcpy

strtok

system

dostounix

unixtodos

MKNAME

tmpnam

tolower

toupper

wherexy

wherex

wherey

write

xfclose

xfflush

chdir

getdisk

setdisk

chmod

close

VideoInt

c0crtinit

crtinit

findfirst

findnext

fgetc

fgetc

Nfgetc

fgetchar

getch

getche

Ngetche

Nungetch

ungetch

getenv

ioctl

IOERROR

isatty

kbhit

lseek

LONGTOA

ultoa

memcpy

setmem

memset

movmem

memmove

setdate

settime

setjmp

longjmp

strcat

strcpy

stricmp

strlen

strncpy

tzset

ISDST

unlink

VPRINTER

write

LUDIV

LUDIV

LUDIV

LUMOD

LUMOD

LUMOD

SCOPY

SCOPY

SCOPY

malloc

realloc

LXMUL

REALCVT

spawn

DATASEG

Int0Vector

Int4Vector

Int5Vector

Int6Vector

C0argc

C0argv

C0environ

envLng

envseg

envSize

osmajor

version

osminor

errno

StartTime

heapbase

brklvl

heapbase

brklvl

heaptop

logfile

ctlfile

exlist

exdir

exalist

szlist

dtlist

tmlist

options

globfnd

confirm

except

logic

logic

stats

masks

sniflog

snifctl

atexitcnt

ctype

exitbuf

exitfopen

exitopen

streams

openfd

fmode

notUmask

heaplen

stklen

wscroll

video

directvideo

doserrno

dosErrorToSV

monthDay

tzname

timezone

daylight

first

rover

environ

ScanTodVector

RealCvtVector

loginfo

logform

start

stats

finfo

atexittbl

tmpnum

setargv

turboCrt

setenvp

AHSHIFT

AHINCR

C0.ASM

SNIF.C

ACCESS

ATEXIT

CLOSE

CLOSEALL

CPRINTF

CTIME

CTYPE

DOSENV

FCLOSE

FFLUSH

FILES

FILES2

FLUSHALL

FMODE

FOPEN

FPRINTF

FREAD

FSEEK

GETDATE

GETSWIT

GPTEXT

HEAPLEN

MOVETEXT

PRINTF

PUTCH

SCREEN

SCROLL

SETUPIO

SETVBUF

SPRINTF

STIME

STKLEN

STPCPY

STRTOK

SYSTEM

TIMECVT

TMPNAM

TOLOWER

TOUPPER

WHEREXY

WRITE

WSCROLL

XFCLOSE

XFFLUSH

CHDIR

CHMODA

CLOSEA

CRTINIT

FINDFIRS

GETCH

GETENV

IOCTL

IOERROR

ISATTY

KBHIT

LSEEK

MEMCPY

MEMSET

MOVMEM

OPENA

READA

SETDATE

SETJMP

STRCAT

STRCPY

STRICMP

STRLEN

STRNCPY

TZSET

UNLINK

VPRINTER

WRITEA

SCOPY

NEARHEAP

LXMUL

REALCVT

SETARGV

SETENVP

SPAWN

CPUTN

SCRE"IO

KNAME

>ERN>

LONGTOA

,b,SD

VPRIN

XMULVe

MToSd.cT

hDB*"

Diyzx

R$Cvt

urboC

AHSHIR0F

ACCES

PAW*Z

ows 95 / Windows NT Exe

IDQ.DLL MS Windows 95 / Windows NT Exe

IEAKENG.DLL MS Windows 95 / Windows NT Exe

IEAKSIE.DLL MS Windows 95 / Windows NT Exe

IEAKUI.DLL MS WiDLL MS Windows 95 / Windows NT Exe

MSVIDEO.DLL MS Windows: "Microsoft Video For Windows APIs"

MSW3PRT

Windows 95 / Windows NT Exe

MSWDAT10.DLL MS Windows 95 / Windows NT Exe

MSWEBDVD.DLL MS Windows 95 / Windows NT Exe

MSWMDM.DLL MS Windows 95 / Windows NT Exe

MSWSOCK.DLL MS Windows 95 / Windows NT Exe

MSWSTR10.DLL MS Windows 95 / Windows NT Exe

MSXBDE40.DLL MS Windows 95 / Windows NT Exe

MSXBSE35.DLL MS Windows 95 / Windows NT Exe

MSXML.DLL MS Windows 95 / Windows NT Exe

MSXML2.DLL MS Windows 95 / Windows NT Exe

MSXML2R.DLL MS Windows 95 / Windows NT Exe

MSXML3.DLL MS Windows 95 / Windows NT Exe

MSXML3A.DLL MS Windows 95 / Windows NT Exe

MSXML3R.DLL MS Windows 95 / Windows NT Exe

MSXMLR.DLL MS Windows 95 / Windows NT Exe

MSYUV.DLL MS Windows 95 / Windows NT Exe

MTXCLU.DLL MS Windows 95 / Windows NT Exe

MTXDM.DLL MS Windows 95 / Windows NT Exe

MTXEX.DLL MS Windows 95 / Windows NT Exe

MTXLEGIH.DLL MS Windows 95 / Windows NT Exe

MTXOCI.DLL MS Windows 95 / Windows NT Exe

MYCOMPUT.DLL MS Windows 95 / Windows NT Exe

MYDOCS.DLL MS Windows 95 / Windows NT Exe

NARRHOOK.DLL MS Windows 95 / Windows NT Exe

NCOBJAPI.DLL MS Windows 95 / Windows NT Exe

NCXPNT.DLL MS Windows 95 / Windows NT Exe

NDDEAPI.DLL MS Windows 95 / Windows NT Exe

NDDENB32.DLL MS Windows 95 / Windows NT Exe

NETAPI.DLL MS Windows: "Microsoft LAN Manager API Library, Copyright© M..."

NETAPI32.DLL MS Windows 95 / Windows NT Exe

NETCFGX.DLL MS Windows 95 / Windows NT Exe

NETEVENT.DLL MS Windows 95 / Windows NT Exe

NETFXP

1.DLL MS Windows 95 / Windows NT Exe

NETH.DLL MS Windows 95 / Windows NT Exe

NETID.DLL MS Windows 95 / Windows NT Exe

NETLOGON.DLL MS Windows 95 / Windows NT Exe

NETMAN.DLL MS Windows 95 / Windows NT Exe

NETMSG.DLL MS Windows 95 / Windows NT Exe

NETPLWIZ.DLL MS Windows 95 / Windows NT Exe

NETRAP.DLL MS Windows 95 / Windows NT Exe

NETSHELL.DLL MS Windows 95 / Windows NT Exe

NETUI0.DLL MS Windows 95 / Windows NT Exe

NETUI1.DLL MS Windows 95 / Windows NT Exe

NETUI2.DLL MS Windows 95 / Windows NT Exe

NEWDEV.DLL MS Windows 95 / Windows NT Exe

NLHTML.DLL MS Windows 95 / Windows NT Exe

NMEVTMSG.DLL MS Windows 95 / Windows NT Exe

NMMKCERT.DLL MS Windows 95 / Windows NT Exe

NPPTOOLS.DLL MS Windows 95 / Windows NT Exe

NTDLL.DLL MS Windows 95 / Windows NT Exe

NTDSAPI.DLL MS Windows 95 / Windows NT Exe

NTDSBCLI.DLL MS Windows 95 / Windows NT Exe

NTLANMAN.DLL MS Windows 95 / Windows NT Exe

NTLANUI.DLL MS Windows 95 / Windows NT Exe

NTLANUI2.DLL MS Windows 95 / Windows NT Exe

NTLSAPI.DLL MS Windows 95 / Windows NT Exe

NTMARTA.DLL MS Windows 95 / Windows NT Exe

NTMSAPI.DLL MS Windows 95 / Windows NT Exe

NTMSDBA.DLL MS Windows 95 / Windows NT Exe

NTMSEVT.DLL MS Windows 95 / Windows NT Exe

NTMSMGR.DLL MS Windows 95 / Windows NT Exe

NTMSSVC.DLL MS Windows 95 / Windows NT Exe

NTPRINT.DLL MS Windows 95 / Windows NT Exe

NTSDEXTS.DLL MS Windows 95 / Windows NT Exe

NTSHRUI.DLL MS Windows 95 / Windows NT Exe

NTVDMD.DLL MS Windows 95 / Windows NT Exe

DISP.DLL MS Windows 95 / Windows NT Exe

NWAPI16.DLL MS Windows 95 / Windows NT Exe

NWAPI32.DLL MS Windows 95 / Windows NT Exe

NWCFG.DLL MS Windows 95 / Windows NT Exe

NWEVENT.DLL MS Windows 95 / Windows NT Exe

NWPROVAU.DLL MS Windows 95 / Windows NT Exe

NWWKS.DLL MS Windows 95 / Windows NT Exe

OAKLEY.DLL MS Windows 95 / Windows NT Exe

OBJSEL.DLL MS Windows 95 / Windows NT Exe

OCCACHE.DLL MS Windows 95 / Windows NT Exe

OCMANAGE.DLL MS Windows 95 / Windows NT Exe

ODBC16GT.DLL MS Windows: "ODBC Generic Thunk API library (16-bit), Copyrigh..."

ODBC32.DLL MS Windows 95 / Windows NT Exe

ODBC32GT.DLL MS Windows 95 / Windows NT Exe

ODBCBCP.DLL MS Windows 95 / Windows NT Exe

ODBCCONF.DLL MS Windows 95 / Windows NT Exe

ODBCCP32.DLL MS Windows 95 / Windows NT Exe

ODBCCR32.DLL MS Windows 95 / Windows NT Exe

ODBCCU32.DLL MS Windows 95 / Windows NT Exe

ODBCINT.DLL MS Windows 95 / Windows NT Exe

ODBCJI32.DLL MS Windows 95 / Windows NT Exe

ODBCJT32.DLL MS Windows 95 / Windows NT Exe

ODBCP32R.DLL MS Windows 95 / Windows NT Exe

ODBCTRAC.DLL MS Windows 95 / Windows NT Exe

ODDBSE32.DLL MS Windows 95 / Windows NT Exe

ODEXL32.DLL MS Windows 95 / Windows NT Exe

ODFOX32.DLL MS Windows 95 / Windows NT Exe

ODPDX32.DLL MS Windows 95 / Windows NT Exe

ODTEXT32.DLL MS Windows 95 / Windows NT Exe

OEMDSPIF.DLL MS Windows 95 / Windows NT Exe

OFFFILT.DLL MS Windows 95 / Windows NT Exe

OLE2.DLL MS Windows: "obj

ole2.exe"

OLE2DISP.DLL MS Windows: "OLE Automation Library"

OLE2NLS.DLL MS Windows: "National Language Support Library"

OLE32.DLL MS Windows 95 / Windows NT Exe

OLEACC.DLL MS Windows 95 / Windows NT Exe

OLEACCRC.DLL MS Windows 95 / Windows NT Exe

OLEAUT32.DLL MS Windows 95 / Windows NT Exe

OLECLI.DLL MS Windows: "OLE Client. support © Copyright Microsoft Corp...."

OLECLI32.DLL MS Windows 95 / Windows NT Exe

OLECNV32.DLL MS Windows 95 / Windows NT Exe

OLEDLG.DLL MS Windows 95 / Windows NT Exe

OLEPRN.DLL MS Windows 95 / Windows NT Exe

OLEPRO32.DLL MS Windows 95 / Windows NT Exe

OLESVR.DLL MS Windows: "OLE Server. © Copyright Microsoft Corp. 1990 - ..."

OLESVR32.DLL MS Windows 95 / Windows NT Exe

OLETHK32.DLL MS Windows 95 / Windows NT Exe

OPENGL32.DLL MS Windows 95 / Windows NT Exe

OSUNINST.DLL MS Windows 95 / Windows NT Exe

PANMAP.DLL MS Windows 95 / Windows NT Exe

PAQSP.DLL MS Windows 95 / Windows NT Exe

PAUTOENR.DLL MS Windows 95 / Windows NT Exe

PCDLIB32.DLL MS Windows 95 / Windows NT Exe

PDH.DLL MS Windows 95 / Windows NT Exe

PERFCTRS.DLL MS Windows 95 / Windows NT Exe

PERFDISK.DLL MS Windows 95 / Windows NT Exe

PERFNET.DLL MS Windows 95 / Windows NT Exe

PERFNW.DLL MS Windows 95 / Windows NT Exe

PERFOS.DLL MS Windows 95 / Windows NT Exe

PERFPROC.DLL MS Windows 95 / Windows NT Exe

PERFTS.DLL MS Windows 95 / Windows NT Exe

PHOTOWIZ.DLL MS Windows 95 / Windows NT Exe

PID.DLL MS Windows 95 / Windows NT Exe

PIDGEN.DLL MS Windows 95 / Windows NT Exe

PIFMGR.DLL MS Windows 95 / Windows NT Exe

PJLMON.DLL MS Windows 95 / Windows NT Exe

PLUSTAB.DLL MS Windows 95 / Windows NT Exe

PMSPL.DLL MS Windows: "Microsoft LAN Manager Spooler APIs, Copyright© ..."

PNCRT.DLL MS Windows 95 / Windows NT Exe

PNDX5016.DLL MS Windows: "Extract Device Node status."

PNDX5032.DLL MS Windows 95 / Windows NT Exe

PNGFILT.DLL MS Windows 95 / Windows NT Exe

POLSTORE.DLL MS Windows 95 / Windows NT Exe

POWRPROF.DLL MS Windows 95 / Windows NT Exe

PRFLBMSG.DLL MS Windows 95 / Windows NT Exe

PRINTUI.DLL MS Windows 95 / Windows NT Exe

PROFMAP.DLL MS Windows 95 / Windows NT Exe

PSAPI.DLL MS Windows 95 / Windows NT Exe

PSBASE.DLL MS Windows 95 / Windows NT Exe

PSCHDPRF.DLL MS Windows 95 / Windows NT Exe

PSISDECD.DLL MS Windows 95 / Windows NT Exe

PSNPPAGN.DLL MS Windows 95 / Windows NT Exe

PSTOREC.DLL MS Windows 95 / Windows NT Exe

PSTORSVC.DLL MS Windows 95 / Windows NT Exe

PUBDLG.DLL MS Windows 95 / Windows NT Exe

QASF.DLL MS Windows 95 / Windows NT Exe

QCAP.DLL MS Windows 95 / Windows NT Exe

QDV.DLL MS Windows 95 / Windows NT Exe

QDVD.DLL MS Windows 95 / Windows NT Exe

QEDIT.DLL MS Windows 95 / Windows NT Exe

QEDWIPES.DLL MS Windows 95 / Windows NT Exe

QMGR.DLL MS Windows 95 / Windows NT Exe

QMGRPRXY.DLL MS Windows 95 / Windows NT Exe

QOSNAME.DLL MS Windows 95 / Windows NT Exe

QUARTZ.DLL MS Windows 95 / Windows NT Exe

QUERY.DLL MS Windows 95 / Windows NT Exe

RACPLDLG.DLL MS Windows 95 / Windows NT Exe

RASADHLP.DLL MS Windows 95 / Windows NT Exe

RASAPI32.DLL MS Windows 95 / Windows NT Exe

RASAUTO.DLL MS Windows 95 / Windows NT Exe

RASCHAP.DLL MS Windows 95 / Windows NT Exe

RASCTRS.DLL MS Windows 95 / Windows NT Exe

RASDLG.DLL MS Windows 95 / Windows NT Exe

RASMAN.DLL MS Windows 95 / Windows NT Exe

RASMANS.DLL MS Windows 95 / Windows NT Exe

RASMONTR.DLL MS Windows 95 / Windows NT Exe

RASMXS.DLL MS Windows 95 / Windows NT Exe

RASPPP.DLL MS Windows 95 / Windows NT Exe

RASRAD.DLL MS Windows 95 / Windows NT Exe

RASSAPI.DLL MS Windows 95 / Windows NT Exe

RASSER.DLL MS Windows 95 / Windows NT Exe

RASTAPI.DLL MS Windows 95 / Windows NT Exe

RASTLS.DLL MS Windows 95 / Windows NT Exe

RCBDYCTL.DLL MS Windows 95 / Windows NT Exe

RDCHOST.DLL MS Windows 95 / Windows NT Exe

RDOCURS.DLL MS Windows 95 / Windows NT Exe

RDPCFGEX.DLL MS Windows 95 / Windows NT Exe

RDPDD.DLL MS Windows 95 / Windows NT Exe

RDPSND.DLL MS Windows 95 / Windows NT Exe

RDPWSX.DLL MS Windows 95 / Windows NT Exe

REGACAD.DLL MS Windows 95 / Windows NT Exe

REGAPI.DLL MS Windows 95 / Windows NT Exe

REGSVC.DLL MS Windows 95 / Windows NT Exe

REGWIZC.DLL MS Windows 95 / Windows NT Exe

REMOTEPG.DLL MS Windows 95 / Windows NT Exe

REND.DLL MS Windows 95 / Windows NT Exe

RESUTILS.DLL MS Windows 95 / Windows NT Exe

RICHED20.DLL MS Windows 95 / Windows NT Exe

RICHED32.DLL MS Windows 95 / Windows NT Exe

RMOC3260.DLL MS Windows 95 / Windows NT Exe

RNR20.DLL MS Windows 95 / Windows NT Exe

ROBOEX32.DLL MS Windows 95 / Windows NT Exe

ROUTETAB.DLL MS Windows 95 / Windows NT Exe

RPCNS4.DLL MS Windows 95 / Windows NT Exe

RPCRT4.DLL MS Windows 95 / Windows NT Exe

RPCSS.DLL MS Windows 95 / Windows NT Exe

RSAENH.DLL MS Windows 95 / Windows NT Exe

RSFSAPS.DLL MS Windows 95 / Windows NT Exe

RSHX32.DLL MS Windows 95 / Windows NT Exe

RSMPS.DLL MS Windows 95 / Windows NT Exe

RSVPMSG.DLL MS Windows 95 / Windows NT Exe

RSVPPERF.DLL MS Windows 95 / Windows NT Exe

RSVPSP.DLL MS Windows 95 / Windows NT Exe

RTCDLL.DLL MS Windows 95 / Windows NT Exe

RTIPXMIB.DLL MS Windows 95 / Windows NT Exe

RTM.DLL MS Windows 95 / Windows NT Exe

RTUTILS.DLL MS Windows 95 / Windows NT Exe

S32EVNT1.DLL MS Windows 95 / Windows NT Exe

S32STAT.DLL MS Windows 95 / Windows NT Exe

SAFRCDLG.DLL MS Windows 95 / Windows NT Exe

SAFRDM.DLL MS Windows 95 / Windows NT Exe

SAFRSLV.DLL MS Windows 95 / Windows NT Exe

SAMLIB.DLL MS Windows 95 / Windows NT Exe

SAMSRV.DLL MS Windows 95 / Windows NT Exe

SBE.DLL MS Windows 95 / Windows NT Exe

SBEIO.DLL MS Windows 95 / Windows NT Exe

SCARDDLG.DLL MS Windows 95 / Windows NT Exe

SCARDSSP.DLL MS Windows 95 / Windows NT Exe

SCCBASE.DLL MS Windows 95 / Windows NT Exe

SCCSCCP.DLL MS Windows 95 / Windows NT Exe

SCECLI.DLL MS Windows 95 / Windows NT Exe

SCESRV.DLL MS Windows 95 / Windows NT Exe

SCHANNEL.DLL MS Windows 95 / Windows NT Exe

SCHEDSVC.DLL MS Windows 95 / Windows NT Exe

SCLGNTFY.DLL MS Windows 95 / Windows NT Exe

SCP32.DLL MS Windows 95 / Windows NT Exe

SCREDIR.DLL MS Windows 95 / Windows NT Exe

SCRIPTO.DLL MS Windows 95 / Windows NT Exe

SCRIPTPW.DLL MS Windows 95 / Windows NT Exe

SCROBJ.DLL MS Windows 95 / Windows NT Exe

SCRRUN.DLL MS Windows 95 / Windows NT Exe

SDPBLB.DLL MS Windows 95 / Windows NT Exe

SECLOGON.DLL MS Windows 95 / Windows NT Exe

SECUR32.DLL MS Windows 95 / Windows NT Exe

SECURITY.DLL MS Windows 95 / Windows NT Exe

SENDCMSG.DLL MS Windows 95 / Windows NT Exe

SENDMAIL.DLL MS Windows 95 / Windows NT Exe

SENS.DLL MS Windows 95 / Windows NT Exe

SENSAPI.DLL MS Windows 95 / Windows NT Exe

SENSCFG.DLL MS Windows 95 / Windows NT Exe

SERIALUI.DLL MS Windows 95 / Windows NT Exe

SERVDEPS.DLL MS Windows 95 / Windows NT Exe

SERWVDRV.DLL MS Windows 95 / Windows NT Exe

SETUPAPI.DLL MS Windows 95 / Windows NT Exe

SETUPDD.DLL MS Windows 95 / Windows NT Exe

SETUPDLL.DLL MS Windows 95 / Windows NT Exe

SFC.DLL MS Windows 95 / Windows NT Exe

SFCFILES.DLL MS Windows 95 / Windows NT Exe

OS.DLL MS Windows 95 / Windows NT Exe

SFMAPI.DLL MS Windows 95 / Windows NT Exe

SHDOCLC.DLL MS Windows 95 / Windows NT Exe

SHDOCVW.DLL MS Windows 95 / Windows NT Exe

SHELL.DLL MS Windows: "WOW REPLACEMENT SHELL"

SHELL32.DLL MS Windows 95 / Windows NT Exe

SHELLS

1.DLL MS Windows 95 / Windows NT Exe

SHFOLDER.DLL MS Windows 95 / Windows NT Exe

SHGINA.DLL MS Windows 95 / Windows NT Exe

SHIMENG.DLL MS Windows 95 / Windows NT Exe

SHIMGVW.DLL MS Windows 95 / Windows NT Exe

SHLWAPI.DLL MS Windows 95 / Windows NT Exe

SHMEDIA.DLL MS Windows 95 / Windows NT Exe

SHSCRAP.DLL MS Windows 95 / Windows NT Exe

SHSVCS.DLL MS Windows 95 / Windows NT Exe

SIGTAB.DLL MS Windows 95 / Windows NT Exe

SISBKUP.DLL MS Windows 95 / Windows NT Exe

SKDLL.DLL MS Windows 95 / Windows NT Exe

SLAYERXP.DLL MS Windows 95 / Windows NT Exe

SLBCSP.DLL MS Windows 95 / Windows NT Exe

SLBIOP.DLL MS Windows 95 / Windows NT Exe

SLBRCCSP.DLL MS Windows 95 / Windows NT Exe

SMLOGCFG.DLL MS Windows 95 / Windows NT Exe

SNMPAPI.DLL MS Windows 95 / Windows NT Exe

SNMPSNAP.DLL MS Windows 95 / Windows NT Exe

SOFTPUB.DLL MS Windows 95 / Windows NT Exe

SPMSG.DLL MS Windows 95 / Windows NT Exe

SPNIKE.DLL MS Windows 95 / Windows NT Exe

SPOOLSS.DLL MS Windows 95 / Windows NT Exe

SPRIO600.DLL MS Windows 95 / Windows NT Exe

SPRIO800.DLL MS Windows 95 / Windows NT Exe

SPXCOINS.DLL MS Windows 95 / Windows NT Exe

SQLSRV32.DLL MS Windows 95 / Windows NT Exe

SQLUNIRL.DLL MS Windows 95 / Windows NT Exe

SQLWID.DLL MS Windows 95 / Windows NT Exe

SQLWOA.DLL MS Windows 95 / Windows NT Exe

SRCLIENT.DLL MS Windows 95 / Windows NT Exe

SRRSTR.DLL MS Windows 95 / Windows NT Exe

SRSVC.DLL MS Windows 95 / Windows NT Exe

SRVSVC.DLL MS Windows 95 / Windows NT Exe

SSDPAPI.DLL MS Windows 95 / Windows NT Exe

SSDPSRV.DLL MS Windows 95 / Windows NT Exe

STCLIENT.DLL MS Windows 95 / Windows NT Exe

STI.DLL MS Windows 95 / Windows NT Exe

CI.DLL MS Windows 95 / Windows NT Exe

STOBJECT.DLL MS Windows 95 / Windows NT Exe

STORAGE.DLL MS Windows: "obj

storage.exe"

STORPROP.DLL MS Windows 95 / Windows NT Exe

STREAMCI.DLL MS Windows 95 / Windows NT Exe

STRMDLL.DLL MS Windows 95 / Windows NT Exe

SVCPACK.DLL MS Windows 95 / Windows NT Exe

SWPRV.DLL MS Windows 95 / Windows NT Exe

SXS.DLL MS Windows 95 / Windows NT Exe

SYMEVNT1.DLL MS Windows: "SYMEvnt, Copyright 1993-1994, Symantec Corporation"

SYNCENG.DLL MS Windows 95 / Windows NT Exe

SYNCUI.DLL MS Windows 95 / Windows NT Exe

SYNTPAPI.DLL MS Windows 95 / Windows NT Exe

SYNTPCOI.DLL MS Windows 95 / Windows NT Exe

SYNTPFCS.DLL MS Windows 95 / Windows NT Exe

SYSINV.DLL MS Windows 95 / Windows NT Exe

SYSSETUP.DLL MS Windows 95 / Windows NT Exe

T2EMBED.DLL MS Windows 95 / Windows NT Exe

TAPI.DLL MS Windows: "obj

tapi.exe"

TAPI3.DLL MS Windows 95 / Windows NT Exe

TAPI32.DLL MS Windows 95 / Windows NT Exe

TAPIPERF.DLL MS Windows 95 / Windows NT Exe

TAPISRV.DLL MS Windows 95 / Windows NT Exe

TAPIUI.DLL MS Windows 95 / Windows NT Exe

TCPMIB.DLL MS Windows 95 / Windows NT Exe

TCPMON.DLL MS Windows 95 / Windows NT Exe

TCPMONUI.DLL MS Windows 95 / Windows NT Exe

TERMMGR.DLL MS Windows 95 / Windows NT Exe

TERMSRV.DLL MS Windows 95 / Windows NT Exe

THEMEUI.DLL MS Windows 95 / Windows NT Exe

TLNTSVRP.DLL MS Windows 95 / Windows NT Exe

TOOLHELP.DLL MS Windows: "TOOLHELP for WOW - Debug/Tool Helper library"

TRAFFIC.DLL MS Windows 95 / Windows NT Exe

TRKWKS.DLL MS Windows 95 / Windows NT Exe

TSAPPCMP.DLL MS Windows 95 / Windows NT Exe

TSBYUV.DLL MS Windows 95 / Windows NT Exe

TSCFGWMI.DLL MS Windows 95 / Windows NT Exe

TSD32.DLL MS Windows 95 / Windows NT Exe

TSDDD.DLL MS Windows 95 / Windows NT Exe

TXFLOG.DLL MS Windows 95 / Windows NT Exe

TYPELIB.DLL MS Windows: "OLE Automation Type Information Interfaces"

UDHISAPI.DLL MS Windows 95 / Windows NT Exe

UFAT.DLL MS Windows 95 / Windows NT Exe

ULIB.DLL MS Windows 95 / Windows NT Exe

UMANDLG.DLL MS Windows 95 / Windows NT Exe

UMDMXFRM.DLL MS Windows 95 / Windows NT Exe

UMPNPMGR.DLL MS Windows 95 / Windows NT Exe

UNIMDMAT.DLL MS Windows 95 / Windows NT Exe

UNIPLAT.DLL MS Windows 95 / Windows NT Exe

UNTFS.DLL MS Windows 95 / Windows NT Exe

UPNP.DLL MS Windows 95 / Windows NT Exe

UPNPHOST.DLL MS Windows 95 / Windows NT Exe

UPNPUI.DLL MS Windows 95 / Windows NT Exe

UREG.DLL MS Windows 95 / Windows NT Exe

URL.DLL MS Windows 95 / Windows NT Exe

URLMON.DLL MS Windows 95 / Windows NT Exe

USBMON.DLL MS Windows 95 / Windows NT Exe

USBUI.DLL MS Windows 95 / Windows NT Exe

USER32.DLL MS Windows 95 / Windows NT Exe

USERENV.DLL MS Windows 95 / Windows NT Exe

USP10.DLL MS Windows 95 / Windows NT Exe

USRCNTRA.DLL MS Windows 95 / Windows NT Exe

USRCOINA.DLL MS Windows 95 / Windows NT Exe

USRDPA.DLL MS Windows 95 / Windows NT Exe

USRDTEA.DLL MS Windows 95 / Windows NT Exe

USRFAXA.DLL MS Windows 95 / Windows NT Exe

USRLBVA.DLL MS Windows 95 / Windows NT Exe

USRRTOSA.DLL MS Windows 95 / Windows NT Exe

USRSDPIA.DLL MS Windows 95 / Windows NT Exe

USRSVPIA.DLL MS Windows 95 / Windows NT Exe

USRV42A.DLL MS Windows 95 / Windows NT Exe

USRV80A.DLL MS Windows 95 / Windows NT Exe

USRVOICA.DLL MS Windows 95 / Windows NT Exe

USRVPA.DLL MS Windows 95 / Windows NT Exe

UTILDLL.DLL MS Windows 95 / Windows NT Exe

UXTHEME.DLL MS Windows 95 / Windows NT Exe

VBAJET32.DLL MS Windows 95 / Windows NT Exe

VBAME.DLL MS Windows 95 / Windows NT Exe

VBAR332.DLL MS Windows 95 / Windows NT Exe

VBSCRIPT.DLL MS Windows 95 / Windows NT Exe

VCDEX.DLL MS Windows 95 / Windows NT Exe

VDMDBG.DLL MS Windows 95 / Windows NT Exe

VDMREDIR.DLL MS Windows 95 / Windows NT Exe

VER.DLL MS Windows: "VER - A Version stamping library"

VERIFIER.DLL MS Windows 95 / Windows NT Exe

VERSION.DLL MS Windows 95 / Windows NT Exe

VFPODBC.DLL MS Windows 95 / Windows NT Exe

VGA.DLL MS Windows 95 / Windows NT Exe

VGA256.DLL MS Windows 95 / Windows NT Exe

VGA64K.DLL MS Windows 95 / Windows NT Exe

VJOY.DLL MS Windows 95 / Windows NT Exe

VMHELPER.DLL MS Windows 95 / Windows NT Exe

VSSAPI.DLL MS Windows 95 / Windows NT Exe

PS.DLL MS Windows 95 / Windows NT Exe

VWIPXSPX.DLL MS Windows 95 / Windows NT Exe

W32TIME.DLL MS Windows 95 / Windows NT Exe

W32TOPL.DLL MS Windows 95 / Windows NT Exe

WAVEMSP.DLL MS Windows 95 / Windows NT Exe

WDIGEST.DLL MS Windows 95 / Windows NT Exe

WEBCHECK.DLL MS Windows 95 / Windows NT Exe

WEBCLNT.DLL MS Windows 95 / Windows NT Exe

WEBHITS.DLL MS Windows 95 / Windows NT Exe

WEBVW.DLL MS Windows 95 / Windows NT Exe

WIADEFUI.DLL MS Windows 95 / Windows NT Exe

WIADSS.DLL MS Windows 95 / Windows NT Exe

WIASCR.DLL MS Windows 95 / Windows NT Exe

WIASERVC.DLL MS Windows 95 / Windows NT Exe

WIASHEXT.DLL MS Windows 95 / Windows NT Exe

WIAVIDEO.DLL MS Windows 95 / Windows NT Exe

WIAVUSD.DLL MS Windows 95 / Windows NT Exe

WIFEMAN.DLL MS Windows: "WOW REPLACEMENT Font Driver Manager For WIFE"

WIN32SPL.DLL MS Windows 95 / Windows NT Exe

WIN87EM.DLL MS Windows: "Microsoft Windows 3.1 Coprocessor/Emulator Librar..."

WINBRAND.DLL MS Windows 95 / Windows NT Exe

WINFAX.DLL MS Windows 95 / Windows NT Exe

WINHTTP.DLL MS Windows 95 / Windows NT Exe

WININET.DLL MS Windows 95 / Windows NT Exe

WINIPSEC.DLL MS Windows 95 / Windows NT Exe

WINMM.DLL MS Windows 95 / Windows NT Exe

WINNLS.DLL MS Windows: "WOW REPLACEMENT WINNLS"

WINNTBBU.DLL MS Windows 95 / Windows NT Exe

WINRNR.DLL MS Windows 95 / Windows NT Exe

WINSCARD.DLL MS Windows 95 / Windows NT Exe

WINSOCK.DLL MS Windows: "BSD Socket API for Windows"

WINSRV.DLL MS Windows 95 / Windows NT Exe

WINSTA.DLL MS Windows 95 / Windows NT Exe

WINSTRM.DLL MS Windows 95 / Windows NT Exe

WINTRUST.DLL MS Windows 95 / Windows NT Exe

WKSSVC.DLL MS Windows 95 / Windows NT Exe

WLDAP32.DLL MS Windows 95 / Windows NT Exe

WLNOTIFY.DLL MS Windows 95 / Windows NT Exe

WMADMOD.DLL MS Windows 95 / Windows NT Exe

WMADMOE.DLL MS Windows 95 / Windows NT Exe

WMASF.DLL MS Windows 95 / Windows NT Exe

WMAUDSDK.DLL MS Windows 95 / Windows NT Exe

WMDMLOG.DLL MS Windows 95 / Windows NT Exe

WMDMPS.DLL MS Windows 95 / Windows NT Exe

WMERRENU.DLL MS Windows 95 / Windows NT Exe

WMERROR.DLL MS Windows 95 / Windows NT Exe

WMI.DLL MS Windows 95 / Windows NT Exe

WMIDX.DLL MS Windows 95 / Windows NT Exe

WMIPROP.DLL MS Windows 95 / Windows NT Exe

WMISCMGR.DLL MS Windows 95 / Windows NT Exe

WMNETMGR.DLL MS Windows 95 / Windows NT Exe

WMP.DLL MS Windows 95 / Windows NT Exe

WMPASF.DLL MS Windows 95 / Windows NT Exe

WMPCD.DLL MS Windows 95 / Windows NT Exe

WMPCORE.DLL MS Windows 95 / Windows NT Exe

WMPDXM.DLL MS Windows 95 / Windows NT Exe

WMPLOC.DLL MS Windows 95 / Windows NT Exe

WMPSHELL.DLL MS Windows 95 / Windows NT Exe

WMPUI.DLL MS Windows 95 / Windows NT Exe

WMSDMOD.DLL MS Windows 95 / Windows NT Exe

WMSDMOE.DLL MS Windows 95 / Windows NT Exe

WMSDMOE2.DLL MS Windows 95 / Windows NT Exe

WMSPDMOD.DLL MS Windows 95 / Windows NT Exe

WMSPDMOE.DLL MS Windows 95 / Windows NT Exe

WMSTREAM.DLL MS Windows 95 / Windows NT Exe

WMV8DMOD.DLL MS Windows 95 / Windows NT Exe

WMV9VCM.DLL MS Windows 95 / Windows NT Exe

WMVCORE.DLL MS Windows 95 / Windows NT Exe

WMVCORE2.DLL MS Windows 95 / Windows NT Exe

WMVDMOD.DLL MS Windows 95 / Windows NT Exe

WMVDMOE.DLL MS Windows 95 / Windows NT Exe

WMVDMOE2.DLL MS Windows 95 / Windows NT Exe

WOW32.DLL MS Windows 95 / Windows NT Exe

WOWFAX.DLL MS Windows 95 / Windows NT Exe

WOWFAXUI.DLL MS Windows 95 / Windows NT Exe

WS2HELP.DLL MS Windows 95 / Windows NT Exe

32.DLL MS Windows 95 / Windows NT Exe

WSECEDIT.DLL MS Windows 95 / Windows NT Exe

WSHATM.DLL MS Windows 95 / Windows NT Exe

WSHCON.DLL MS Windows 95 / Windows NT Exe

WSHEXT.DLL MS Windows 95 / Windows NT Exe

WSHIP6.DLL MS Windows 95 / Windows NT Exe

WSHISN.DLL MS Windows 95 / Windows NT Exe

WSHNETBS.DLL MS Windows 95 / Windows NT Exe

WSHRM.DLL MS Windows 95 / Windows NT Exe

WSHTCPIP.DLL MS Windows 95 / Windows NT Exe

WSNMP32.DLL MS Windows 95 / Windows NT Exe

WSOCK32.DLL MS Windows 95 / Windows NT Exe

WSTDECOD.DLL MS Windows 95 / Windows NT Exe

WTSAPI32.DLL MS Windows 95 / Windows NT Exe

WUAUENG.DLL MS Windows 95 / Windows NT Exe

WUAUSERV.DLL MS Windows 95 / Windows NT Exe

WZCDLG.DLL MS Windows 95 / Windows NT Exe

WZCSAPI.DLL MS Windows 95 / Windows NT Exe

WZCSVC.DLL MS Windows 95 / Windows NT Exe

XACTSRV.DLL MS Windows 95 / Windows NT Exe

XENROLL.DLL MS Windows 95 / Windows NT Exe

XOLEHLP.DLL MS Windows 95 / Windows NT Exe

XPSP1RES.DLL MS Windows 95 / Windows NT Exe

XPSP2RES.DLL MS Windows 95 / Windows NT Exe

ZIPFLDR.DLL MS Windows 95 / Windows NT Exe

ZLIB.DLL MS Windows 95 / Windows NT Exe

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

CREATI

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

CREATI

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

WINDOWS

SYSTEM32

MACROMED

SHOCKW

XTRAS

DOWNLOAD

SHOCKW

WINDOWS

SYSTEM32

SPOOL

DRIVERS

W32X86

HEWLET

WINDOWS

SYSTEM32

SPOOL

DRIVERS

W32X86

HEWLET

WINDO

**File C:\FINDnFIX\WIN.TXT

 

I would appear that it is gone...at least the kbdij.dll version....but will it come back. I have installed Spyblaster and my hope is that this will prevent further attacks. Please advise.

Share this post


Link to post
Share on other sites

Just a note...all of the above info was while I was running in administrator mode. I have since logged on as the user and have checked his Highjack log. It had a couple of reference to about:blank which I deleted. Would you like to see the users logs...they are almost identical to the admin's now.

 

Thanks again.... :D .

Share this post


Link to post
Share on other sites

The good news is that yes, it is gone :) Nice work.

 

Can you run HijackThis and delete ALL O16 entries - There are quite a few bad ones there and deleting all will not harm anything. If you need the apps, they will simply get downloaded the next time you visit the relevant site. ONLY the O16 entries though - Nothing else.

 

Reboot and post a new HijackThis log for further review.

 

Also ...

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Share this post


Link to post
Share on other sites

Ok...here is what I hope to be the last of this...hehe. My latest log file in admin mode.....

 

Logfile of HijackThis v1.97.7

Scan saved at 11:10:01 PM, on 28/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\Program Files\Command Software\Command AntiVirus\schscnt.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\carpserv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\NILaunch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

C:\Program Files\Dell\AccessDirect\DadTray.exe

C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Hijack this\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe

O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe

O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe

O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ConferenceRoom Java Client - http://forum.tec-man.com:8000/java/cr.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://208.38.61.142/tgpub/tgutil/controls/mgaxctrl6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CCS\Services\Tcpip\..\{C95D812A-2816-4967-B74C-574C2EABAC14}: NameServer = 198.0.55.1,199.185.220.36,209.115.152.150

O17 - HKLM\System\CS1\Services\Tcpip\..\{02BD0F15-1FCF-4E72-957D-936204A57AF5}: NameServer = 198.80.55.1,199.185.220.36,209.115.152.150

 

Oh by the way...you are the man....:).

Share this post


Link to post
Share on other sites

Yes, you are indeed clean :)

 

The following is a recommended maintenance regime for Windows XP:

  1. The following DIRECTORY CONTENTS (But not the directory), need to be regularly emptied. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". Click on "Apply to All Folders" and then respond "Yes" when prompted and click on "OK" to apply the change.
    • %windir%\prefetch\
    • %windir%\Temp\
    • %temp%\
    • %userprofile%\Local Settings\Temp\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

[*]Click on "Start" => "Settings" => "Control Panel" => "Internet Options". Click on "Delete Files", select "Delete All Offline Content" and click on "OK". Click on "OK" once more to close the options panel.

[*]Right click on "Recycle Bin" and select "Empty Recycle Bin" and respond "Yes" when prompted.

[*]Back-Up your files. You can use Windows backup which must be installed from the XP CD <cd-Drive>\valuadd\msft\ntbackup. Be sure to back up the following:

  • Office documents
  • Email data - Messages and address book
  • Games saves.
  • Digital Photos and other artwork.
  • Moveis that you have created or edited.
  • MP3's and other music files.
  • Browser favorites and bookmarks.
  • Downloaded files/programs.
  • Passwords, security codes etc for anything that is password protected like Quicken.
  • Activation codes for applications doownloaded and registered.

[*]Do not go without an anti-virus program. Free ones include:

[*]Be sure to run a periodic Trojan Scan with any of the following programs:

[*]Use a Firewall such as ZoneAlarm

[*]Regularly scan for adware and spyware using the following programs:

[*]Defragment your system. Click on "Start" => "Programs" => "Accessories" => "System Tools" => "Disk Defragmenter".

[*]Update your system. Go to Microsoft Windows Update and download all critical updates for your system.

[*]Cleanup Your Disk. Click on "Start" => "Programs" => "Accessories" => "System Tools" => "Disk Cleanup".

[*]Clear your icon cache. Delete the following file: %userprofile%\Local Settings\Application Data\IconCache.db. Reboot.

Share this post


Link to post
Share on other sites

Again...thank you for all your help. Without people like you this thing called the internet would be nothing but a seething pit of goo.....:).

Share this post


Link to post
Share on other sites

It has been a pleasure to help you :)

 

The problems here look to be resolved so I will close the thread. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

 

If you would like to make a contribution to help support SpywareInfo, please check this link for more information.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0