Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page need help rundll error DID 1ST STEPS
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 10-24-2009, 02:10 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


need help rundll error DID 1ST STEPS
About nine months ago my computer started running very slow. It was running at 98-100% capacity nearly all the time. I did run numerous virus scans and a registry cleaner but it only helped a little. I also did a defrag and tried to reset to a date before it started running slow. Since then I have had an error at startup that says something can be found and it lists the following:
The specified module could not be found
C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSBAR.DLL

I decided to look for it on Google last night and that is when I realized it might be a trojan or malware or something. I thought that in my attempt to get rid of problems I deleted something important that I would not be able to get back.

I have completed the first steps. Please help, I am so glad I found you, I have hope now. Thank you so much

Below is the dds log



DDS (Ver_09-10-24.01) - NTFSx86
Run by SHELL at 12:18:33.60 on Sat 10/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/comcast.html
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [<NO NAME>]
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] "c:\windows\sminst\RecGuard.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [My Web Search Bar] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\2.bin\MWSBAR.DLL,S
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf professional 4.0\\RegistryController.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf professional 4.0\cnvres_eng.dll /100
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_15.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153320552062
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://portal.cfcpbc.org/whalecoma154c0f00b2ef89e3a7a8ece3ffd/whalecom0/tsweb/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shell\applic~1\mozilla\firefox\profiles\7gxdin7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - component: c:\documents and settings\shell\application data\mozilla\firefox\profiles\7gxdin7c.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - component: c:\documents and settings\shell\application data\mozilla\firefox\profiles\7gxdin7c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\shell\application data\mozilla\firefox\profiles\7gxdin7c.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\shell\application data\mozilla\firefox\profiles\7gxdin7c.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================

2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-09-25 05:37:11 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-09-25 05:37:10 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-16 14:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-13 15:16:05 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 00:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-28 08:37:26 155255392 ----a-w- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-04-24 12:42:58 451928 ----a-w- c:\program files\setup.exe
2009-04-24 12:42:46 133492859 ----a-w- c:\program files\openofficeorg1.cab
2009-04-24 12:42:20 9815040 ----a-w- c:\program files\openofficeorg31.msi
2009-04-23 22:36:08 336 ----a-w- c:\program files\setup.ini
2009-02-12 23:41:14 6346200 ----a-w- c:\program files\yahoo_trijong_tm5-3.exe
2008-12-13 19:59:17 1708432 ----a-w- c:\program files\install_easyshare.exe
2008-11-15 19:16:49 948113 ----a-w- c:\program files\EFRCSetup.exe
2008-11-08 19:21:32 4189808 ----a-w- c:\program files\ComcastToolbar2_2.exe
2008-10-19 19:31:08 7508608 ----a-w- c:\program files\Firefox Setup 3.0.3.exe
2008-10-11 03:57:06 46829456 ----a-w- c:\program files\zlsSetup_70_483_000_en.exe
2008-10-09 12:05:31 27462344 ----a-w- c:\program files\setupeng.exe
2008-10-09 01:47:21 18063480 ----a-w- c:\program files\SpySweeperSNRSetup_EN.exe
2008-10-08 02:34:12 19153264 ----a-w- c:\program files\aaw2008.exe
2008-10-03 22:27:05 1681784 ----a-w- c:\program files\SystemCheckup_ZoneAlarm2.exe
2008-09-27 19:17:33 67110184 ----a-w- c:\program files\iTunes8Setup.exe
2008-09-20 00:47:19 491932 ----a-w- c:\program files\MyContracts.zip
2008-09-06 21:49:50 4584376 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-08-28 17:38:38 22458664 ----a-w- c:\program files\SkypeSetup.exe
2008-08-16 23:20:51 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
2008-08-16 15:16:38 17337894 ----a-w- c:\program files\setuptte.exe
2008-06-03 21:12:33 7492608 ----a-w- c:\program files\Firefox Setup 3.0 RC 1.exe
2008-03-31 14:23:34 206584 ----a-w- c:\program files\zaSetup_en.exe
2008-03-30 13:04:19 12318509 ----a-w- c:\program files\CFP_Setup_3.0.19.318_XP_Vista_x32.exe.part
2008-03-30 13:03:40 35960792 ----a-w- c:\program files\avg75free_519a1276.exe
2002-03-11 0930 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
2003-12-05 01:16:44 69632 --sh--r- c:\windows\lnchshll.exe
2003-12-05 01:16:46 49152 --sh--r- c:\windows\ScrnInt.exe
2003-12-05 15:41:00 368640 --sh--r- c:\windows\trsbt.exe
2006-07-18 21:25:32 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 12:18:52.35 ===============
Attached Files
File Type: zip ark.zip (996 Bytes, 2 views)
File Type: zip Attach.zip (4.7 KB, 5 views)
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-27-2009, 03:49 PM   #2 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-27-2009, 08:34 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
thank you for your response, I have posted the combofix log below

Shelley


ComboFix 09-10-27.03 - SHELL 10/27/2009 21:29.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.589 [GMT -4:00]
Running from: c:\documents and settings\SHELL\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\\setup.exe
c:\program files\SelectRebates
c:\windows\Downloaded Program Files\popcaploader.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 01:10 . 2006-07-18 23:46 88328 ----a-w- c:\documents and settings\SHELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-25 20:41 . 2006-07-18 21:37 -------- d-----w- c:\program files\BibleCD
2009-10-25 20:33 . 2006-04-11 11:32 -------- d-----w- c:\program files\Java
2009-10-24 03:57 . 2006-04-11 12:05 -------- d-----w- c:\program files\WildTangent
2009-10-24 03:53 . 2008-08-05 11:56 -------- d-----w- c:\program files\Whale Communications
2009-10-24 03:48 . 2008-11-08 20:55 -------- d-----w- c:\program files\McAfee
2009-10-24 03:20 . 2006-04-11 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-24 03:20 . 2006-04-11 12:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-24 03:14 . 2008-11-15 19:18 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-10-16 01:02 . 2008-11-08 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 05:37 . 2004-08-04 08:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 14:22 . 2008-11-08 20:59 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2008-11-08 20:59 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2008-11-08 20:59 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2008-11-08 20:59 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2008-11-08 21:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-13 21:44 . 2007-06-03 20:00 -------- d-----w- c:\documents and settings\SHELL\Application Data\Apple Computer
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 04:42 . 2009-09-07 04:38 -------- d-----w- c:\program files\iTunes
2009-09-07 04:40 . 2009-09-07 04:39 -------- d-----w- c:\program files\iPod
2009-09-07 04:39 . 2007-10-28 23:24 -------- d-----w- c:\program files\Common Files\Apple
2009-09-07 04:32 . 2007-01-25 03:04 -------- d-----w- c:\program files\QuickTime
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-04 08:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 08:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 08:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 08:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-28 08:37 . 2009-07-28 04:13 155255392 ----a-w- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-04-24 12:42 . 2009-04-24 12:42 133492859 ----a-w- c:\program files\openofficeorg1.cab
2009-04-24 12:42 . 2009-04-24 12:42 9815040 ----a-w- c:\program files\openofficeorg31.msi
2009-04-23 22:36 . 2009-04-23 22:36 336 ----a-w- c:\program files\setup.ini
2009-02-12 23:41 . 2008-09-06 21:47 6346200 ----a-w- c:\program files\yahoo_trijong_tm5-3.exe
2008-12-13 19:59 . 2008-12-13 19:59 1708432 ----a-w- c:\program files\install_easyshare.exe
2008-11-15 19:16 . 2008-11-15 19:16 948113 ----a-w- c:\program files\EFRCSetup.exe
2008-11-08 19:21 . 2008-11-08 19:15 4189808 ----a-w- c:\program files\ComcastToolbar2_2.exe
2008-10-19 19:31 . 2008-10-05 22:23 7508608 ----a-w- c:\program files\Firefox Setup 3.0.3.exe
2008-10-11 03:57 . 2008-10-11 03:40 46829456 ----a-w- c:\program files\zlsSetup_70_483_000_en.exe
2008-10-09 12:05 . 2008-10-09 12:02 27462344 ----a-w- c:\program files\setupeng.exe
2008-10-09 01:47 . 2008-10-09 01:45 18063480 ----a-w- c:\program files\SpySweeperSNRSetup_EN.exe
2008-10-08 02:34 . 2008-10-08 02:32 19153264 ----a-w- c:\program files\aaw2008.exe
2008-10-03 22:27 . 2008-10-03 22:26 1681784 ----a-w- c:\program files\SystemCheckup_ZoneAlarm2.exe
2008-09-27 19:17 . 2008-09-27 19:01 67110184 ----a-w- c:\program files\iTunes8Setup.exe
2008-09-20 00:47 . 2008-09-20 00:47 491932 ----a-w- c:\program files\MyContracts.zip
2008-09-06 21:49 . 2008-09-06 21:49 4584376 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-08-28 17:38 . 2008-08-28 17:35 22458664 ----a-w- c:\program files\SkypeSetup.exe
2008-08-16 23:20 . 2008-08-16 23:19 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
2008-08-16 15:16 . 2008-08-16 15:15 17337894 ----a-w- c:\program files\setuptte.exe
2008-06-03 21:12 . 2008-06-03 21:11 7492608 ----a-w- c:\program files\Firefox Setup 3.0 RC 1.exe
2008-03-31 14:23 . 2008-03-31 14:24 206584 ----a-w- c:\program files\zaSetup_en.exe
2008-03-30 13:04 . 2008-03-30 13:03 12318509 ----a-w- c:\program files\CFP_Setup_3.0.19.318_XP_Vista_x32.exe.part
2008-03-30 13:03 . 2008-03-30 12:53 35960792 ----a-w- c:\program files\avg75free_519a1276.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
2003-12-05 01:16 . 2006-07-29 15:48 69632 --sh--r- c:\windows\lnchshll.exe
2003-12-05 01:16 . 2006-07-29 15:48 49152 --sh--r- c:\windows\ScrnInt.exe
2003-12-05 15:41 . 2006-07-29 15:48 368640 --sh--r- c:\windows\trsbt.exe
2006-07-18 21:25 . 2006-07-18 21:25 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-23 40960]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]

c:\documents and settings\SHELL\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 trsbt;trsbt;c:\windows\trsbt.exe [7/29/2006 11:48 AM 368640]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\SHELL\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\SHELL\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/comcast.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - component: c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Picasa2 - c:\program files\Picasa2\Uninstall.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 22:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\combofix\CF10793.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 22:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 02:18

Pre-Run: 40,025,165,824 bytes free
Post-Run: 40,770,056,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E8F284AD70B4DC0473E18B805E9BCAE7
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-27-2009, 08:52 PM   #4 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Hello shellyrbaker.

Please go to: VirusTotal
  • On the page you'll find a Browse button.
  • Next to the Browse button you'll see a box to enter text.
  • Please copy/paste the following bolded text into the box:

    c:\windows\trsbt.exe

  • Then click the Send File button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analysed: click Reanalyse file now
  • Once scanned, copy and paste the results in your next reply.
  • Please repeat for the following files:

    • c:\windows\lnchshll.exe
    • c:\windows\ScrnInt.exe
------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-29-2009, 09:23 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
I am sending this from my phone. I have not been home to complete the steps you asked me to until tonight and now my Internet provider has a power outage so I have no connection. I will do the next steps tomorrow when I get home from work. I did not want you to think I fell off the face of the earth :) thank you for your help. I am so excited to think I may be able to have my normal computer back.
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2009, 08:31 AM   #6 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
Good Morning Chemist,

I am finally home and I have internet so here we go. I am posting the results. Something strange is happening when I post the first one. I highlighted the "virus total" page and did a copy/paste into this post and it seems that there is more on the paste than there was on the copy. On the screen I copied from it says the current status of the scan is "finished" but when I pasted it there are lines and lines of text explaining the current status. Anyway, I left them because that is the way it pasted.

There are three files posted and they are in the same order as you listed them on your last post.



File trsbt.exe received on 2009.10.31 13:30:36 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.31 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.31 -
Avast 4.8.1351.0 2009.10.30 -
AVG 8.5.0.423 2009.10.31 -
BitDefender 7.2 2009.10.31 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.10.31 -
Comodo 2792 2009.10.31 -
DrWeb 5.0.0.12182 2009.10.31 -
eSafe 7.0.17.0 2009.10.29 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.10.31 -
GData 19 2009.10.31 -
Ikarus T3.1.1.72.0 2009.10.31 -
Jiangmin 11.0.800 2009.10.31 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.31 -
McAfee 5787 2009.10.30 -
McAfee+Artemis 5787 2009.10.30 -
McAfee-GW-Edition 6.8.5 2009.10.31 -
Microsoft 1.5202 2009.10.31 -
NOD32 4560 2009.10.31 -
Norman 6.03.02 2009.10.30 -
nProtect 2009.1.8.0 2009.10.31 -
Panda 10.0.2.2 2009.10.31 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.10.31 -
Rising 21.53.52.00 2009.10.31 -
Sophos 4.47.0 2009.10.31 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.31 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.31 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.30 -
Additional information
File size: 368640 bytes
MD5...: 6daf31664e7b57eab67361f641a5a080
SHA1..: 9580298e97a00a78091aaba7c4c6c8a607f87f71
SHA256: 47d90f9fe494d0f9b21fcf570ef43783c71140997ebcbd4face43828d784fb9a
ssdeep: 6144:YyBBddQxvVgg6os+NnIJy/N1T6vsB0U7vK0bpM5+dxtQsEHivIs:YyBBddQ
xvVf6S1jmmKA7
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3c743
timedatestamp.....: 0x3fd0a70a (Fri Dec 05 15:40:58 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x43810 0x44000 6.54 a929aae49d514bff0f5e7a3f7bb63cca
.rdata 0x45000 0x42c2 0x5000 5.84 3a6067e4d01d5b19b414570608993865
.data 0x4a000 0x1111c 0xd000 5.38 15cdf76b1a324dd7a67eef09267ffd88
.rsrc 0x5c000 0x29a0 0x3000 3.58 c8b68164bbd6519e7fd3b3dbef9406ba

( 10 imports )
> KERNEL32.dll: CreateEventA, Sleep, GetTickCount, CreateProcessA, GetExitCodeProcess, OpenProcess, ResetEvent, WaitForSingleObject, GetProcAddress, GetModuleHandleA, CreateThread, SetThreadPriority, GetCurrentThread, GetModuleFileNameA, GetTempPathA, CreateDirectoryA, GetCurrentProcess, RemoveDirectoryA, GetTempFileNameA, GetVersionExA, MultiByteToWideChar, SetEnvironmentVariableA, CompareStringW, CompareStringA, SetStdHandle, LoadLibraryA, GetOEMCP, GetACP, GetCPInfo, IsBadCodePtr, GetStringTypeW, GetStringTypeA, GetFileType, GetStdHandle, SetHandleCount, DeleteFileA, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, IsBadWritePtr, HeapCreate, HeapDestroy, SetUnhandledExceptionFilter, LCMapStringW, LCMapStringA, SetLastError, HeapSize, HeapReAlloc, SetFileAttributesA, GetFileInformationByHandle, FileTimeToLocalFileTime, GetLogicalDrives, GetDriveTypeA, FlushFileBuffers, SetEndOfFile, CompareFileTime, GetLocalTime, SystemTimeToFileTime, GetLastError, CreateFileA, GetFileSize, CloseHandle, ReadFile, SetFilePointer, WriteFile, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetFullPathNameA, GetVersion, GetCommandLineA, GetStartupInfoA, TerminateProcess, ExitProcess, FileTimeToSystemTime, GetSystemTime, GetTimeZoneInformation, HeapAlloc, HeapFree, RaiseException, RtlUnwind, VirtualAlloc, VirtualLock, VirtualFree, FindResourceA, LoadResource, LockResource, FreeResource, VirtualUnlock, MoveFileA, FindNextFileA, GetDiskFreeSpaceA, DeviceIoControl, SetVolumeLabelA, GetCurrentDirectoryA, GetCurrentThreadId, GetVolumeInformationA, InterlockedDecrement, WideCharToMultiByte, InterlockedIncrement, lstrlenA, GetEnvironmentStringsW, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, GetWindowsDirectoryA, IsBadStringPtrA, FindFirstFileA, FileTimeToDosDateTime, FindClose, TlsAlloc, TlsSetValue, TlsGetValue, TlsFree, lstrcpyA, GlobalUnlock, GlobalHandle, GlobalFree, GlobalLock, GlobalAlloc, IsBadReadPtr, IsDBCSLeadByte, lstrcatA, lstrcmpA, lstrcpynA, GlobalReAlloc, LocalUnlock, LocalFree, LocalLock, LocalAlloc, SetCurrentDirectoryA, GetFileAttributesA, lstrcmpiA, GetCurrentProcessId
> USER32.dll: OemToCharBuffA, CharLowerA, IsWindow, WaitForInputIdle, EnumWindows, GetWindowThreadProcessId, GetDC, ReleaseDC, SetDlgItemTextA, SetWindowTextA, SetForegroundWindow, EndDialog, DialogBoxParamA, GetActiveWindow, LoadCursorA, SetCursor, CharUpperA, CharToOemA, CharNextA, CharPrevA, CharUpperBuffA, wsprintfA, DdeDisconnect, DdeFreeDataHandle, DdeCreateDataHandle, DdeFreeStringHandle, PeekMessageA, SendMessageA, ExitWindowsEx, DdeInitializeA, DdeUninitialize, GetFocus, ShowWindow, SetFocus, MessageBoxA, DefWindowProcA, PostQuitMessage, OemToCharA, RegisterClassExA, GetMessageA, TranslateMessage, DispatchMessageA, PostMessageA, FindWindowA, SetTimer, KillTimer, DdeAccessData, DdeUnaccessData, DdeConnectList, DdeGetLastError, DdeQueryNextServer, DdeDisconnectList, DdeConnect, DdeQueryStringA, DdeCreateStringHandleA, DdeNameService, DdeClientTransaction, CreateWindowExA
> ADVAPI32.dll: RegDeleteKeyA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA, RegisterServiceCtrlHandlerA, SetServiceStatus, StartServiceCtrlDispatcherA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegEnumKeyExA, RegSetValueExA, DeleteService, CreateServiceA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, RegDeleteValueA, RegFlushKey, GetUserNameA
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemAlloc, CoTaskMemFree
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> comdlg32.dll: GetSaveFileNameA
> GDI32.dll: GetBkColor, GetStockObject, SetBkMode, SetBkColor
> SHELL32.dll: FindExecutableA, ShellExecuteA
> OLEAUT32.dll: -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Warranty Corporation of America
copyright....: Copyright (c) 2003-2004
product......: Mobile Lifeline
description..: Security Connection Tool
original name: ipcls.EXE
internal name: Security Connection Tool
file version.: 2.000
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned






File lnchshll.exe received on 2009.10.31 13:48:16 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.31 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.31 -
Avast 4.8.1351.0 2009.10.30 -
AVG 8.5.0.423 2009.10.31 -
BitDefender 7.2 2009.10.31 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.10.31 -
Comodo 2790 2009.10.31 -
DrWeb 5.0.0.12182 2009.10.31 -
eSafe 7.0.17.0 2009.10.29 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.10.31 -
GData 19 2009.10.31 -
Ikarus T3.1.1.72.0 2009.10.31 -
Jiangmin 11.0.800 2009.10.31 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.31 -
McAfee 5787 2009.10.30 -
McAfee+Artemis 5787 2009.10.30 -
McAfee-GW-Edition 6.8.5 2009.10.31 -
Microsoft 1.5202 2009.10.31 -
NOD32 4560 2009.10.31 -
nProtect 2009.1.8.0 2009.10.31 -
Panda 10.0.2.2 2009.10.31 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.10.31 -
Rising 21.53.52.00 2009.10.31 -
Sophos 4.47.0 2009.10.31 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.31 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.31 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.30 -
Additional information
File size: 69632 bytes
MD5...: 2a537ee2431ac7835fc710a7710b49a1
SHA1..: d509b9c35c4473d199cdf658e4ebe438ed4164e3
SHA256: 01a27d4dbd0f926f92ce86966ed894e0ed9ad27acffe111866af8bd21687a5e8
ssdeep: 768:Kk6KXYEKNJM45QAPLVTMmEMDSxWXVNHQynEScorxW7zpR6Qp0c+uomlY4JKZ
a:KSYv/tMmEMD/EPotWxEPuob4kZa
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5057
timedatestamp.....: 0x3fcfdc7b (Fri Dec 05 01:16:43 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9ede 0xa000 6.63 1cffc118db0aa17d1f0f22465e822a1a
.rdata 0xb000 0x13a8 0x2000 3.60 ffbe673f0a022ca8633aebe5a7e9a9bf
.data 0xd000 0x2598 0x1000 2.07 8596743e3bbe244fa27baac3a4dabd16
.rsrc 0x10000 0x2978 0x3000 3.56 29cf5a5b3aab6c3304e0dbfc57764a81

( 6 imports )
> KERNEL32.dll: InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetVersionExA, Sleep, GetTickCount, GetStartupInfoA, WideCharToMultiByte, ReadFile, GetFileSize, CreateFileA, GetWindowsDirectoryA, GetModuleFileNameA, GetLastError, MultiByteToWideChar, InterlockedIncrement, lstrlenA, CloseHandle, InterlockedDecrement, CompareStringW, CompareStringA, FlushFileBuffers, SetStdHandle, LoadLibraryA, GetProcAddress, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, SetFilePointer, IsBadCodePtr, IsBadReadPtr, WriteFile, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, SetUnhandledExceptionFilter, LCMapStringW, SetEnvironmentVariableA, LCMapStringA, HeapSize, HeapReAlloc, GetVersion, GetCommandLineA, GetModuleHandleA, HeapAlloc, HeapFree, RtlUnwind, RaiseException, GetTimeZoneInformation, GetSystemTime, GetLocalTime, ExitProcess, TerminateProcess, GetCurrentProcess
> ADVAPI32.dll: OpenServiceA, ControlService, OpenSCManagerA
> ole32.dll: CoInitialize, CoCreateInstance, CoTaskMemFree, OleUninitialize, CoTaskMemAlloc
> SHELL32.dll: FindExecutableA, ShellExecuteA
> USER32.dll: MessageBoxA, DdeInitializeA, DdeUninitialize, GetFocus, FindWindowA, ShowWindow, SetFocus, DdeAccessData, TranslateMessage, DdeConnectList, DdeGetLastError, DdeQueryNextServer, DdeDisconnectList, DdeConnect, DdeQueryStringA, DdeCreateStringHandleA, DdeNameService, DdeClientTransaction, DdeFreeStringHandle, DdeCreateDataHandle, DdeFreeDataHandle, DdeDisconnect, PeekMessageA, DdeUnaccessData, DispatchMessageA
> OLEAUT32.dll: -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Warranty Corporation of America
copyright....: Copyright (c) 2003-2004
product......: Mobile Lifeline
description..: MLL Helper
original name: LnchShll.EXE
internal name: Decryption Tool
file version.: 2.000
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned







File ScrnInt.exe received on 2009.10.31 13:50:55 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.31 -
AhnLab-V3 5.0.0.2 2009.10.30 -
AntiVir 7.9.1.53 2009.10.30 -
Antiy-AVL 2.0.3.7 2009.10.30 -
Authentium 5.1.2.4 2009.10.31 -
Avast 4.8.1351.0 2009.10.30 -
AVG 8.5.0.423 2009.10.31 -
BitDefender 7.2 2009.10.31 -
CAT-QuickHeal 10.00 2009.10.31 -
ClamAV 0.94.1 2009.10.31 -
Comodo 2792 2009.10.31 -
DrWeb 5.0.0.12182 2009.10.31 -
eSafe 7.0.17.0 2009.10.29 -
eTrust-Vet 35.1.7094 2009.10.30 -
F-Prot 4.5.1.85 2009.10.31 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.10.31 -
GData 19 2009.10.31 -
Ikarus T3.1.1.72.0 2009.10.31 -
Jiangmin 11.0.800 2009.10.31 -
K7AntiVirus 7.10.884 2009.10.30 -
Kaspersky 7.0.0.125 2009.10.31 -
McAfee 5787 2009.10.30 -
McAfee+Artemis 5787 2009.10.30 -
McAfee-GW-Edition 6.8.5 2009.10.31 -
Microsoft 1.5202 2009.10.31 -
NOD32 4560 2009.10.31 -
Norman 6.03.02 2009.10.31 -
nProtect 2009.1.8.0 2009.10.31 -
Panda 10.0.2.2 2009.10.31 -
PCTools 7.0.3.5 2009.10.30 -
Prevx 3.0 2009.10.31 -
Rising 21.53.52.00 2009.10.31 -
Sophos 4.47.0 2009.10.31 -
Sunbelt 3.2.1858.2 2009.10.30 -
Symantec 1.4.4.12 2009.10.31 -
TheHacker 6.5.0.2.056 2009.10.28 -
TrendMicro 8.950.0.1094 2009.10.31 -
VBA32 3.12.10.11 2009.10.30 -
ViRobot 2009.10.31.2015 2009.10.31 -
VirusBuster 4.6.5.0 2009.10.30 -
Additional information
File size: 49152 bytes
MD5...: 58750eb70961191bb8d9b13cd145e845
SHA1..: add5c4320bd01f2a212505a23566e2780c487af3
SHA256: 42222d4ab3ee9a804d5a2b433f892d08f605bf9b50a9d5c34e01fad43361728e
ssdeep: 768:WlR/H15Ezds88c+GcbXwaMWfQC8M2AXM9xR489z+WnVyeo:WlVV5EzW8y/QC
8M2AYptRo
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3476
timedatestamp.....: 0x3fcfdc7d (Fri Dec 05 01:16:45 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x64c0 0x7000 6.17 3e6ff212416b8c42ff798dbda33191df
.rdata 0x8000 0x100e 0x2000 3.26 7feaa51084a8e45eeba107f7a87a8ef7
.data 0xa000 0x2738 0x1000 1.63 92285655184e10ebdfa029f07a075318
.rsrc 0xd000 0x140 0x1000 0.29 bb00410c2b5f58eae3a5b80a5a0c6bf8

( 6 imports )
> KERNEL32.dll: SetStdHandle, LoadLibraryA, GetProcAddress, GetOEMCP, GetACP, GetCPInfo, SetFilePointer, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, WriteFile, GetFileType, GetStringTypeA, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, Sleep, FreeEnvironmentStringsA, GetModuleFileNameA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, LCMapStringW, LCMapStringA, IsBadWritePtr, HeapReAlloc, VirtualAlloc, GetStringTypeW, FlushFileBuffers, OpenEventA, GetStdHandle, SetEvent, VirtualFree, HeapCreate, HeapDestroy, ExitProcess, GetVersion, CloseHandle, GetCommandLineA, GetStartupInfoA, MulDiv, WideCharToMultiByte, GetLastError, FreeEnvironmentStringsW, MultiByteToWideChar, RtlUnwind, HeapFree, HeapAlloc, GetModuleHandleA
> USER32.dll: SetTimer, ReleaseDC, IsZoomed, ShowWindow, GetFocus, GetWindowTextA, GetParent, IsWindowVisible, MessageBoxA, EndDialog, GetWindowRect, GetSystemMetrics, MoveWindow, GetDC, PostMessageA, GetDlgItem, KillTimer, DialogBoxParamA, SetWindowTextA, MapWindowPoints, SetFocus, SetWindowPos, GetClientRect
> GDI32.dll: CreateHalftonePalette, DeleteObject, GetDeviceCaps
> ole32.dll: OleSetContainedObject, CoCreateInstance, OleInitialize
> OLEAUT32.dll: -, -, -
> ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (51.5%)
Windows Screen Saver (17.9%)
Win32 Executable Generic (11.6%)
Win32 Dynamic Link Library (generic) (10.3%)
Win32 Executable MS Visual FoxPro 7 (3.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2009, 12:49 PM   #7 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Hello again, shellyrbaker. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist:

LiveUpdate 3.1 (Symantec Corporation)

------------------------------------------------------

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

sc delete pciinfo

A DOS window will open and close again, this is normal.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Folder::
c:\documents and settings\All Users\Application Data\Symantec
c:\program files\Common Files\Symantec Shared
c:\program files\Eusing Free Registry Cleaner

DDS::
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Driver::
pciinfo
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

These are all outdated, and security risks by having them installed still.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 15

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at any Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
report on system behavior
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2009, 10:24 PM   #8 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
I am having problems completing the last set of instructions.

I have completed the combofix and have posted the log below. I have also completed the atf cleaner.

I was able to start the kapersky scan but it gets stuck at about 6 and a half minutes. It has scanned about 275 files. It gets stuck while it is scanning the itunes files. This is the one it is currently stuck on C:\Documents and ...ache\iTunes 7.5.0.20

The first time I ran the scan it was stuck for over an hour. I stopped it and started it over from your link. This time it has been stuck for about 30 min. I have not stopped it. I will let it continue through the night to see if it can work it out.

I am not completely sure of the system behavior. I do know that the rundll error did not appear when combofix rebooted the machine, but I dont know if that is significant. I tried to watch a video on youtube to check the speed of the system and it is still slow. One of the first things that I noticed about the system being extremely slow is that it would not play a song from Itunes. As I think about how this problem first started I remembered that I downloaded an update to itunes one night before going to bed. The next morning I could not play itunes songs without them dragging so bad that you could barely make out the song. Since then the computer has been very slow and then I noticed the rundll error. I dont know if this is helpful information or not.

Thank you for all you are doing.

Oh, I also uninstalled all of the programs you told me to.

I have to put the combofix log in the next post because I got an error message saying it was too long.
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2009, 10:30 PM   #9 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
I am sorry, I seem to be having lots of problems, I can not post the log because apparently it is too long. I tried to attach it as a file but I can seem to get the option to attach anything. What should I do?
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-31-2009, 10:50 PM   #10 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Hello again, shellyrbaker. Navigate to this file:

C:\ComboFix.txt

Right-click the file > Send To > Compressed (zipped) Folder.

Attach the zipped folder to your next reply.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2009, 06:59 AM   #11 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
I have the file zipped but I can not attach it because there is no "manage attachments" button in the additional options section under attachments.

Am I doing something wrong? I have tried to use the quick reply and the reply button that is at the very bottom of the thread on the left, each time when I get the reply window it does not give me the option to attach a file.

I am sorry, I am really not as computer illiterate as I feel right now
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2009, 07:32 AM   #12 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Are you sure you don't see the 'Manage Attachments' button?
Attached Images
File Type: jpg scr.JPG (185.2 KB, 4 views)
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2009, 10:35 AM   #13 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
I am positive unfortunately :(

I seem to be having problems with anything that requires adobe flash, I completed a new install but it is still not working. I was not having this problem before. Could this have anything to do with the "manage attachments" button
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2009, 11:03 AM   #14 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Post the ComboFix.txt log in pieces.
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 06:37 PM   #15 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
Good idea, I thought of posting it in pieces today at work. Great minds think alike :)

Here is the first part


ComboFix 09-10-30.01 - SHELL 10/31/2009 19:35.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.584 [GMT -4:00]
Running from: c:\documents and settings\SHELL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SHELL\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\Common Client\settings.log
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\rmt.dat
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{1FD4720D-A52F-487A-9D4A-538A443BC986}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{1FD4720D-A52F-487A-9D4A-538A443BC986}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{3A0FACEA-4EA7-4CF1-9C77-29A8930F6BF2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{3A0FACEA-4EA7-4CF1-9C77-29A8930F6BF2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{61C3AE26-9D88-4DDC-B8B4-6EE5361F1F00}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{61C3AE26-9D88-4DDC-B8B4-6EE5361F1F00}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{C3A87119-C877-4D2A-BD7E-E955ABEDA465}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{01EF289B-EC91-4757-958F-33F0DC73D01A}\{C3A87119-C877-4D2A-BD7E-E955ABEDA465}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{00CD6F87-37E0-4ABA-B4AC-90F0DD948360}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{00CD6F87-37E0-4ABA-B4AC-90F0DD948360}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{3A2853E9-F254-41A1-A834-2A69CF9CF778}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{3A2853E9-F254-41A1-A834-2A69CF9CF778}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{47703A18-AB9D-4F5C-9C81-B73DBD434F8C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{47703A18-AB9D-4F5C-9C81-B73DBD434F8C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{572D2495-B6AC-43DF-9DAD-D1824FE7F3E8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{572D2495-B6AC-43DF-9DAD-D1824FE7F3E8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{7DE7C293-AB3A-4ACA-8A83-2229E9FB5600}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{7DE7C293-AB3A-4ACA-8A83-2229E9FB5600}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{7FEB5BA4-049A-49AF-B81F-3CAD6DA05876}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{7FEB5BA4-049A-49AF-B81F-3CAD6DA05876}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{85C4B029-6317-4213-988C-D8A9D2A4D68A}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{85C4B029-6317-4213-988C-D8A9D2A4D68A}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{AB2A2BED-093B-4B96-924F-28772CD576A4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{AB2A2BED-093B-4B96-924F-28772CD576A4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{D0E67FE6-7F69-4884-8B00-424C42197F30}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{D0E67FE6-7F69-4884-8B00-424C42197F30}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{D1A476EF-7330-481D-9EA8-0A608A516C51}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{D1A476EF-7330-481D-9EA8-0A608A516C51}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{D410AEC8-7E0E-44FD-96CB-DDD516114982}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{D410AEC8-7E0E-44FD-96CB-DDD516114982}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{E5FB57E1-B104-41CE-8B6C-AA76D4FC87FA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{46AAB088-90B4-46B3-A5ED-019C05FEF2CE}\{E5FB57E1-B104-41CE-8B6C-AA76D4FC87FA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{21CEF3A3-67C7-47C8-A50B-A868C7FDCD45}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{21CEF3A3-67C7-47C8-A50B-A868C7FDCD45}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{23D7349F-9C29-4DB3-9A3A-BA2C0438DFC9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{23D7349F-9C29-4DB3-9A3A-BA2C0438DFC9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{2A64CD50-7E8D-4B8F-BC89-BB7AB46D2E40}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{2A64CD50-7E8D-4B8F-BC89-BB7AB46D2E40}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{2B47BDAE-6C3B-417D-9120-9869C1B209BF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{2B47BDAE-6C3B-417D-9120-9869C1B209BF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{34042606-AE03-4D32-B4FA-2D0D6A115A59}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{34042606-AE03-4D32-B4FA-2D0D6A115A59}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{44CCE49D-DAA4-416F-952A-86D6CF480EB5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{44CCE49D-DAA4-416F-952A-86D6CF480EB5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{5238991D-6C1A-41E2-9AC6-6B3F015AFAE6}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{5238991D-6C1A-41E2-9AC6-6B3F015AFAE6}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{536AC31A-3598-4F1D-939C-080C642F3BDD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{536AC31A-3598-4F1D-939C-080C642F3BDD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{5383032C-083D-41BB-9485-2314AB2F414C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{5383032C-083D-41BB-9485-2314AB2F414C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{546FC559-66AC-4E3D-BB38-590959F32788}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{546FC559-66AC-4E3D-BB38-590959F32788}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{6ED25A23-9C8C-4979-A7EA-DE215AB717BA}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{6ED25A23-9C8C-4979-A7EA-DE215AB717BA}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{84E7BE6C-C444-44BB-AD90-4F50381CAAE4}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{84E7BE6C-C444-44BB-AD90-4F50381CAAE4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{9EFBE5C6-6AC9-42DD-98E6-AF989D6F82B7}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{9EFBE5C6-6AC9-42DD-98E6-AF989D6F82B7}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{A05306DD-FD09-4948-8456-2772F4F9F3B8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{A05306DD-FD09-4948-8456-2772F4F9F3B8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{A574EBA9-A803-4F1F-83DE-9A9BA021A348}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{A574EBA9-A803-4F1F-83DE-9A9BA021A348}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{A9421D6E-49AC-4C77-B095-D73671FDCD09}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{A9421D6E-49AC-4C77-B095-D73671FDCD09}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{B1C64165-6DF3-44BE-AF3D-C6436CAF9A1C}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{B1C64165-6DF3-44BE-AF3D-C6436CAF9A1C}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{DBE98E1E-792C-46FB-BB05-F10433B4BA23}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{DBE98E1E-792C-46FB-BB05-F10433B4BA23}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{EDF3B1C6-D8BC-4757-9B17-29985CD060EF}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{5A9C66B7-ECC4-421D-9FEA-13AD7FD8B873}\{EDF3B1C6-D8BC-4757-9B17-29985CD060EF}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C0DCB093-653C-4FDD-A16D-291AFEDCBDC4}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C0DCB093-653C-4FDD-A16D-291AFEDCBDC4}\{54DEC577-DAAC-4906-9344-37441D1A8B74}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C0DCB093-653C-4FDD-A16D-291AFEDCBDC4}\{54DEC577-DAAC-4906-9344-37441D1A8B74}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C0DCB093-653C-4FDD-A16D-291AFEDCBDC4}\{9F2862B9-9D6D-4FD9-AD5F-F1F392361BB2}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C0DCB093-653C-4FDD-A16D-291AFEDCBDC4}\{9F2862B9-9D6D-4FD9-AD5F-F1F392361BB2}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C0DCB093-653C-4FDD-A16D-291AFEDCBDC4}\{AE697DD5-D752-4F9B-898B-A2B02AB87DE8}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C0DCB093-653C-4FDD-A16D-291AFEDCBDC4}\{AE697DD5-D752-4F9B-898B-A2B02AB87DE8}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C4D35E51-823D-4492-80AF-EDA52D968A41}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C4D35E51-823D-4492-80AF-EDA52D968A41}\{1ADC2064-78BF-46A1-94F4-1B75D55B2438}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C4D35E51-823D-4492-80AF-EDA52D968A41}\{1ADC2064-78BF-46A1-94F4-1B75D55B2438}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C4D35E51-823D-4492-80AF-EDA52D968A41}\{97B92514-35E3-4C7C-AAF1-870C77DE61E9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C4D35E51-823D-4492-80AF-EDA52D968A41}\{97B92514-35E3-4C7C-AAF1-870C77DE61E9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C4D35E51-823D-4492-80AF-EDA52D968A41}\{BB9C5224-4C51-4239-BD03-ACF841C0E3AD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{C4D35E51-823D-4492-80AF-EDA52D968A41}\{BB9C5224-4C51-4239-BD03-ACF841C0E3AD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{111BE390-345E-4B9C-942B-0BFBDE59E615}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{111BE390-345E-4B9C-942B-0BFBDE59E615}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{1DD9684A-FFF0-46EC-97D9-02F2E79079C5}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{1DD9684A-FFF0-46EC-97D9-02F2E79079C5}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{4CDBDD79-3566-49A9-90E6-8EAA631CFC78}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{4CDBDD79-3566-49A9-90E6-8EAA631CFC78}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{7B6B791D-18AA-48A9-B211-C1DF7BE8D679}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{7B6B791D-18AA-48A9-B211-C1DF7BE8D679}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{959733EE-0B8C-47A2-BF6A-5C693E489C24}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{959733EE-0B8C-47A2-BF6A-5C693E489C24}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{9A612597-6822-443D-8363-5ECB577B69EE}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{9A612597-6822-443D-8363-5ECB577B69EE}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{AAB7F94F-EC8A-47E0-93E0-F501813F2782}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{AAB7F94F-EC8A-47E0-93E0-F501813F2782}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{C240A152-6820-42F9-A252-84DC1DBD894E}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{C240A152-6820-42F9-A252-84DC1DBD894E}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{CC925D97-FC6D-448D-8C73-81CFF63F0987}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{CC925D97-FC6D-448D-8C73-81CFF63F0987}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{CCF1C3A6-1F67-4483-B802-AE0E1F81BACD}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{CCF1C3A6-1F67-4483-B802-AE0E1F81BACD}.qbi
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{EA94AB92-0D5C-41EE-B54E-5975FE31FFC9}.qbd
c:\documents and settings\All Users\Application Data\Symantec\Shared\QBackup\{FBFBD5C9-EE32-4AA3-BD07-5F5790BB2934}\{EA94AB92-0D5C-41EE-B54E-5975FE31FFC9}.qbi
c:\documents and settings\All Users\Application Data\Symantec\wcid0.log
c:\documents and settings\All Users\Application Data\Symantec\wds.dat
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\COH\coh.cache
c:\program files\Common Files\Symantec Shared\COH\COH32.exe
c:\program files\Common Files\Symantec Shared\COH\COH64.exe
c:\program files\Common Files\Symantec Shared\COH\COHClean.dll
c:\program files\Common Files\Symantec Shared\COH\EraserAHS.log
c:\program files\Common Files\Symantec Shared\COH\EraserAHS.tlg
c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\SPManifests\eraser.grd
c:\program files\Common Files\Symantec Shared\SPManifests\eraser.sig
c:\program files\Common Files\Symantec Shared\SPManifests\eraser.spm
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\Catalog.dat
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\full-webauth.sql.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\hub.scr
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\Identifiers.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\Indicators.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\nppw.zip
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\PopularSites.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\Redirectors.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\Resources.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\SafeList.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\SearchServices.xml
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\Throttle.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\TrustedDomains.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\URLAnalysis.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\v.grd
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\v.sig
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\virscan1.dat
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\20070819.002\WebHostingSites.xml.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\concat-webauth.sql.bin
c:\program files\Common Files\Symantec Shared\SymcData\nco1.0defs\lulock.dat
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5A5BCA.tmp
c:\program files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5A5BCD.tmp
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\vscanmsx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20070901.006\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20071011.021\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080130.004\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\vscanmsx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\20080131.004\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\catalog.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.spm
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\esrdef.bin
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\hh
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\ncsacert.txt
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\scrauth.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.cat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan7.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan9.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\technote.txt
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tinf.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfidx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfl.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1hd.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\v.grd
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\v.sig
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan.inf
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan1.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan2.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan3.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan4.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan5.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan6.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan7.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\whatsnew.txt
c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\zdone.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\definfo.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\TextHub\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp19c5.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp1c0f.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp20f2.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp2e43.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\vscanmsx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp31d5.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN1.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN2.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN3.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN4.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN5.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN6.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN7.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN8.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\VIRSCAN9.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3236.tmp\WHATSNEW.979
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp3ee6.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp4d7a.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52a4.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp52b.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5667.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp5e30.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmp7d66.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\nco.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\sesmvirdef32incr.dis
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\V.990
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\V.991
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN1.989
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN2.988
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN3.987
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN4.986
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN5.985
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN6.984
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN7.983
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN8.982
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\VIRSCAN9.981
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpa09.tmp\WHATSNEW.980
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ECBOOTIL.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\HH
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVENG.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVENG.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVEX15.EXP
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVEX15.VXD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\vscanmsx.dat
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\VirusDefs\tmpf93.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\VirusDefs\usage.dat
c:\program files\Eusing Free Registry Cleaner
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20081115142521.reg
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20081115143243.reg
c:\program files\Eusing Free Registry Cleaner\options.ini
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 06:39 PM   #16 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
And...the second part

Thank you!!!


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_eeCtrl
-------\Service_eeCtrl


((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 01:10 . 2006-07-18 23:46 88328 ----a-w- c:\documents and settings\SHELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-25 20:41 . 2006-07-18 21:37 -------- d-----w- c:\program files\BibleCD
2009-10-25 20:33 . 2006-04-11 11:32 -------- d-----w- c:\program files\Java
2009-10-24 03:57 . 2006-04-11 12:05 -------- d-----w- c:\program files\WildTangent
2009-10-24 03:53 . 2008-08-05 11:56 -------- d-----w- c:\program files\Whale Communications
2009-10-24 03:48 . 2008-11-08 20:55 -------- d-----w- c:\program files\McAfee
2009-10-16 01:02 . 2008-11-08 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-25 05:37 . 2004-08-04 08:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-16 14:22 . 2008-11-08 20:59 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2008-11-08 20:59 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2008-11-08 20:59 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2008-11-08 20:59 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2008-11-08 21:00 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-13 21:44 . 2007-06-03 20:00 -------- d-----w- c:\documents and settings\SHELL\Application Data\Apple Computer
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 04:42 . 2009-09-07 04:38 -------- d-----w- c:\program files\iTunes
2009-09-07 04:40 . 2009-09-07 04:39 -------- d-----w- c:\program files\iPod
2009-09-07 04:39 . 2007-10-28 23:24 -------- d-----w- c:\program files\Common Files\Apple
2009-09-07 04:32 . 2007-01-25 03:04 -------- d-----w- c:\program files\QuickTime
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-04 08:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 08:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 08:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 08:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-28 08:37 . 2009-07-28 04:13 155255392 ----a-w- c:\program files\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
2009-04-24 12:42 . 2009-04-24 12:42 133492859 ----a-w- c:\program files\openofficeorg1.cab
2009-04-24 12:42 . 2009-04-24 12:42 9815040 ----a-w- c:\program files\openofficeorg31.msi
2009-04-23 22:36 . 2009-04-23 22:36 336 ----a-w- c:\program files\setup.ini
2009-02-12 23:41 . 2008-09-06 21:47 6346200 ----a-w- c:\program files\yahoo_trijong_tm5-3.exe
2008-12-13 19:59 . 2008-12-13 19:59 1708432 ----a-w- c:\program files\install_easyshare.exe
2008-11-15 19:16 . 2008-11-15 19:16 948113 ----a-w- c:\program files\EFRCSetup.exe
2008-11-08 19:21 . 2008-11-08 19:15 4189808 ----a-w- c:\program files\ComcastToolbar2_2.exe
2008-10-19 19:31 . 2008-10-05 22:23 7508608 ----a-w- c:\program files\Firefox Setup 3.0.3.exe
2008-10-11 03:57 . 2008-10-11 03:40 46829456 ----a-w- c:\program files\zlsSetup_70_483_000_en.exe
2008-10-09 12:05 . 2008-10-09 12:02 27462344 ----a-w- c:\program files\setupeng.exe
2008-10-09 01:47 . 2008-10-09 01:45 18063480 ----a-w- c:\program files\SpySweeperSNRSetup_EN.exe
2008-10-08 02:34 . 2008-10-08 02:32 19153264 ----a-w- c:\program files\aaw2008.exe
2008-10-03 22:27 . 2008-10-03 22:26 1681784 ----a-w- c:\program files\SystemCheckup_ZoneAlarm2.exe
2008-09-27 19:17 . 2008-09-27 19:01 67110184 ----a-w- c:\program files\iTunes8Setup.exe
2008-09-20 00:47 . 2008-09-20 00:47 491932 ----a-w- c:\program files\MyContracts.zip
2008-09-06 21:49 . 2008-09-06 21:49 4584376 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2008-08-28 17:38 . 2008-08-28 17:35 22458664 ----a-w- c:\program files\SkypeSetup.exe
2008-08-16 23:20 . 2008-08-16 23:19 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
2008-08-16 15:16 . 2008-08-16 15:15 17337894 ----a-w- c:\program files\setuptte.exe
2008-06-03 21:12 . 2008-06-03 21:11 7492608 ----a-w- c:\program files\Firefox Setup 3.0 RC 1.exe
2008-03-31 14:23 . 2008-03-31 14:24 206584 ----a-w- c:\program files\zaSetup_en.exe
2008-03-30 13:04 . 2008-03-30 13:03 12318509 ----a-w- c:\program files\CFP_Setup_3.0.19.318_XP_Vista_x32.exe.part
2008-03-30 13:03 . 2008-03-30 12:53 35960792 ----a-w- c:\program files\avg75free_519a1276.exe
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
2003-12-05 01:16 . 2006-07-29 15:48 69632 --sh--r- c:\windows\lnchshll.exe
2003-12-05 01:16 . 2006-07-29 15:48 49152 --sh--r- c:\windows\ScrnInt.exe
2003-12-05 15:41 . 2006-07-29 15:48 368640 --sh--r- c:\windows\trsbt.exe
2006-07-18 21:25 . 2006-07-18 21:25 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-28_02.01.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-01 00:15 . 2009-11-01 00:15 16384 c:\windows\Temp\Perflib_Perfdata_27c.dat
+ 2006-07-18 23:25 . 2009-10-31 22:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-07-18 23:25 . 2009-10-27 23:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-28 03:11 . 2009-10-31 22:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-07-18 23:25 . 2009-10-27 23:06 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-23 40960]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\documents and settings\SHELL\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 trsbt;trsbt;c:\windows\trsbt.exe [7/29/2006 11:48 AM 368640]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-08 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/comcast.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - component: c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\SHELL\Application Data\Mozilla\Firefox\Profiles\7gxdin7c.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2009-11-01 20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 00:35
ComboFix2.txt 2009-10-28 02:19

Pre-Run: 41,004,720,128 bytes free
Post-Run: 40,781,000,704 bytes free

- - End Of File - - E781EB750155CEBC7311F4E8FF70B0A4
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 07:40 PM   #17 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Hello again, shellyrbaker. I need to see results from an online scan.

Quote:
It gets stuck while it is scanning the itunes files. This is the one it is currently stuck on C:\Documents and ...ache\iTunes 7.5.0.20
Quote:
One of the first things that I noticed about the system being extremely slow is that it would not play a song from Itunes. As I think about how this problem first started I remembered that I downloaded an update to itunes one night before going to bed. The next morning I could not play itunes songs without them dragging so bad that you could barely make out the song. Since then the computer has been very slow and then I noticed the rundll error.
Uninstall iTunes. You can re-install it when we are done.

Run Kaspersky again and post the report in your next reply. Be sure to disable VirusScan before the scan.

If you have to, navigate to that file/folder Kaspersky gets stuck on, and delete it.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-05-2009, 08:24 PM   #18 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
I am so frustrated with this online scan process. I have tried everything I know to do. I turn off the virus scan first. I have uninstalled itunes, then it got stuck on quicktime so I uninstalled it. Then it was apple mobile device support so I uninstalled it. Then I realized that each of the times it got stuck the name of the file was something like c:documents and sett....ache..... so I cleared the cache. I have also restarted. After each time I try the kapersky scan and here is where it is stuck this time

Scanning: QuickTime.msi
Path: C:\Documents and ...ache\iTunes 7.2.0.34

I dont understand how this file is even on the computer anymore?????

What else should I do???
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-06-2009, 05:12 AM   #19 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,538
OS: XP SP3


Re: need help rundll error DID 1ST STEPS
Hello again, shellyrbaker. Try ESET:

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here to run an online scannner from ESET and Save the file to your Desktop.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install.
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives, click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Scan
  • Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic and also let me know how things are now.
------------------------------------------------------

If you have trouble with your computer blocking the ActiveX, go here and temporarily turn the feature off:

http://www.windowsreference.com/inte...the-publisher/

Remember to turn it back on after the scan!

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 07:31 AM   #20 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 13
OS: xp


Re: need help rundll error DID 1ST STEPS
It worked!! I was able to complete the ESET scan and I have pasted the log below. My computer is still very slow. I just tried to go to youtube to test the speed while watching a video. It is still virtually impossible to watch, it drags so much you can barely make out even one word the person was saying. Once the buffereing is done it plays much better but still with some dragging. It also still has some hesitation when typing. Most of the time you can type fine but there are times you have to stop for a few seconds so it can catch up.

Here is the ESET log:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f798a8dc12bb5c4cadf83387196b1790
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-07 06:22:41
# local_time=2009-11-07 01:22:41 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 16774142 0 1 29648897 29648897 0 0
# compatibility_mode=5121 16776869 100 96 1123966 9561385 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=102314
# found=1
# cleaned=0
# scan_time=22311
C:\Program Files\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
shelleyrbaker is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:57 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85