Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Slow Computer Slow Computer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 12-21-2004, 09:36 PM   #1 (permalink)
Member
 
palguy's Avatar
 
Join Date: Nov 2004
Posts: 363
OS: xp


Slow Computer
Son in law's computer is slow but no pop ups at this point. Can you help me with this log please.

Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 8:32:35 PM, on 12/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\Administrator\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-17.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Netropa NHK Server - Unknown - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe


End of HijackThis Analyzer Log.
================================================================
Thanks in advance.
palguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 12-22-2004, 01:57 AM   #2 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,961
OS: Windows XP-Pro SP2


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..


This log is clean. You can remove WeatherBug via add/remove programs and fix the following entrys..

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

But I don't see anything as the cause of your slowdown. Lets look deeper though in case somethings not showing.

Download: StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'Mark All'

UN-Check the 'NT-Services & NT-Kernel...' boxes only:
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 12-22-2004, 06:27 AM   #3 (permalink)
Member
 
palguy's Avatar
 
Join Date: Nov 2004
Posts: 363
OS: xp


Here is the file.

StartDreck (build 2.1.7 public stable) - 2004-12-22 @ 05:23:17 (GMT -08:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as Administrator at CHRIS

»Registry
»Run Keys
»Current User
»Run
*SpySweeper="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
»RunOnce
»Default User
»Run
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
*AVG7_EMC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Windows Media Player/>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar1.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\System32\blank.htm
*Search Bar=http://channels.aimtoday.com/search/aimtoolbar.jsp
*Search Page=http://www.google.com
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+SearchUrl
*provider=gogl
*=http://www.google.com/keyword/%s
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
*C:\msdos.sys
`;FORMAT
`[Paths]
`WinDir=C:\WINDOWS
`WinBootDir=C:\WINDOWS
`HostWinBootDrv=C
`[Options]
`BootMulti=1
`BootGUI=1
`DoubleBuffer=1
`AutoScan=1
`WinVer=4.10.1998
`;
`;The following lines are required for compatibility with other programs.
`;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
`;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs
*C:\config.sys
`DEVICE=C:\WINDOWS\setver.exe
*C:\WINDOWS\System32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
`SET PATH=C:\PROGRA~1\SYMANTEC\PCANYW~1\;%PATH%
*C:\WINDOWS\System32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
*C:\WINDOWS\System32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\System32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\COMMAND.COM
*C:\WINDOWS\System32\command.com
+C:\WINDOWS\System32\notepad.exe
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\System32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\System32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+444=\SystemRoot\System32\smss.exe
*C:\WINDOWS\System32\ntdll.dll
+500=\??\C:\WINDOWS\system32\csrss.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\CSRSRV.dll
*C:\WINDOWS\system32\basesrv.dll
*C:\WINDOWS\system32\winsrv.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\KERNEL32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\sxs.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\system32\OLE32.DLL
+524=\??\C:\WINDOWS\system32\winlogon.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\PROFMAP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\System32\MSGINA.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\System32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\System32\odbcint.dll
*C:\WINDOWS\System32\SHSVCS.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\WINSCARD.DLL
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\System32\sxs.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\cscdll.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\WlNotify.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\wldap32.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\wdmaud.drv
*C:\WINDOWS\System32\msacm32.drv
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\System32\midimap.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\System32\wbem\wbemprox.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\wbem\fastprox.dll
+568=C:\WINDOWS\system32\services.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SCESRV.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\umpnpmgr.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\eventlog.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\wtsapi32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\OLE32.DLL
+580=C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\LSASRV.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SAMSRV.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\msprivs.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\netlogon.dll
*C:\WINDOWS\system32\w32time.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\wdigest.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\scecli.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\ipsecsvc.dll
*C:\WINDOWS\system32\oakley.DLL
*C:\WINDOWS\system32\WINIPSEC.DLL
*C:\WINDOWS\system32\pstorsvc.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\psbase.dll
*C:\WINDOWS\System32\dssenh.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
+756=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*c:\windows\system32\rpcss.dll
*C:\WINDOWS\system32\msvcrt.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
+808=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*c:\windows\system32\shsvcs.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\WINSTA.dll
*c:\windows\system32\dhcpcsvc.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*c:\windows\system32\wzcsvc.dll
*c:\windows\system32\rtutils.dll
*c:\windows\system32\WMI.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*c:\windows\system32\WTSAPI32.dll
*c:\windows\system32\ESENT.dll
*C:\WINDOWS\system32\WLDAP32.dll
*c:\windows\system32\NETAPI32.dll
*C:\WINDOWS\System32\rastls.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\System32\CRYPTUI.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\RASAPI32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\SCHANNEL.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\WinSCard.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\raschap.dll
*C:\WINDOWS\system32\msv1_0.dll
*c:\windows\system32\schedsvc.dll
*c:\windows\system32\NTDSAPI.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\System32\MSIDLE.DLL
*c:\windows\system32\audiosrv.dll
*c:\windows\system32\wkssvc.dll
*c:\windows\system32\cryptsvc.dll
*c:\windows\system32\certcli.dll
*c:\windows\pchealth\helpctr\binaries\pchsvc.dll
*c:\windows\system32\es.dll
*c:\windows\system32\ersvc.dll
*c:\windows\system32\dmserver.dll
*c:\windows\system32\seclogon.dll
*c:\windows\system32\srvsvc.dll
*c:\windows\system32\trkwks.dll
*c:\windows\system32\srsvc.dll
*c:\windows\system32\POWRPROF.dll
*c:\windows\system32\sens.dll
*C:\WINDOWS\System32\winspool.drv
*c:\windows\system32\wuauserv.dll
*c:\windows\system32\wbem\wmisvc.dll
*c:\windows\system32\wbem\wbemcomn.dll
*C:\WINDOWS\System32\VSSAPI.DLL
*c:\windows\system32\w32time.dll
*c:\windows\system32\MSVCP60.dll
*C:\WINDOWS\System32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\system32\comsvcs.dll
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\System32\CLUSAPI.DLL
*C:\WINDOWS\System32\RESUTILS.DLL
*C:\WINDOWS\System32\mtxoci.dll
*c:\windows\system32\browser.dll
*c:\windows\system32\termsrv.dll
*c:\windows\system32\ICAAPI.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\mstlsapi.dll
*C:\WINDOWS\System32\REGAPI.dll
*c:\windows\system32\netman.dll
*C:\WINDOWS\System32\wbem\wbemcore.dll
*C:\WINDOWS\System32\wbem\esscli.dll
*C:\WINDOWS\System32\wbem\FastProx.dll
*C:\WINDOWS\System32\RASDLG.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\System32\wbem\wmiutils.dll
*C:\WINDOWS\System32\wbem\repdrvfs.dll
*C:\WINDOWS\System32\wbem\wmiprvsd.dll
*C:\WINDOWS\System32\NCObjAPI.DLL
*C:\WINDOWS\System32\upnp.dll
*C:\WINDOWS\System32\SSDPAPI.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\wbem\wbemess.dll
*C:\WINDOWS\System32\netcfgx.dll
*C:\WINDOWS\System32\wups.dll
*C:\WINDOWS\System32\wbem\ncprov.dll
*C:\WINDOWS\System32\rasmans.dll
*C:\WINDOWS\System32\WINIPSEC.DLL
*c:\windows\system32\tapisrv.dll
*c:\windows\system32\PSAPI.DLL
*C:\WINDOWS\System32\rastapi.dll
*C:\WINDOWS\System32\unimdm.tsp
*C:\WINDOWS\System32\uniplat.dll
*C:\WINDOWS\System32\unimdmat.dll
*C:\WINDOWS\System32\modemui.dll
*C:\WINDOWS\System32\kmddsp.tsp
*C:\WINDOWS\System32\ndptsp.tsp
*C:\WINDOWS\System32\ipconf.tsp
*C:\WINDOWS\System32\h323.tsp
*C:\WINDOWS\System32\hidphone.tsp
*C:\WINDOWS\System32\HID.DLL
*C:\WINDOWS\System32\rasppp.dll
*C:\WINDOWS\System32\ntlsapi.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\actxprxy.dll
+980=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*c:\windows\system32\dnsrslvr.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\OLE32.DLL
+1008=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*c:\windows\system32\lmhsvc.dll
*C:\WINDOWS\system32\msvcrt.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\webclnt.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\wsock32.dll
*c:\windows\system32\regsvc.dll
*c:\windows\system32\ssdpsrv.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
+1136=C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SPOOLSS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\localspl.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\winspool.drv
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\cnbjmon.dll
*C:\WINDOWS\system32\hpzlnt07.dll
*C:\WINDOWS\system32\pjlmon.dll
*C:\WINDOWS\system32\tcpmon.dll
*C:\WINDOWS\system32\usbmon.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\win32spl.dll
*C:\WINDOWS\system32\NETRAP.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\inetpp.dll
*C:\WINDOWS\system32\icmp.dll
*C:\WINDOWS\system32\iphlpapi.DLL
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
+1252=C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\system32\OLE32.DLL
+1268=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\System32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
+1296=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
+1368=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*c:\windows\system32\wiaservc.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\system32\SHLWAPI.dll
*c:\windows\system32\CFGMGR32.dll
*C:\WINDOWS\System32\setupapi.dll
*C:\WINDOWS\system32\USERENV.dll
*c:\windows\system32\mscms.dll
*c:\windows\system32\WINSPOOL.DRV
*c:\windows\system32\WINSTA.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\hpgwiamd.dll
*C:\WINDOWS\System32\hpotscl.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\System32\sti.dll
+1800=C:\WINDOWS\Explorer.EXE
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\BROWSEUI.dll
*C:\WINDOWS\System32\SHDOCVW.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\System32\themeui.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\MSIMG32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\LINKINFO.dll
*C:\WINDOWS\System32\ntshrui.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\system32\shimgvw.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\gdiplus.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\mlang.dll
*C:\WINDOWS\System32\mshtml.dll
*C:\WINDOWS\system32\WININET.DLL
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\System32\msi.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\System32\RASAPI32.DLL
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\sensapi.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\System32\shdoclc.dll
*C:\WINDOWS\System32\webcheck.dll
*C:\WINDOWS\System32\stobject.dll
*C:\WINDOWS\System32\BatMeter.dll
*C:\WINDOWS\System32\POWRPROF.dll
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\System32\jscript.dll
*C:\WINDOWS\System32\msimtf.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\MSLS31.DLL
*C:\WINDOWS\System32\IMM32.DLL
*C:\WINDOWS\System32\wdmaud.drv
*C:\WINDOWS\System32\msacm32.drv
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\System32\midimap.dll
*C:\WINDOWS\System32\printui.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\CFGMGR32.dll
*C:\WINDOWS\System32\browselc.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\System32\DUSER.dll
*C:\WINDOWS\System32\MSGINA.dll
*C:\WINDOWS\System32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\System32\odbcint.dll
*C:\WINDOWS\System32\mydocs.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL
*C:\WINDOWS\System32\zipfldr.dll
*C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
*C:\Program Files\Grisoft\AVG Free\avgse.dll
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\System32\MSVCR71.dll
*C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
*C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*C:\WINDOWS\System32\olepro32.dll
+1936=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
*C:\Program Files\Grisoft\AVG Free\avgscan.dll
*C:\Program Files\Grisoft\AVG Free\avgunarc.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\RASAPI32.DLL
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\SCHANNEL.DLL
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll
*C:\Program Files\Grisoft\AVG Free\avgmail.dll
*C:\WINDOWS\System32\SensAPI.DLL
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll
+1944=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\MFC71.DLL
*C:\WINDOWS\System32\MSVCR71.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSVFW32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\MPR.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
*C:\Program Files\Grisoft\AVG Free\avgf.dll
*C:\Program Files\Grisoft\AVG Free\AVGRES.DLL
*C:\Program Files\Grisoft\AVG Free\avgcckrn.dll
*C:\Program Files\Grisoft\AVG Free\avgvault.dll
*C:\Program Files\Grisoft\AVG Free\avgrep.dll
*C:\Program Files\Grisoft\AVG Free\avgunarc.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avgemsui.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll
+1952=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\user32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\system32\version.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\System32\wsock32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\winmm.dll
*C:\WINDOWS\System32\hhctrl.ocx
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\olepro32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\Program Files\Webroot\Spy Sweeper\Language.dll
*C:\WINDOWS\System32\WtsApi32.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
+964=C:\WINDOWS\System32\wuauclt.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\COMCTL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\wuaucpl.cpl
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\System32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\ESENT.dll
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*C:\WINDOWS\System32\MSIMG32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\wups.dll
*C:\WINDOWS\System32\wucltui.dll
+420=C:\Program Files\Mozilla Firefox\firefox.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Program Files\Mozilla Firefox\js3250.dll
*C:\Program Files\Mozilla Firefox\nspr4.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\Program Files\Mozilla Firefox\xpcom.dll
*C:\Program Files\Mozilla Firefox\plc4.dll
*C:\Program Files\Mozilla Firefox\plds4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\Program Files\Mozilla Firefox\smime3.dll
*C:\Program Files\Mozilla Firefox\nss3.dll
*C:\Program Files\Mozilla Firefox\softokn3.dll
*C:\Program Files\Mozilla Firefox\ssl3.dll
*C:\Program Files\Mozilla Firefox\xpcom_compat.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\COMCTL32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\msimtf.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\Program Files\Java\j2re1.4.2_05\bin\NPOJI610.dll
*C:\WINDOWS\System32\OLEPRO32.DLL
*C:\Program Files\Java\j2re1.4.2_05\bin\jpins7.dll
*C:\Program Files\Java\j2re1.4.2_05\bin\jpinsp.dll
*C:\Program Files\Java\j2re1.4.2_05\bin\jpishare.dll
*C:\Program Files\Mozilla Firefox\components\jar50.dll
*C:\WINDOWS\System32\msimg32.dll
*C:\WINDOWS\System32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\rasapi32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\PROGRA~1\MOZILL~1\nssckbi.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
+396=C:\Documents and Settings\Administrator\Desktop\start deck\StartDreck.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Documents and Settings\Administrator\Desktop\start deck\VB40032.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\System32\MSVCRT20.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\System32\OLEPRO32.DLL
*C:\Program Files\Webroot\Spy Sweeper\sis.dll
*C:\Documents and Settings\Administrator\Desktop\start deck\VB4DE32.DLL
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Documents and Settings\Administrator\Desktop\start deck\PSAPI.DLL
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
palguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 12-22-2004, 09:08 AM   #4 (permalink)
Knower of all that is MS
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro


Really no clues here.....

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top).
__________________


GO BIG BLUE!!
CTSNKY is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:29 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82