Thread: very serious problems
View Single Post
Old 03-21-2005, 11:06 AM   #21 (permalink)
vampyr2005
Registered User
 
Join Date: Mar 2005
Posts: 181
OS: XP professional


okey dokey microbell ..... here are the logs you asked for .....
TDS log:
Scan Control Dumped @ 03:35:37 22-03-05
Positive identification (DLL): Suspicious (dll) (Possible Keylog DLL)
File: c:\program files\system mechanic 4 professional\search and recover\watchdll.dll

Suspicious Filename: Dual extensions
File: f:\setupdvddecrypter_3.5.2.0.exe

Positive identification: Demo.Leaktest 1.1 (Not a trojan)
File: f:\still to install\leaktest.exe

Suspicious Filename: Dual extensions
File: f:\blind write5 and crack\blindwrite_v5[1].2.x\crack blindwrite 5.2.x.exe

Suspicious Filename: Dual extensions
File: f:\bittorrent stuff\bittorrent-3.4.2.exe

Suspicious Filename: Dual extensions
File: f:\games\icebreaker-1.9.5.exe

Suspicious Filename: Dual extensions
File: f:\installed\firefox setup 1.0.1.exe

Suspicious Filename: Dual extensions
File: f:\my documents bree\downloads\setupdvddecrypter_3.5.2.0.exe

Suspicious Filename: Dual extensions
File: f:\my kazaa shared folder\kazaa speedup-2.8.1.exe

Positive identification: HackTool.Win32.Patcher.b
File: f:\system volume information\_restore{30b28ace-32e4-4c83-bc47-8360ccb5ddf2}\rp41\a0005281.exe

startdreck log:
StartDreck (build 2.1.7 public stable) - 2005-03-22 @ 03:37:59 (GMT +10:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Vampy at VAMPYRUS

»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile="C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\SYSTEM32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.google.com/
+SearchUrl
*provider=
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Vampy\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
`127.0.0.1 desktop.kazaa.com
`127.0.0.1 www.altnetp2p.com
`127.0.0.1 alpha.kazaa.com
`127.0.0.1 shop.kazaa.com
`127.0.0.1 www.bonzi.com
`127.0.0.1 www.brilliantdigital.com
`127.0.0.1 www.b3d.com
`127.0.0.1 media.altnet.com
`127.0.0.1 www.altnet.com
`127.0.0.1 dev.bde.com.au
`127.0.0.1 update.kazaa.com
`127.0.0.1 bravo.kazaa.com
`127.0.0.1 www.kazaagold.com
`127.0.0.1 www.kazaa-gold.com
`127.0.0.1 kazaagold.com
`127.0.0.1 www.k-lite.com
`127.0.0.1 www.kazaa-download.de
`127.0.0.1 www.mp3downloadhq.com
`127.0.0.1 www.easymusicdownload.com
`127.0.0.1 easymusicdownload.com
`127.0.0.1 www.mp3madeeasy.com
`127.0.0.1 www.monstershare.com
`127.0.0.1 monstershare.com
`127.0.0.1 www.kazaa-plus.net
`127.0.0.1 kazaa-plus.net
`127.0.0.1 www.kazaa-plus.com
`127.0.0.1 www.edonkey.com
`127.0.0.1 www.kazaa-file-sharing-downloads.com
`127.0.0.1 www.kazaaplatinum.com
`127.0.0.1 www.madeformusic.com
`127.0.0.1 www.ikazaa.net
`127.0.0.1 ikazaa.net
`127.0.0.1 www.mp3u.com
`127.0.0.1 www.mp3specialty.com
`127.0.0.1 music-download-world.com
`127.0.0.1 song-download-world.com
`127.0.0.1 www.flixs.net
`127.0.0.1 www.ishareit.net
`127.0.0.1 www.ishareit.com
`127.0.0.1 www.download-doctor.com
`127.0.0.1 www.ezmp3download.com
`127.0.0.1 www.kazaamedia.com
`127.0.0.1 mp3-network.com
`127.0.0.1 www.mp3-network.com
`127.0.0.1 www.mp3grandcentral.net
`127.0.0.1 www.mp333.com
`127.0.0.1 www.kazaamate.com
`127.0.0.1 www.kazaa-download.de
`127.0.0.1 www.emule.biz
`127.0.0.1 www.kazaam8.tk
`127.0.0.1 www.rippro.com
`127.0.0.1 www.kaaza.com
`127.0.0.1 secure.Webstartz.com
`127.0.0.1 www.kazaalite.de
`127.0.0.1 www.kazza.de
`127.0.0.1 kazza.com
`127.0.0.1 www.kazaalite.at
`127.0.0.1 www.kazaalite.ch
`127.0.0.1 www.kazaa-hilfe.de
`127.0.0.1 www.edonkey-2000.de
`127.0.0.1 www.edonkey-bot.de
`127.0.0.1 www.edonkey-edonkey2000.de
`127.0.0.1 www.edonkey-hilfe.de
`127.0.0.1 www.edonkey-morpheus-forum.de
`127.0.0.1 www.emule.biz
`127.0.0.1 www.emule-hilfe.de
`127.0.0.1 www.file-sharing-forum.de
`127.0.0.1 www.filesharing-forum.de
`127.0.0.1 www.imesh-download.de
`127.0.0.1 www.kazaa-kaza.de
`127.0.0.1 www.kazaa-lite.info
`127.0.0.1 www.kazaa-lite-download.de
`127.0.0.1 www.1md.de
`127.0.0.1 www.mariodolzer.de
`127.0.0.1 www.morpheus-forum.de
`127.0.0.1 www.overnet-download.de
`127.0.0.1 www.overnet-hilfe.de
`127.0.0.1 www.winmx-download.de
`127.0.0.1 www.winmx-hilfe.de
`127.0.0.1 www.download-und-hilfe.de
`127.0.0.1 www.filesharing-hilfe-forum.de
`127.0.0.1 www.musik-download.biz
`127.0.0.1 www.mp3downloads.ch
`127.0.0.1 www.songfly.com
`127.0.0.1 www.kazaa.nl
`127.0.0.1 1stsoftwaredownloads.com
`127.0.0.1 morpheus-download-morpheus.com
`127.0.0.1 www.icisnet.org
`127.0.0.1 software.global-netcom.de
`127.0.0.1 www.filesharing-download.de
`127.0.0.1 www.p2p.tm
`127.0.0.1 www.filesharing-center.de
`127.0.0.1 www.filesharing-tools.de
`127.0.0.1 kazaa-download-kazaa.com
`127.0.0.1 www.interscilsa.com
`127.0.0.1 www.dvd-download-free.com
`127.0.0.1 www.howtominibooks.com
`127.0.0.1 www.internetmovies.com
`127.0.0.1 www.rippro.net
`127.0.0.1 www.musicmoviesbooks.com
`127.0.0.1 www.kazaalite.org
`127.0.0.1 www.getmp3music.com
`127.0.0.1 www1.ishareit.com
`127.0.0.1 www.filesharing-software.de
`127.0.0.1 www.firewarez.com
`127.0.0.1 www.k-lite.co.uk
`127.0.0.1 kazzaa.info
`127.0.0.1 www.morpheusp2p.com
`127.0.0.1 www.mudima.com
`127.0.0.1 www.download-central.com
`127.0.0.1 123banners.com
`127.0.0.1 ad.adsmart.net
`127.0.0.1 ad.ca.doubleclick.net
`127.0.0.1 ad.de.doubleclick.net
`127.0.0.1 ad.doubleclick.net
`127.0.0.1 ad.es.doubleclick.net
`127.0.0.1 ad.fr.doubleclick.net
`127.0.0.1 ad.free6.com
`127.0.0.1 ad.it.doubleclick.net
`127.0.0.1 ad.iwin.com
`127.0.0.1 ad.jp.doubleclick.net
`127.0.0.1 ad.kr.doubleclick.net
`127.0.0.1 ad.linkexchange.com
`127.0.0.1 ad.linksynergy.com
`127.0.0.1 ad.nl.doubleclick.net
`127.0.0.1 ad.no.doubleclick.net
`127.0.0.1 ad.preferences.com
`127.0.0.1 ad.se.doubleclick.net
`127.0.0.1 ad.sma.punto.net
`127.0.0.1 ad.trafficmp.com
`127.0.0.1 ad.uk.doubleclick.net
`127.0.0.1 ad.webprovider.com
`127.0.0.1 ad08.focalink.com
`127.0.0.1 ad1.adcept.net
`127.0.0.1 ad1.icorp.net
`127.0.0.1 ad1.looksmart.com
`127.0.0.1 ad1.peel.com
`127.0.0.1 ad2.adcept.net
`127.0.0.1 ad2.looksmart.com
`127.0.0.1 ad2.peel.com
`127.0.0.1 ad3.adcept.net
`127.0.0.1 ad3.peel.com
`127.0.0.1 ad4.peel.com
`127.0.0.1 ad-adex3.flycast.com
`127.0.0.1 adcontroller.unicast.com
`127.0.0.1 adcreatives.imaginemedia.com
`127.0.0.1 addb.looksmart.com
`127.0.0.1 adevents.msn.com
`127.0.0.1 adex3.flycast.com
`127.0.0.1 adfarm.mediaplex.com
`127.0.0.1 adforce.ads.imgis.com
`127.0.0.1 adforce.imgis.com
`127.0.0.1 adfu.blockstackers.com
`127.0.0.1 adimage.blm.net
`127.0.0.1 adimages.earthweb.com
`127.0.0.1 adimages.go.com
`127.0.0.1 adimages.imaginemedia.com
`127.0.0.1 adimg.egroups.com
`127.0.0.1 admedia.xoom.com
`127.0.0.1 admonitor.net
`127.0.0.1 adpick.switchboard.com
`127.0.0.1 adproject.net
`127.0.0.1 adremote.pathfinder.com
`127.0.0.1 adres.internet.com
`127.0.0.1 ads.adflight.com
`127.0.0.1 ads.ad-flow.com
`127.0.0.1 ads.admaximize.com
`127.0.0.1 ads.admonitor.net
`127.0.0.1 ads.adroar.com
`127.0.0.1 ads.astalavista.us
`127.0.0.1 ads.bfast.com
`127.0.0.1 ads.box.sk
`127.0.0.1 ads.burstnet.com
`127.0.0.1 ads.cdfreaks.com
`127.0.0.1 ads.chrbanner.com
`127.0.0.1 ads.clickagents.com
`127.0.0.1 ads.clickhouse.com
`127.0.0.1 ads.dai.net
`127.0.0.1 ads.datais.com
`127.0.0.1 ads.enliven.com
`127.0.0.1 ads.eu.msn.com
`127.0.0.1 ads.fairfax.com.au
`127.0.0.1 ads.fool.com
`127.0.0.1 ads.fortunecity.com
`127.0.0.1 ads.fortunecity.fr
`127.0.0.1 ads.freeze.com
`127.0.0.1 ads.freshmeat.net
`127.0.0.1 ads.god.co.uk
`127.0.0.1 ads.guardianunlimited.co.uk
`127.0.0.1 ads.hitcents.com
`127.0.0.1 ads.hollywood.com
`127.0.0.1 ads.i12.de
`127.0.0.1 ads.i33.com
`127.0.0.1 ads.ign.com
`127.0.0.1 ads.imaginemedia.com
`127.0.0.1 ads.indya.com
`127.0.0.1 ads.infi.net
`127.0.0.1 ads.irover.com
`127.0.0.1 ads.ixo.com
`127.0.0.1 ads.jpost.com
`127.0.0.1 ads.jwtt3.com
`127.0.0.1 ads.killerapp.com
`127.0.0.1 ads.link4ads.com
`127.0.0.1 ads.linksponsor.com
`127.0.0.1 ads.looksmart.com
`127.0.0.1 ads.lycos.com
`127.0.0.1 ads.lycos.de
`127.0.0.1 ads.madison.com
`127.0.0.1 ads.mediaodyssey.com
`127.0.0.1 ads.mediaturf.net
`127.0.0.1 ads.msn.com
`127.0.0.1 ads.musiccity.com
`127.0.0.1 ads.netomia.com
`127.0.0.1 ads.netpumper.com
`127.0.0.1 ads.newcity.com
`127.0.0.1 ads.newcitynet.com
`127.0.0.1 ads.ninemsn.com.au
`127.0.0.1 ads.rediff.com
`127.0.0.1 ads.satyamonline.com
`127.0.0.1 ads.seattletimes.com
`127.0.0.1 ads.smartclicks.com
`127.0.0.1 ads.smartclicks.net
`127.0.0.1 ads.sptimes.com
`127.0.0.1 ads.startpath.com
`127.0.0.1 ads.station.sony.com
`127.0.0.1 ads.tiscali.fr
`127.0.0.1 ads.tripod.com
`127.0.0.1 ads.tucows.com
`127.0.0.1 ads.vcommunities.com
`127.0.0.1 ads.web.aol.com
`127.0.0.1 ads.x10.com
`127.0.0.1 ads.xtra.co.nz
`127.0.0.1 ads.zdnet.com
`127.0.0.1 ads01.focalink.com
`127.0.0.1 ads02.focalink.com
`127.0.0.1 ads03.focalink.com
`127.0.0.1 ads04.focalink.com
`127.0.0.1 ads05.focalink.com
`127.0.0.1 ads06.focalink.com
`127.0.0.1 ads07.focalink.com
`127.0.0.1 ads08.focalink.com
`127.0.0.1 ads09.focalink.com
`127.0.0.1 ads1.activeagent.at
`127.0.0.1 ads1.ad-flow.com
`127.0.0.1 ads1.speedbit.com
`127.0.0.1 ads10.focalink.com
`127.0.0.1 ads11.focalink.com
`127.0.0.1 ads12.focalink.com
`127.0.0.1 ads13.focalink.com
`127.0.0.1 ads14.focalink.com
`127.0.0.1 ads15.focalink.com
`127.0.0.1 ads16.focalink.com
`127.0.0.1 ads17.focalink.com
`127.0.0.1 ads18.focalink.com
`127.0.0.1 ads19.focalink.com
`127.0.0.1 ads2.speedbit.com
`127.0.0.1 ads2.zdnet.com
`127.0.0.1 ads20.focalink.com
`127.0.0.1 ads21.focalink.com
`127.0.0.1 ads22.focalink.com
`127.0.0.1 ads23.focalink.com
`127.0.0.1 ads24.focalink.com
`127.0.0.1 ads25.focalink.com
`127.0.0.1 ads3.speedbit.com
`127.0.0.1 ads3.zdnet.com
`127.0.0.1 ads4.speedbit.com
`127.0.0.1 ads5.gamecity.net
`127.0.0.1 ads5.speedbit.com
`127.0.0.1 ads6.speedbit.com
`127.0.0.1 ads7.speedbit.com
`127.0.0.1 ads8.speedbit.com
`127.0.0.1 adserv.bravenet.com
`127.0.0.1 adserv.bravenet.com
`127.0.0.1 adserv.iafrica.com
`127.0.0.1 adserv.internetfuel.com
`127.0.0.1 adserv.quality-channel.de
`127.0.0.1 adserver.adtech.de
`127.0.0.1 adserver.affiliation.com
`127.0.0.1 adserver.akqa.net
`127.0.0.1 adserver.dbusiness.com
`127.0.0.1 adserver.directforce.net
`127.0.0.1 adserver.garden.com
`127.0.0.1 adserver.gorillanation.com
`127.0.0.1 adserver.humanux.com
`127.0.0.1 adserver.imaginemedia.com
`127.0.0.1 adserver.isonews.com
`127.0.0.1 adserver.janes.com
`127.0.0.1 adserver.lunarpages.com
`127.0.0.1 adserver.merc.com
`127.0.0.1 adserver.monster.com
`127.0.0.1 adserver.track-star.com
`127.0.0.1 adserver.tweakers.net
`127.0.0.1 adserver.ugo.com
`127.0.0.1 adserver.webads.nl
`127.0.0.1 adserver1.ogilvy-interactive.de
`127.0.0.1 adserver2.imaginemedia.com
`127.0.0.1 AdSubstract
`127.0.0.1 adsubstract
`127.0.0.1 ads-ussj1.focalink.com
`127.0.0.1 adtegrity.spinbox.net
`127.0.0.1 adulttds.com
`127.0.0.1 aglink.mircx.com
`127.0.0.1 antfarm-ad.flycast.com
`127.0.0.1 asm3.z1.adserver.com
`127.0.0.1 au.ads.link4ads.com
`127.0.0.1 bach.aureate.com
`127.0.0.1 badservant.guj.de
`127.0.0.1 banner.50megs.com
`127.0.0.1 banner.adverity.com
`127.0.0.1 banner.commissionpartner.com
`127.0.0.1 banner.de
`127.0.0.1 banner.easyspace.com
`127.0.0.1 banner.free6.com
`127.0.0.1 banner.i-3.de
`127.0.0.1 banner.media-system.de
`127.0.0.1 banner.orb.net
`127.0.0.1 banner.relcom.ru
`127.0.0.1 bannerad.ipgnet.com
`127.0.0.1 bannerads.de
`127.0.0.1 bannerfarm.ace.advertising.com
`127.0.0.1 bannerimages.0catch.com
`127.0.0.1 bannermaster.geektech.com
`127.0.0.1 banner-net.com
`127.0.0.1 bannerpower.com
`127.0.0.1 banners.adultfriendfinder.com
`127.0.0.1 banners.easydns.com
`127.0.0.1 banners.free6.com
`127.0.0.1 banners.hotlinks.net
`127.0.0.1 banners.looksmart.com
`127.0.0.1 banners.nextcard.com
`127.0.0.1 banners.pennyweb.com
`127.0.0.1 banners.valuead.com
`127.0.0.1 banners.webmasterplan.com
`127.0.0.1 banners.wunderground.com
`127.0.0.1 bannervip.webjump.com
`127.0.0.1 banzai.moodlogic.com
`127.0.0.1 barnesandnoble.bfast.com
`127.0.0.1 beseen.com
`127.0.0.1 beseen.looksmart.com
`127.0.0.1 beseen5.looksmart.com
`127.0.0.1 beseenad.looksmart.com
`127.0.0.1 beseenad1.looksmart.com
`127.0.0.1 beseenad2.looksmart.com
`127.0.0.1 beseenad3.looksmart.com
`127.0.0.1 beseenadx.looksmart.com
`127.0.0.1 bfast.com
`127.0.0.1 bins.lop.com
`127.0.0.1 bizad.nikkeibp.co.jp
`127.0.0.1 bn.bfast.com
`127.0.0.1 botw.topbucks.com
`127.0.0.1 bsads.looksmart.com
`127.0.0.1 by.advertising.com
`127.0.0.1 c1.thecounter.com
`127.0.0.1 c2.thecounter.com
`127.0.0.1 c3.xxxcounter.com
`127.0.0.1 califia.imaginemedia.com
`127.0.0.1 cash4banner.com
`127.0.0.1 cash4banner.de
`127.0.0.1 cds.mediaplex.com
`127.0.0.1 cgi.sexlist.com
`127.0.0.1 click.avenuea.com
`127.0.0.1 click.go2net.com
`127.0.0.1 click.linksynergy.com
`127.0.0.1 clickagents.com
`127.0.0.1 clicks.about.com
`127.0.0.1 clicks.nastydollars.com
`127.0.0.1 clicks.oxcash.com
`127.0.0.1 clit5.sextracker.com
`127.0.0.1 code02.pbtech.net
`127.0.0.1 commonwealth.riddler.com
`127.0.0.1 connect.online-dialer.com
`127.0.0.1 cookies.cmpnet.com
`127.0.0.1 cornflakes.pathfinder.com
`127.0.0.1 counter.hitbox.com
`127.0.0.1 counter10.sextracker.com
`127.0.0.1 counter11.sextracker.com
`127.0.0.1 counter12.sextracker.com
`127.0.0.1 counter13.sextracker.com
`127.0.0.1 counter14.sextracker.com
`127.0.0.1 counter15.sextracker.com
`127.0.0.1 counter16.sextracker.com
`127.0.0.1 counter2.sextracker.com
`127.0.0.1 counter3.sextracker.com
`127.0.0.1 counter4.sextracker.com
`127.0.0.1 counter5.sextracker.com
`127.0.0.1 counter6.sextracker.com
`127.0.0.1 counter7.sextracker.com
`127.0.0.1 counter8.sextracker.com
`127.0.0.1 counter9.sextracker.com
`127.0.0.1 crs.akamai.com
`127.0.0.1 crux.songline.com
`127.0.0.1 ct.iac-online.de
`127.0.0.1 de.netstatpro.net
`127.0.0.1 desktop.grokster.com
`127.0.0.1 dialer.offshoreclicks.com
`127.0.0.1 doubleclick.net
`127.0.0.1 download1.libereco.net
`127.0.0.1 econnect.libereco.net
`127.0.0.1 ehg.hitbox.com
`127.0.0.1 ehg-commjun.hitbox.com
`127.0.0.1 erie.smartage.com
`127.0.0.1 etad.telegraph.co.uk
`127.0.0.1 everyone.net
`127.0.0.1 exchange-it.com
`127.0.0.1 exitfuel.com
`127.0.0.1 exitmoney.com
`127.0.0.1 fast.mediacharger.com
`127.0.0.1 focalink.com
`127.0.0.1 fp.valueclick.com
`127.0.0.1 fragmentserv.iac-online.de
`127.0.0.1 free.****-portal.com
`127.0.0.1 freeadultlottery.com
`127.0.0.1 freeasiahardcore.com
`127.0.0.1 freebieclub.com
`127.0.0.1 freebigcocks.net
`127.0.0.1 freecelebnudity.com
`127.0.0.1 freefarmpics.com
`127.0.0.1 freegaybears.net
`127.0.0.1 freegaylottery.com
`127.0.0.1 freenaughtyteens.com
`127.0.0.1 freepass.elitecities.com
`127.0.0.1 fs.dai.net
`127.0.0.1 gadgeteer.pdamart.com
`127.0.0.1 global.msads.net
`127.0.0.1 gm.preferences.com
`127.0.0.1 go.ezgreen.com
`127.0.0.1 got2goshop.com
`127.0.0.1 goto.trafficmultiplier.com
`127.0.0.1 gp.dejanews.com
`127.0.0.1 hacker-spider.de
`127.0.0.1 hc2.humanclick.com
`127.0.0.1 hg1.hitbox.com
`127.0.0.1 hit.hotlog.ru
`127.0.0.1 hitbox.com
`127.0.0.1 hitmatic.com
`127.0.0.1 hitsfrom.popuprush.com
`127.0.0.1 hotfreewebcams.com
`127.0.0.1 hypercount.com
`127.0.0.1 ifcol.exitfuel.com
`127.0.0.1 image.click2net.com
`127.0.0.1 image.eimg.com
`127.0.0.1 images.sexlist.com
`127.0.0.1 images2.nytimes.com
`127.0.0.1 imageserv.adtech.de
`127.0.0.1 img.lop.com
`127.0.0.1 img.mediaplex.com
`127.0.0.1 impnl.tradedoubler.com
`127.0.0.1 internetfuel.com
`127.0.0.1 itn.adbureau.net
`127.0.0.1 jcms.cydoor.com
`127.0.0.1 jeeves.flycast.com
`127.0.0.1 jobkeys.ngadcenter.net
`127.0.0.1 kansas.valueclick.com
`127.0.0.1 leader.linkexchange.com
`127.0.0.1 linkbuddies.com
`127.0.0.1 liquidad.narrowcastmedia.com
`127.0.0.1 liveadvert.com
`127.0.0.1 ln.doubleclick.net
`127.0.0.1 looksmartclicks.com
`127.0.0.1 lop.com
`127.0.0.1 lsads.looksmart.com.au
`127.0.0.1 m.doubleclick.net
`127.0.0.1 macaddictads.snv.futurenet.com
`127.0.0.1 marketing-internet.com
`127.0.0.1 maxexp.com
`127.0.0.1 maximumcash.com
`127.0.0.1 maximumpcads.imaginemedia.com
`127.0.0.1 media.carpediem.fr
`127.0.0.1 media.expedia.com
`127.0.0.1 media.fastclick.net
`127.0.0.1 media.popuptraffic.com
`127.0.0.1 media.popuptraffic.com
`127.0.0.1 media.preferences.com
`127.0.0.1 media20.fastclick.net
`127.0.0.1 mediacharger.com
`127.0.0.1 mediamgr.ugo.com
`127.0.0.1 mediaplex.com
`127.0.0.1 megacash.de
`127.0.0.1 megawebcams.tv
`127.0.0.1 mercury.rmuk.co.uk
`127.0.0.1 millenium-hitz.com
`127.0.0.1 mjxads.internet.com
`127.0.0.1 mojofarm.sjc.mediaplex.com
`127.0.0.1 monitor.looksmart.com
`127.0.0.1 monsterhitz.to
`127.0.0.1 musiccity.streamcastnetwork.com
`127.0.0.1 n24.de
`127.0.0.1 nbc.adbureau.net
`127.0.0.1 network.realmedia.com
`127.0.0.1 newads.cmpnet.com
`127.0.0.1 newsticker.shortnews.de
`127.0.0.1 ng3.ads.warnerbros.com
`127.0.0.1 ngads.smartage.com
`127.0.0.1 nitrous.exitfuel.com
`127.0.0.1 nsads.hotwired.com
`127.0.0.1 ntbanner.digitalriver.com
`127.0.0.1 oad.realmedia.com
`127.0.0.1 oas.benchmark.fr
`127.0.0.1 onresponse.com
`127.0.0.1 onresponse.com
`127.0.0.1 oz.valueclick.com
`127.0.0.1 p.wtlive.com
`127.0.0.1 paycounter.com
`127.0.0.1 ph-ad04.focalink.com
`127.0.0.1 ph-ad05.focalink.com
`127.0.0.1 ph-ad07.focalink.com
`127.0.0.1 ph-ad16.focalink.com
`127.0.0.1 ph-ad17.focalink.com
`127.0.0.1 ph-ad18.focalink.com
`127.0.0.1 php.offshoreclicks.com
`127.0.0.1 pluto.beseen.com
`127.0.0.1 pop.mircx.com
`127.0.0.1 popup.found404.com
`127.0.0.1 porn-attack.com
`127.0.0.1 portal.hostultra.com
`127.0.0.1 proxy.ladot.com
`127.0.0.1 pub.epiknet.org
`127.0.0.1 pub.infiniland.com
`127.0.0.1 pub.ketix.com
`127.0.0.1 pub.telmedia.fr
`127.0.0.1 pub.weborama.fr
`127.0.0.1 publish.hometown.aol.co.uk
`127.0.0.1 realads.realmedia.com
`127.0.0.1 redherring.ngadcenter.net
`127.0.0.1 redirect.click2net.com
`127.0.0.1 redirect.iac-online.de
`127.0.0.1 regio.adlink.de
`127.0.0.1 ResponseMedia-ad.flycast.com
`127.0.0.1 retaildirect.realmedia.com
`127.0.0.1 rmads.eu.msn.com
`127.0.0.1 rs.webmasterplan.com
`127.0.0.1 s0.bluestreak.com
`127.0.0.1 s1.bluestreak.com
`127.0.0.1 s2.bluestreak.com
`127.0.0.1 s2.focalink.com
`127.0.0.1 s3.bluestreak.com
`127.0.0.1 s4.bluestreak.com
`127.0.0.1 s5.bluestreak.com
`127.0.0.1 s6.bluestreak.com
`127.0.0.1 s7.bluestreak.com
`127.0.0.1 s8.bluestreak.com
`127.0.0.1 sbee.com
`127.0.0.1 script.weborama.fr
`127.0.0.1 search.kazaa.com
`127.0.0.1 secserv.imgis.com
`127.0.0.1 servedby.advertising.com
`127.0.0.1 servedby.advertwizard.com
`127.0.0.1 server.hamster.com
`127.0.0.1 server-uk.imrworldwide.com
`127.0.0.1 sexpromote.com
`127.0.0.1 sexpromote.com
`127.0.0.1 sextracker.com
`127.0.0.1 sh4banner.de
`127.0.0.1 sh4sure-images.adbureau.net
`127.0.0.1 shop.freepush.com
`127.0.0.1 shortwin.de
`127.0.0.1 specialoffers.aol.com
`127.0.0.1 spezialreporte.de
`127.0.0.1 spin.spinbox.net
`127.0.0.1 sprinks-clicks.about.com
`127.0.0.1 spylog.com
`127.0.0.1 srv1.bannercommunity.de
`127.0.0.1 srv2.bannercommunity.de
`127.0.0.1 srv3.bannercommunity.de
`127.0.0.1 static.admaximize.com
`127.0.0.1 stats.superstats.com
`127.0.0.1 stats3.porntrack.com
`127.0.0.1 statse.webtrendslive.com
`127.0.0.1 Suissa-ad.flycast.com
`127.0.0.1 survey.proactive.nl
`127.0.0.1 sview.avenuea.com
`127.0.0.1 t0.extreme-dm.com
`127.0.0.1 thinknyc.eu-adcenter.net
`127.0.0.1 tour01.bangbus.com
`127.0.0.1 tpl1.realtracker.com
`127.0.0.1 tracker.clicktrade.com
`127.0.0.1 trinityacquisitions.com
`127.0.0.1 tsms-ad.tsms.com
`127.0.0.1 tuerck.de.counted.com
`127.0.0.1 twistedhumor.com
`127.0.0.1 ugo.eu-adcenter.net
`127.0.0.1 UGO.eu-adcenter.net
`127.0.0.1 uk1.linksynergy.com
`127.0.0.1 uk2.linksynergy.com
`127.0.0.1 uk3.linksynergy.com
`127.0.0.1 uk4.linksynergy.com
`127.0.0.1 uk5.linksynergy.com
`127.0.0.1 us.adserver.yahoo.com
`127.0.0.1 v0.extreme-dm.com
`127.0.0.1 v1.extreme-dm.com
`127.0.0.1 valueclick.com
`127.0.0.1 van.ads.link4ads.com
`127.0.0.1 vant.guj.de
`127.0.0.1 venus.goclick.com
`127.0.0.1 view.accendo.com
`127.0.0.1 view.avenuea.com
`127.0.0.1 vis1.sexlist.com
`127.0.0.1 vis2.sexlist.com
`127.0.0.1 vis3.sexlist.com
`127.0.0.1 vis4.sexlist.com
`127.0.0.1 vis5.sexlist.com
`127.0.0.1 visit.referralware.com
`127.0.0.1 visite.weborama.fr
`127.0.0.1 VNU.eu-adcenter.net
`127.0.0.1 w0.extreme-dm.com
`127.0.0.1 w113.hitbox.com
`127.0.0.1 w117.hitbox.com
`127.0.0.1 w25.hitbox.com
`127.0.0.1 web2.deja.com
`127.0.0.1 webads.bizservers.com
`127.0.0.1 weblist.de
`127.0.0.1 webpdp.gator.com
`127.0.0.1 webxprod.qualcomm.com
`127.0.0.1 www.12traffic.de
`127.0.0.1 www.1for1.com
`127.0.0.1 www.3turtles.com
`127.0.0.1 www.404errorpage.com
`127.0.0.1 www.7adpower.com
`127.0.0.1 www.7host.com
`127.0.0.1 www.activeannonce.com
`127.0.0.1 www.adbucks.com
`127.0.0.1 www.adexit.com
`127.0.0.1 www.adexit.de
`127.0.0.1 www.adforce.com
`127.0.0.1 www.admex.com
`127.0.0.1 www.adnetz.net
`127.0.0.1 www.adserver.com
`127.0.0.1 www.adserver.net
`127.0.0.1 www.adsmart.com
`127.0.0.1 www.adsmart.net
`127.0.0.1 www.adultbizvoice.com
`127.0.0.1 www.adultclicks.com
`127.0.0.1 www.ad-up.com
`127.0.0.1 www.adverity.com
`127.0.0.1 www.adverlead.com
`127.0.0.1 www.adverline.com
`127.0.0.1 www.adverline.fr
`127.0.0.1 www.advertising.com
`127.0.0.1 www.advertwizard.com
`127.0.0.1 www.adviews-sponsor.de
`127.0.0.1 www.alexchiu.com
`127.0.0.1 www.alladvantage.com
`127.0.0.1 www.allclicks.com
`127.0.0.1 www.amateur-galleries.com
`127.0.0.1 www.amazingpops.com
`127.0.0.1 www.at-nude-teens.net
`127.0.0.1 www.bannerads.de
`127.0.0.1 www.beseen.com
`127.0.0.1 www.bfast.com
`127.0.0.1 www.boonsolutions.com
`127.0.0.1 www.brutalextreme.com
`127.0.0.1 www.burstnet.com
`127.0.0.1 www.cash1x1.de
`127.0.0.1 www.cash2002.de
`127.0.0.1 www.cash4banner.com
`127.0.0.1 www.cash4banner.de
`127.0.0.1 www.cashcount.com
`127.0.0.1 www.cashfiesta.com
`127.0.0.1 www.cashradio.com
`127.0.0.1 www.cashsurfers.com
`127.0.0.1 www.casinoglamour.com
`127.0.0.1 www.cellularphones.com
`127.0.0.1 www.cibleclick.com
`127.0.0.1 www.cj.com
`127.0.0.1 www.click2sexy.com
`127.0.0.1 www.click-fr.com
`127.0.0.1 www.clickxchange.com
`127.0.0.1 www.clictrafic.com
`127.0.0.1 www.coinpromo.com
`127.0.0.1 www.cometcursor.com
`127.0.0.1 www.cometsystems.net
`127.0.0.1 www.commission-junction.com
`127.0.0.1 www.cr4.com
`127.0.0.1 www.crazypopups.com
`127.0.0.1 www.crxwarez.net
`127.0.0.1 www.cydoor.com
`127.0.0.1 www.daz.com
`127.0.0.1 www.dgm2.com
`127.0.0.1 www.directvalue.nl
`127.0.0.1 www.drawnsex.com
`127.0.0.1 www.eads.com
`127.0.0.1 www.e-bannerx.com
`127.0.0.1 www.eclic.net
`127.0.0.1 www.fastclick.net
`127.0.0.1 www.fastmetasearch.com
`127.0.0.1 www.flycast.co.uk
`127.0.0.1 www.flycast.com
`127.0.0.1 www.found404.com
`127.0.0.1 www.fpctraffic.com
`127.0.0.1 www.freeadultlottery.com
`127.0.0.1 www.freeasiahardcore.com
`127.0.0.1 www.free-banners.com
`127.0.0.1 www.freebigcocks.net
`127.0.0.1 www.freecelebnudity.com
`127.0.0.1 www.freefarmpics.com
`127.0.0.1 www.freegaybears.net
`127.0.0.1 www.freegaylottery.com
`127.0.0.1 www.freenaughtyteens.com
`127.0.0.1 www.freestats.com
`127.0.0.1 www.frontpagecash.com
`127.0.0.1 www.****-portal.com
`127.0.0.1 www.gamingclub.com
`127.0.0.1 www.gator.co.uk
`127.0.0.1 www.gator.com
`127.0.0.1 www.gator.net
`127.0.0.1 www.genhit.com
`127.0.0.1 www.getsearches.com
`127.0.0.1 www.gopopup.com
`127.0.0.1 www.greetingwishes.com
`127.0.0.1 www.grokster.com
`127.0.0.1 www.hardcorepornos.org
`127.0.0.1 www.hightrafficads.com
`127.0.0.1 www.hit-parade.com
`127.0.0.1 www.hitsme.com
`127.0.0.1 www.hotfreewebcams.com
`127.0.0.1 www.imaginemedia.com
`127.0.0.1 www.lastconsole.com
`127.0.0.1 www.linkshare.com
`127.0.0.1 www.liveadvert.com
`127.0.0.1 www.lo-litas.com
`127.0.0.1 www.looksmartclicks.com
`127.0.0.1 www.lop.com
`127.0.0.1 www.lottoforever.com
`127.0.0.1 www.mediaplex.com
`127.0.0.1 www.megacash.de
`127.0.0.1 www.megawebcams.tv
`127.0.0.1 www.milfhunter.com
`127.0.0.1 www.modchip.com
`127.0.0.1 www.mod-chip.com
`127.0.0.1 www.money4exit.de
`127.0.0.1 www.my-stats.com
`127.0.0.1 www.netbroadcaster.com
`127.0.0.1 www.netflip.com
`127.0.0.1 www.netgravity.com
`127.0.0.1 www.newtopsites.com
`127.0.0.1 www.nic.co.il
`127.0.0.1 www.nudelinkz.com
`127.0.0.1 www.oneandonlynetwork.com
`127.0.0.1 www.onresponse.com
`127.0.0.1 www.paidpopup.de
`127.0.0.1 www.paypopup.com
`127.0.0.1 www.piratos.de
`127.0.0.1 www.popdown.de
`127.0.0.1 www.popupad.net
`127.0.0.1 www.popuptraffic.com
`127.0.0.1 www.PostMasterBannerNet.com
`127.0.0.1 www.prepaidliving.com
`127.0.0.1 www.qksrv.net
`127.0.0.1 www.qualityhitz.com
`127.0.0.1 www.qualypromos.com
`127.0.0.1 www.radiate.com
`127.0.0.1 www.radiofreecash.com
`127.0.0.1 www.rankyou.com
`127.0.0.1 www.reference-sexe.com
`127.0.0.1 www.sbee.com
`127.0.0.1 www.sbvr.com
`127.0.0.1 www.searchtraffic.com
`127.0.0.1 www.service-url.de
`127.0.0.1 www.sexfranco.com
`127.0.0.1 www.sexfreelist.com
`127.0.0.1 www.sexlist.com
`127.0.0.1 www.sexpromote.com
`127.0.0.1 www.sexpromote.com
`127.0.0.1 www.sexspy.com
`127.0.0.1 www.sexstudio24.de
`127.0.0.1 www.sextracker.com
`127.0.0.1 www.sextraffic.org
`127.0.0.1 www.sexyfreehost.com
`127.0.0.1 www.sexyplugin.com
`127.0.0.1 www.simplecounter.net
`127.0.0.1 www.slutzoo.com
`127.0.0.1 www.sonixwarez.com
`127.0.0.1 www.sponsor2002.de
`127.0.0.1 www.targetshop.com
`127.0.0.1 www.techiwarehouse.com
`127.0.0.1 www.teknosurf.com
`127.0.0.1 www.teknosurf2.com
`127.0.0.1 www.teknosurf3.com
`127.0.0.1 www.theadultwire.com
`127.0.0.1 www.topwarez-fr.com
`127.0.0.1 www.toys-galleries.com
`127.0.0.1 www.trafficbox.net
`127.0.0.1 www.trafficmonetizer.com
`127.0.0.1 www.unionwarez.com
`127.0.0.1 www.valueclick.com
`127.0.0.1 www.valuesponsor.com
`127.0.0.1 www.warez33.com
`127.0.0.1 www.warezfield.com
`127.0.0.1 www.web3000.co.uk
`127.0.0.1 www.web3000.com
`127.0.0.1 www.webads.nl
`127.0.0.1 www.webferret.com
`127.0.0.1 www.webhancer.com
`127.0.0.1 www.webhancer.net
`127.0.0.1 www.weblist.de
`127.0.0.1 www.websitefinancing.com
`127.0.0.1 www.wedoo.com
`127.0.0.1 www.win24.de
`127.0.0.1 www.wingowin.com
`127.0.0.1 www.wtlive.com
`127.0.0.1 www.xiti.com
`127.0.0.1 www.xpostx.com
`127.0.0.1 www.xxxdisplay.com
`127.0.0.1 www.xxxfreeamateurs.com
`127.0.0.1 www.xxxteenclub.de
`127.0.0.1 www.youmakemoney.com
`127.0.0.1 www.zeloop.net
`127.0.0.1 www2.burstnet.com
`127.0.0.1 www2.consumercreditusa.com
`127.0.0.1 www3.netgravity.com
`127.0.0.1 www4.netgravity.com
`127.0.0.1 www4.trix.net
`127.0.0.1 www80.valueclick.com
`127.0.0.1 xads.infospace.com
`127.0.0.1 xads.zedo.com
`127.0.0.1 xxxfreeamateurs.com
`127.0.0.1 z.extreme-dm.com
`127.0.0.1 z0.extreme-dm.com
`127.0.0.1 z1.extreme-dm.com
`127.0.0.1 zac.netgravity.com
`127.0.0.1 img.thebugs.ws
`127.0.0.1 pet.thebugs.ws
`127.0.0.1 mt45.mtree.com
`127.0.0.1 www.porncow.com
`127.0.0.1 download.alexa.com
`127.0.0.1 count.exit.exchange.com
`127.0.0.1 www.classmates.com
`127.0.0.1 bidclix.net
`127.0.0.1 www.media-ads.org
`127.0.0.1 www.aitsafe.com
`127.0.0.1 service.bfast.com
`127.0.0.1 spweb.whenu.com
`127.0.0.1 www.getweathercast.com
`127.0.0.1 www.clock-sync.com
`127.0.0.1 adserver.webads.nl
`127.0.0.1 secure.goodthinxx.com
`127.0.0.1 port.goodthinxx.com
`127.0.0.1 adserver.webads.nl
`127.0.0.1 chochux.offshoreclicks.com
`127.0.0.1 go.offshoreclicks.com
`127.0.0.1 click.atdmt.com
`127.0.0.1 dropcharge.stardialer.de
`127.0.0.1 download.stardialer.de
`127.0.0.1 www.1md.de
`127.0.0.1 www.outwar.com
`127.0.0.1 outwar.com
`127.0.0.1 www.pornstarguru.com
`127.0.0.1 www.popstarwar.com
`127.0.0.1 www.monsterwar.net
`127.0.0.1 www.gangsterwar.com
`127.0.0.1 srch.lop.com
`127.0.0.1 clickcash.webpower.com
`127.0.0.1 install.serviceurl.de
`127.0.0.1 aim1.radiate.com
`127.0.0.1 aim2.radiate.com
`127.0.0.1 aim3.radiate.com
`127.0.0.1 www.flyswat.com
`127.0.0.1 www.flyswat.net
`127.0.0.1 www.flyswat.org
`127.0.0.1 www.flyswat.co.uk
`127.0.0.1 www.cometsystems.com
`127.0.0.1 www.cometzone.com
`127.0.0.1 www.livecursors.com
`127.0.0.1 aim1.adsoftware.com
`127.0.0.1 aim2.adsoftware.com
`127.0.0.1 aim3.adsoftware.com
`127.0.0.1 aim4.adsoftware.com
`127.0.0.1 aim5.adsoftware.com
`127.0.0.1 webxprod.qualcomm.com
`127.0.0.1 www.conducent.com
`127.0.0.1 www.conducent.co.uk
`127.0.0.1 www.mathlogic.com
`127.0.0.1 www.adsoftware.com
`127.0.0.1 www.gohip.com
`127.0.0.1 www.lolitafree.de
`127.0.0.1 www.exitblaze.com
`127.0.0.1 hop.clickbank.net
`64.91.255.87 www.dcsresearch.com
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+508=\SystemRoot\System32\smss.exe
*C:\WINDOWS\system32\ntdll.dll
+564=\??\C:\WINDOWS\system32\csrss.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\CSRSRV.dll
*C:\WINDOWS\system32\basesrv.dll
*C:\WINDOWS\system32\winsrv.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\KERNEL32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\VERSION.dll
+588=\??\C:\WINDOWS\system32\winlogon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\PROFMAP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\SHSVCS.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\WINSCARD.DLL
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\cscdll.dll
*C:\WINDOWS\system32\WlNotify.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\wldap32.dll
*C:\WINDOWS\system32\cscui.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\wbem\wbemprox.dll
*C:\WINDOWS\system32\wbem\wbemcomn.dll
*C:\WINDOWS\system32\wbem\wbemsvc.dll
*C:\WINDOWS\system32\wbem\fastprox.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
+632=C:\WINDOWS\system32\services.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SCESRV.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\umpnpmgr.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\eventlog.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\wtsapi32.dll
+644=C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\LSASRV.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\SAMSRV.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\msprivs.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\netlogon.dll
*C:\WINDOWS\system32\w32time.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\wdigest.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\scecli.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ipsecsvc.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\oakley.DLL
*C:\WINDOWS\system32\WINIPSEC.DLL
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\pstorsvc.dll
*C:\WINDOWS\system32\psbase.dll
*C:\WINDOWS\system32\dssenh.dll
+804=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*c:\windows\system32\termsrv.dll
*c:\windows\system32\ICAAPI.dll
*c:\windows\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\mstlsapi.dll
*c:\windows\system32\ACTIVEDS.dll
*c:\windows\system32\adsldpc.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\Apphelp.dll
+848=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
+912=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\shsvcs.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\dhcpcsvc.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*c:\windows\system32\wzcsvc.dll
*c:\windows\system32\rtutils.dll
*c:\windows\system32\WMI.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*c:\windows\system32\WTSAPI32.dll
*c:\windows\system32\ESENT.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\System32\rastls.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\RASAPI32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\SCHANNEL.dll
*C:\WINDOWS\System32\WinSCard.dll
*C:\WINDOWS\System32\raschap.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*c:\windows\system32\schedsvc.dll
*c:\windows\system32\NTDSAPI.dll
*C:\WINDOWS\System32\MSIDLE.DLL
*c:\windows\system32\audiosrv.dll
*c:\windows\system32\wkssvc.dll
*c:\windows\system32\qmgr.dll
*C:\WINDOWS\system32\MPR.dll
*c:\windows\system32\SHFOLDER.dll
*c:\windows\system32\WINHTTP.dll
*c:\windows\system32\cryptsvc.dll
*c:\windows\system32\certcli.dll
*c:\windows\system32\srvsvc.dll
*c:\windows\pchealth\helpctr\binaries\pchsvc.dll
*c:\windows\system32\es.dll
*c:\windows\system32\ersvc.dll
*c:\windows\system32\dmserver.dll
*c:\windows\system32\msgsvc.dll
*c:\windows\system32\netman.dll
*c:\windows\system32\netshell.dll
*c:\windows\system32\credui.dll
*c:\windows\system32\WZCSAPI.DLL
*c:\windows\system32\seclogon.dll
*c:\windows\system32\sens.dll
*c:\windows\system32\trkwks.dll
*c:\windows\system32\w32time.dll
*c:\windows\system32\MSVCP60.dll
*c:\windows\system32\browser.dll
*c:\windows\system32\wuauserv.dll
*c:\windows\system32\wbem\wmisvc.dll
*C:\WINDOWS\system32\VSSAPI.DLL
*C:\WINDOWS\system32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*c:\windows\system32\ipnathlp.dll
*c:\windows\system32\AUTHZ.dll
*C:\WINDOWS\system32\msxml3.dll
*c:\windows\system32\wscsvc.dll
*c:\windows\system32\msi.dll
*C:\WINDOWS\system32\wbem\wbemcomn.dll
*C:\WINDOWS\System32\Wbem\wbemcore.dll
*C:\WINDOWS\System32\Wbem\esscli.dll
*C:\WINDOWS\System32\Wbem\FastProx.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\system32\comsvcs.dll
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\System32\CLUSAPI.DLL
*C:\WINDOWS\System32\RESUTILS.DLL
*C:\WINDOWS\system32\wbem\wmiutils.dll
*C:\WINDOWS\system32\wbem\repdrvfs.dll
*C:\WINDOWS\system32\wbem\wmiprvsd.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\wbem\wbemess.dll
*C:\WINDOWS\system32\wbem\ncprov.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\wups.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\dssenh.dll
*C:\WINDOWS\System32\cryptnet.dll
*C:\WINDOWS\System32\SensApi.dll
*C:\WINDOWS\system32\netcfgx.dll
*c:\windows\system32\tapisrv.dll
*c:\windows\system32\PSAPI.DLL
*c:\windows\system32\rasmans.dll
*c:\windows\system32\WINIPSEC.DLL
*C:\WINDOWS\System32\rasppp.dll
*C:\WINDOWS\System32\ntlsapi.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\System32\cryptdll.dll
*C:\WINDOWS\system32\wbem\wbemsvc.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\mlang.dll
+964=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\dnsrslvr.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1056=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\xpsp2res.dll
*c:\windows\system32\lmhsvc.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\webclnt.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\wsock32.dll
*c:\windows\system32\regsvc.dll
+1248=C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SPOOLSS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\localspl.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\winspool.drv
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\cnbjmon.dll
*C:\WINDOWS\system32\CNBJMON2.DLL
*C:\WINDOWS\system32\pjlmon.dll
*C:\WINDOWS\system32\tcpmon.dll
*C:\WINDOWS\system32\usbmon.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\win32spl.dll
*C:\WINDOWS\system32\NETRAP.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\inetpp.dll
*C:\WINDOWS\system32\xpsp2res.dll
+1352=C:\WINDOWS\system32\netdde.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NDDENB32.dll
*C:\WINDOWS\system32\NETAPI32.dll
+1404=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\WINDOWS\system32\SHFOLDER.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\wbem\wbemprox.dll
*C:\WINDOWS\system32\wbem\wbemcomn.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\wbem\wbemsvc.dll
*C:\WINDOWS\system32\wbem\fastprox.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
+1420=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
+1440=C:\WINDOWS\system32\cisvc.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\query.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\Apphelp.dll
+1512=C:\WINDOWS\Common Files\Microsoft Shared\VS7Debug\mdm.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\psapi.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\WINDOWS\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
+1680=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
*C:\WINDOWS\system32\MSVCR70.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
+1712=C:\WINDOWS\system32\wdfmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
+188=C:\WINDOWS\Explorer.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\BROWSEUI.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\themeui.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\actxprxy.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\browselc.dll
*C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*C:\WINDOWS\system32\olepro32.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\system32\DUSER.dll
*C:\WINDOWS\Program Files\Microsoft Office\OFFICE11\msohev.dll
*C:\WINDOWS\system32\MLANG.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\wshext.dll
*C:\WINDOWS\system32\MFC42.DLL
*C:\WINDOWS\system32\comdlg32.dll
*C:\Program Files\WinRAR\rarext.dll
*C:\WINDOWS\system32\tds3shl.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\Program Files\Grisoft\AVG Free\avgse.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\zipfldr.dll
*C:\WINDOWS\system32\mydocs.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\shdoclc.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\jscript.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\plugin.ocx
*C:\WINDOWS\system32\MSRATING.dll
*C:\WINDOWS\system32\msratelc.dll
*C:\WINDOWS\system32\NTMARTA.DLL
+552=C:\WINDOWS\System32\alg.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\MSWSOCK.DLL
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\xpsp2res.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+940=C:\WINDOWS\system32\ctfmon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\MSUTB.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
+404=C:\WINDOWS\system32\cidaemon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\query.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\LangWrbk.dll
+280=C:\WINDOWS\system32\cidaemon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\query.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
+648=C:\Program Files\InternetDownloadAccelerator\ida.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\advapi32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\hhctrl.ocx
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\mpr.dll
*C:\Program Files\InternetDownloadAccelerator\unrar.dll
*C:\Program Files\InternetDownloadAccelerator\unzip32.dll
*C:\WINDOWS\system32\version.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\winmm.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\olepro32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\browseui.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\imaadp32.acm
+724=C:\WINDOWS\system32\wuauclt.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\wuaucpl.cpl
*C:\WINDOWS\system32\SHFOLDER.dll
*C:\WINDOWS\system32\wuaueng.dll
*C:\WINDOWS\system32\ADVPACK.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ESENT.dll
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINHTTP.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\Cabinet.dll
*C:\WINDOWS\system32\mspatcha.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\wups.dll
*C:\WINDOWS\system32\wucltui.dll
+1184=C:\startdreck\StartDreck.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\startdreck\VB40032.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\MSVCRT20.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLEPRO32.DLL
*C:\startdreck\VB4DE32.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\startdreck\PSAPI.DLL
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

silent runners.vbs came up with the following error when it ran:
windows script host
c:\documents and settings\vampy\desktop\silent runners.vbs
line: 2825
char: 3
error: invalid procedure call or argument
code: 800A0005
source: microsoft vbscript runtime error
and then it gave the logfile:
"Silent Runners.vbs", revision 32, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

qoologic log:
C:\Documents and Settings\Vampy\Desktop\Find_qoologic\qoologic

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\Incinerator.dll: .aspack
C:\WINDOWS\system32\ntdll.dll: .aspack

Files Found in all users startup Folder............
------------------------
another qoologic logfile titled win.txt:
C:\WINDOWS\system32\Incinerator.dll: .aspack
C:\WINDOWS\system32\ntdll.dll: .aspack

dllcompare logfile:
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\msexcl35.dll Thu 9 Sep 1999 2238 A.S.. 252,688 246.77 K
C:\WINDOWS\SYSTEM32\msjet35.dll Tue 28 Sep 1999 21:42:48 A.S.. 1,050,896 1.00 M
C:\WINDOWS\SYSTEM32\msjint35.dll Thu 10 Jun 1999 9:34:04 A.S.. 123,664 120.77 K
C:\WINDOWS\SYSTEM32\msjter35.dll Thu 10 Jun 1999 9:34:04 A.S.. 24,848 24.27 K
C:\WINDOWS\SYSTEM32\msltus35.dll Thu 9 Sep 1999 2238 A.S.. 168,720 164.77 K
C:\WINDOWS\SYSTEM32\mspdox35.dll Mon 7 Jun 1999 18:59:34 A.S.. 250,128 244.27 K
C:\WINDOWS\SYSTEM32\msrd2x35.dll Sun 25 Apr 1999 17:00:00 A.S.. 252,176 246.27 K
C:\WINDOWS\SYSTEM32\msrepl35.dll Wed 25 Aug 1999 14:57:26 A.S.. 415,504 405.77 K
C:\WINDOWS\SYSTEM32\msstkprp.dll Fri 6 Apr 2001 3:43:20 A.S.R 94,208 92.00 K
C:\WINDOWS\SYSTEM32\mstext35.dll Thu 30 Sep 1999 19:21:24 A.S.. 166,672 162.77 K
C:\WINDOWS\SYSTEM32\msxbse35.dll Sun 25 Apr 1999 17:00:00 A.S.. 287,504 280.77 K
C:\WINDOWS\SYSTEM32\vbar332.dll Sun 25 Apr 1999 17:00:00 A.S.. 368,912 360.27 K
________________________________________________

1,221 items found: 1,221 files (12 H/S), 0 directories.
Total of file sizes: 249,416,641 bytes 237.86 M

Administrator Account = True

--------------------End log---------------------

thanks microbell... I await your response eagerly ......
vampyr2005 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here