Help - Search - Members - Calendar
Full Version: Please check out my log, I think i'm infected.
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Grn92LX
Oct 2 2005, 08:01 PM
Logfile of HijackThis v1.99.1
Scan saved at 3:58:30 PM, on 10/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HIjackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stangnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stangnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


I keep getting a virus scan wrning popping up and it also says the files aren't cleanable. A0082953.EXE.VIR and ZIGZOWC.EXE.VIR is what comes up.

Help!

Mike
LoPhatPhuud
Oct 2 2005, 09:33 PM
What are the files located? I know this, A0082953.EXE.VIR, is in your System Restore area and is safe there. It cannot execute from there by itself. Resetting the Restore area will remove it. Do not clear it now. We need to make sure you are clean first.

THe HJT log did not show anything so we need to look a little deeper.

Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.
Grn92LX
Oct 3 2005, 01:17 AM
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\System32\userinit.exe Userinit Logon Application Microsoft Windows Publisher c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Windows Publisher c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ BCMSMMSG Modem Messaging Applet Microsoft Windows Hardware Compatibility Publisher c:\windows\bcmsmmsg.exe

+ gcasServ Microsoft AntiSpyware Service Microsoft Corporation c:\program files\microsoft antispyware\gcasserv.exe

+ McAfeeUpdaterUI Common User Interface (Not verified) Network Associates, Inc. c:\program files\network associates\common framework\updaterui.exe

+ NeroCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ Network Associates Error Reporting Service TalkBack Monitor (Not verified) Network Associates, Inc. c:\program files\common files\network associates\talkback\tbmon.exe

+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe

+ ShStatEXE On-access scanner statistics (Not verified) Network Associates, Inc. c:\program files\network associates\virusscan\shstat.exe

+ SunJavaUpdateSched Java™ 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_04\bin\jusched.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ Digital Line Detect.lnk Digital Line Detection (Not verified) BVRP Software c:\program files\digital line detect\dlg.exe

+ Microsoft Works Calendar Reminders.lnk Microsoft® Works Calendar Reminder Service (Not verified) Microsoft® Corporation c:\program files\common files\microsoft shared\works shared\wkcalrem.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe

+ DellSupport Dell Support (Not verified) Gteko Ltd. c:\program files\dell support\dsagnt.exe

HKLM\System\CurrentControlSet\Services

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ CiSvc Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. Microsoft Windows Publisher c:\windows\system32\cisvc.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Windows Publisher c:\windows\system32\services.exe

+ ewido security suite control ewido control (Not verified) ewido networks c:\program files\ewido\security suite\ewidoctrl.exe

+ ewido security suite guard guard (Not verified) ewido networks c:\program files\ewido\security suite\ewidoguard.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ McAfeeFramework Shared component framework for McAfee products (Not verified) Network Associates, Inc. c:\program files\network associates\common framework\frameworkservice.exe

+ McShield On-Access Scanner service (Not verified) Network Associates, Inc. c:\program files\network associates\virusscan\mcshield.exe

+ McTaskManager Task Manager : scheduling and OAS alerting service (Not verified) Network Associates, Inc. c:\program files\network associates\virusscan\vstskmgr.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Windows Publisher c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SamSs Stores security information for local user accounts. Microsoft Windows Publisher c:\windows\system32\lsass.exe

+ SBService ScriptBlocking registration Symantec Corporation c:\program files\common files\symantec shared\script blocking\sbserv.exe

+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ ShellHWDetection Generic Host Process for Win32 Services Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Spooler Loads files to memory for later printing. Microsoft Windows XP Publisher c:\windows\system32\spoolsv.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ Themes Provides user experience theme management. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ UMWdf Enables Windows user mode drivers. Microsoft Windows Component Publisher c:\windows\system32\wdfmgr.exe

+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ wuauserv Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Microsoft Windows Publisher c:\windows\system32\svchost.exe

+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Windows Publisher c:\windows\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Windows Publisher c:\windows\system32\iedkcs32.dll

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Internet Explorer Windows Setup API Microsoft Windows Publisher c:\windows\system32\setupapi.dll

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Windows Publisher c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Windows Publisher c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Windows Publisher c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Windows Publisher c:\windows\system32\regsvr32.exe

+ Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Windows Component Publisher c:\windows\inf\unregmp2.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Windows Publisher c:\windows\system32\advpack.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Windows Publisher c:\windows\system32\stobject.dll

+ WebCheck File not found: CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ ewido shell guard c:\program files\ewido\security suite\shellhook.dll

+ Microsoft AntiSpyware Service Hook Microsoft AntiSpyware Shell Extension Microsoft Corporation c:\program files\microsoft antispyware\shellextension.dll

+ shell32.dll Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Windows Publisher c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Windows Publisher c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Windows Publisher c:\windows\system32\occache.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Windows XP Publisher c:\windows\system32\wuaucpl.cpl

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Windows Publisher c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Channel File Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Handler Object Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Menu Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Properties Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Channel Shortcut Channel Definition File Viewer Microsoft Windows XP Publisher c:\windows\system32\cdfview.dll

+ Code Download Agent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Windows Publisher c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Windows Publisher c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ DfsShell Distributed File System shell extension Microsoft Windows Publisher c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Windows Publisher c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Windows Publisher c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Windows Publisher c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Windows Publisher c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Windows Publisher c:\windows\system32\deskmon.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Windows Publisher c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ DS Security Page Directory Service Security UI Microsoft Windows Publisher c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Extensions Manager Folder Extensions Manager Microsoft Windows Publisher c:\windows\system32\extmgr.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Fonts Windows Font Folder Microsoft Windows Publisher c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Windows Publisher c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Windows Publisher c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Windows Publisher c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ History Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Microsoft Windows Publisher c:\windows\system32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Windows Publisher c:\windows\system32\icmui.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Internet Name Space Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ InternetShortcut Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Windows Publisher c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Windows Publisher c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Windows Publisher c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\mmcshext.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Windows Publisher c:\windows\system32\mmsys.cpl

+ MyDocs Copy Hook My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Windows Publisher c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Windows Publisher c:\windows\system32\netshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ Offline Files Folder Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Windows Publisher c:\windows\system32\cscui.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Windows Publisher c:\windows\system32\docprop.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Windows Publisher c:\windows\system32\themeui.dll

+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Windows Component Publisher c:\windows\system32\audiodev.dll

+ Portable Media Devices Menu Portable Media Devices Shell Extension Microsoft Windows Component Publisher c:\windows\system32\audiodev.dll

+ PostAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Previous Versions Previous Versions property page Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Previous Versions Property Page Previous Versions property page Microsoft Windows Publisher c:\windows\system32\twext.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Windows Publisher c:\windows\system32\rshx32.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Windows Publisher c:\windows\system32\remotepg.dll

+ Run... Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Windows Publisher c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Search Band Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Sendmail service Send Mail Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Windows Publisher c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell Application Manager Shell Application Manager Microsoft Windows Publisher c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Windows Publisher c:\windows\system32\ntlanui2.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Windows Publisher c:\windows\system32\ntshrui.dll

+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Windows Publisher c:\windows\system32\wshext.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Windows Publisher c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Windows Publisher c:\windows\system32\shscrap.dll

+ Subscription Folder Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Windows Publisher c:\windows\system32\shimgvw.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Windows Publisher c:\windows\system32\mstask.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ The Internet Shell Doc Object and Control Library Microsoft Windows XP Publisher c:\windows\system32\shdocvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Windows Publisher c:\windows\system32\shmedia.dll

+ Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Windows Publisher c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Windows Publisher c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Windows XP Publisher c:\windows\system32\browseui.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Windows Publisher c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ AIM AOL Instant Messenger America Online, Inc. c:\program files\aim\aim.exe

+ Sun Java Console Java Plug-in 1.5.0_04 for Netscape Navigator (DLL Helper) (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll

+ Windows Messenger Windows Messenger Microsoft Windows XP Publisher c:\program files\messenger\msmsgs.exe

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Windows Publisher c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Windows Publisher c:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Windows Publisher c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Windows Publisher c:\windows\system32\comdlg32.dll

+ DllDirectory c:\windows\system32

+ gdi32 GDI Client DLL Microsoft Windows Publisher c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Windows Publisher c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Windows Publisher c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Windows Publisher c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Windows Publisher c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Windows XP Publisher c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Windows XP Publisher c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Windows Publisher c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Windows Publisher c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Windows Publisher c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Windows XP Publisher c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Windows Publisher c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Windows XP Publisher c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Windows XP Publisher c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Windows Publisher c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Windows XP Publisher c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Windows Publisher c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdll Offline Network Agent Microsoft Windows Publisher c:\windows\system32\cscdll.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Windows Publisher c:\windows\system32\wlnotify.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\System32\LOGON.SCR Logon Screen Saver Microsoft Windows Publisher c:\windows\system32\logon.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{61820C7F-1F2D-4EC6-AC52-4AA4C5CE956B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C489E735-D813-4931-B0A4-17F9AF74C83B}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C489E735-D813-4931-B0A4-17F9AF74C83B}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8725B30-29B0-4909-96B3-B3E6AF31AB95}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8725B30-29B0-4909-96B3-B3E6AF31AB95}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E5EC0A67-7EEA-48D6-BF30-90F5C13ABCA3}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F292AC9A-B54A-4C1E-87DF-73A615D07DAD}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F292AC9A-B54A-4C1E-87DF-73A615D07DAD}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Windows Publisher c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Windows Publisher c:\windows\system32\rsvpsp.dll
LoPhatPhuud
Oct 3 2005, 01:25 AM
Still clean.

Where does McAfee say that ZIGZOWC.EXE.VIR is located??


Your System Restore can be safely reset.


Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows XP is the System Restore option, however if a virus infects a computer with this operating system the virus can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

Next, we highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help

How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index...?showtopic=9857
Grn92LX
Oct 3 2005, 03:03 AM
Thanks I reset the system restore :dance:
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.