|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
04-08-2005, 10:33 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
Possible malware, help needed
I'm having some problems with the computer:
1. My Microsoft Internet Explorer address bar isn't working (when i enter the address and press go or enter nothing happens and when I want to check in what addresses I were it starts to load and doesn't respond) 2. when I go to My computer it loads for a long time (about 30-60sec) and then shows the content (C:, D:, E: hard drives, F: cd-rom...) but all other folders open in ~1 sec (as normaly). And here's the log: ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 19:29:07, on 2005.04.08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\PROGRA~1\Webshots\webshots.scr O1 - Hosts: 66.199.231.174 www.google.com O1 - Hosts: 66.199.231.174 google.com O1 - Hosts: 66.199.231.174 www.google.co.uk O1 - Hosts: 66.199.231.174 google.co.uk O1 - Hosts: 66.199.231.174 www.google.ca O1 - Hosts: 66.199.231.174 google.ca O1 - Hosts: 66.199.231.174 www.google.es O1 - Hosts: 66.199.231.174 google.es O1 - Hosts: 66.199.231.174 www.google.de O1 - Hosts: 66.199.231.174 google.de O1 - Hosts: 66.199.231.174 www.google.fr O1 - Hosts: 66.199.231.174 google.fr O1 - Hosts: 66.199.231.174 www.google.com.au O1 - Hosts: 66.199.231.174 google.com.au O1 - Hosts: 66.199.231.173 www.yahoo.com O1 - Hosts: 66.199.231.173 yahoo.com O1 - Hosts: 66.199.231.172 www.msn.com O1 - Hosts: 66.199.231.172 msn.com O1 - Hosts: 66.199.231.172 search.msn.com O1 - Hosts: 66.199.231.172 www.go.com O1 - Hosts: 66.199.231.172 go.com O1 - Hosts: 66.199.231.171 astalavista.com O1 - Hosts: 66.199.231.171 www.astalavista.com O1 - Hosts: 66.199.231.171 astalavista.box.sk O1 - Hosts: 66.199.231.171 cracks.am O1 - Hosts: 66.199.231.171 www.cracks.am O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch.ocx (file missing) O4 - HKLM\..\Run: [hl2l] C:\Program Files\css\hl2l.exe O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.exe O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102610375451 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A74C5CE8-B9D4-4489-9120-B0A478F4F0A9}: NameServer = 212.59.0.1 212.59.0.2 O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing) O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: dlite (dllmanager.exe) - Unknown owner - C:\WINDOWS\System32\dllmanager.exe" -netsvcs (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) End of KRC HijackThis Analyzer Log. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-08-2005, 11:11 AM
|
#2 (permalink) |
|
TSF Enthusiast
Join Date: Nov 2004
Posts: 437
OS: WinXP
 |
Hi and welcome to TSF.
I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p Please be patient with me during this time. We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread". |
|
|
|
|
04-08-2005, 12:24 PM
|
#3 (permalink) |
|
TSF Enthusiast
Join Date: Nov 2004
Posts: 437
OS: WinXP
|
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
Turn off System Restore by doing the following: Click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK. Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. If you have a fast internet connection (broadband), run an online scan at Trend Micro or RAV Antivirus. Please select the autoclean option when using Trend Micro. Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds. Please download Spybot S&D and install it if you don't have it already. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Don't run it yet. Reboot into Safe Mode (hit F8 key until menu shows up). Open Hijack This and click on Scan. Check the following entries, if they are still there.(make sure you do not miss any) O1 - Hosts: 66.199.231.174 www.google.com O1 - Hosts: 66.199.231.174 google.com O1 - Hosts: 66.199.231.174 www.google.co.uk O1 - Hosts: 66.199.231.174 google.co.uk O1 - Hosts: 66.199.231.174 www.google.ca O1 - Hosts: 66.199.231.174 google.ca O1 - Hosts: 66.199.231.174 www.google.es O1 - Hosts: 66.199.231.174 google.es O1 - Hosts: 66.199.231.174 www.google.de O1 - Hosts: 66.199.231.174 google.de O1 - Hosts: 66.199.231.174 www.google.fr O1 - Hosts: 66.199.231.174 google.fr O1 - Hosts: 66.199.231.174 www.google.com.au O1 - Hosts: 66.199.231.174 google.com.au O1 - Hosts: 66.199.231.173 www.yahoo.com O1 - Hosts: 66.199.231.173 yahoo.com O1 - Hosts: 66.199.231.172 www.msn.com O1 - Hosts: 66.199.231.172 msn.com O1 - Hosts: 66.199.231.172 search.msn.com O1 - Hosts: 66.199.231.172 www.go.com O1 - Hosts: 66.199.231.172 go.com O1 - Hosts: 66.199.231.171 astalavista.com O1 - Hosts: 66.199.231.171 www.astalavista.com O1 - Hosts: 66.199.231.171 astalavista.box.sk O1 - Hosts: 66.199.231.171 cracks.am O1 - Hosts: 66.199.231.171 www.cracks.am O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch.ocx (file missing) O4 - HKLM\..\Run: [hl2l] C:\Program Files\css\hl2l.exe O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.exe O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing) O23 - Service: dlite (dllmanager.exe) - Unknown owner - C:\WINDOWS\System32\dllmanager.exe" -netsvcs (file missing) Please remember to close all other windows, including browsers then click Fix checked. Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\System32\dllmanager.exe C:\WINDOWS\system32\iexplorer.exe C:\WINDOWS\system32\azesearch.ocx explorar.exe -- Make sure it is this file and not explorer.exe iexplorer.dll --You will have too search for these 2 Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. |
|
|
|
|
04-09-2005, 07:31 AM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
Well I don everything you sead except the CleanUp! tool (can't download it, the links are down), but still getting the same problem.
 ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 16:27:07, on 2005.04.09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\PROGRA~1\Webshots\webshots.scr O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102610375451 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A74C5CE8-B9D4-4489-9120-B0A478F4F0A9}: NameServer = 212.59.0.1 212.59.0.2 O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: dlite (dllmanager.exe) - Unknown owner - C:\WINDOWS\System32\dllmanager.exe" -netsvcs (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) End of KRC HijackThis Analyzer Log. ==================================================================== BTW, I couldn't find the files C:\WINDOWS\System32\dllmanager.exe, C:\WINDOWS\System32\iexplerer.exe, C:\WINDOWS\System32\azesearch.ocx, and explorar.exe, iexplorer.dll (this one i think I have deleted) Last edited by Delusory; 04-09-2005 at 07:37 AM. |
|
|
|
|
04-10-2005, 03:19 AM
|
#5 (permalink) |
|
TSF Enthusiast
Join Date: Nov 2004
Posts: 437
OS: WinXP
|
The files were probably removed by the virus scan.
I really want you to run cleanup, I have checked both the links and they seem to work. I have uploaded it to my webspace for you incase, click http://www.boboserve.com/Cleanup.exe to download cleanup, we will run it later. Reboot into Safe Mode (hit F8 key until menu shows up). Go to Start->Run and type in services.msc and hit OK. Then look for dlite (dllmanager.exe) Double click on it. Click on the Stop button and under Startup type, choose Disabled. Open Hijack This and click on Scan. Check the following entries, if they are still there.(make sure you do not miss any) O23 - Service: dlite (dllmanager.exe) - Unknown owner - C:\WINDOWS\System32\dllmanager.exe" -netsvcs (file missing) Please remember to close all other windows, including browsers then click Fix checked. Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\System32\dllmanager.exe Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. |
|
|
|
|
04-10-2005, 06:48 AM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
Well I done every thing that you sead, but still getting the same problem.
C:\WINDOWS\System32\dllmanager.exe - can't find it. The log: ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 15:42:12, on 2005.04.10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\PROGRA~1\Webshots\webshots.scr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102610375451 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) End of KRC HijackThis Analyzer Log. |
|
|
|
|
04-11-2005, 08:35 AM
|
#7 (permalink) |
|
TSF Enthusiast
Join Date: Nov 2004
Posts: 437
OS: WinXP
|
Download Hoster (http://www.greyknight17.com/spy/Hoster.exe) and run it. Choose the 'Restore Original Hosts' button and press OK.
Let's have a deeper look. Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies. Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip Unzip to its own folder and start the program: Press 'Config' Press 'mark all' Uncheck the following boxes only: System/Running Process -> List Modules System/Drivers -> NT Services System/Drivers -> NT Kernel- and FS-drivers Press 'OK' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread. |
|
|
|
|
04-12-2005, 08:19 AM
|
#8 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
the TDS3 log files:
16:13:47 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 16:13:47 [Init] Started 12-04-05 16:13:47 FLE Standard Time (UTC: -2), Internet Time @592,91 16:13:47 [Init] Loading TDS-3 Systems ... 16:13:47 [Init] Token successfully adjusted. 16:13:47 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 16:13:47 [Init] • Plugins : OK. Loaded 13 16:13:47 [Init] • Exec Protection : Not Installed 16:13:47 [Init] WARNING: Your Radius.TD3 database needs to be updated! 16:13:47 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 16:13:47 [Init] Licensed users can use the Update facility from the TDS menu 16:13:48 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 16:13:56 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 16:13:56 [Init] • Systems Initialised [52064 references - 26465 primaries/13383 traces/12216 variants/other] 16:13:56 [Init] Radius Systems loaded. <Databases updated 12-04-2005> 16:13:56 [Init] TDS-3 Ready. <Mindaug@s@127.0.0.1, 85.206.225.140 - Lithuania> 16:13:56 [Tip Of The Day] Using 127.0.0.1 as the Target Host, you can use the various port queries and utilities to test your own computer. 16:13:56 [TDS] Good afternoon Mindaug@s. 16:14:03 [Mutex Memory Scan] Started... 16:14:04 [Mutex Memory Scan] Finished (no trojan mutexes found). 16:14:04 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 16:14:52 [CRC32] Started - verifying 29 files ... 16:14:53 [CRC32] File doesn't exist: C:\autoexec.bat 16:14:59 [CRC32] Test finished. 16:16:34 [Memory Scan] Memory scan started, please wait a moment ... 16:16:35 [Memory Scan] Memory scan complete. 16:16:35 [Mutex Memory Scan] Started... 16:16:36 [Mutex Memory Scan] Finished (no trojan mutexes found). 16:16:36 [Trace Scan] Started... 16:16:43 [Trace Scan] Finished. 16:16:43 [ServiceScan] Scanning for services and drivers ... 16:16:48 [ServiceScan] Scanned 346 services and drivers. 16:16:48 [File Scan] Scanning in A:\ ... 16:16:50 [File Scan] Scanned 0 files: 0 alarms in 1,0625 seconds (Avg 1, files/sec) 16:16:50 [File Scan] Scanning in C:\ ... 17:00:50 [File Scan] Scanned 80109 files: 13 alarms in 2640,141 seconds (Avg 31,34 files/sec) 17:00:50 [File Scan] Scanning in D:\ ... 17:04:14 [File Scan] Scanned 5871 files: 13 alarms in 204,0313 seconds (Avg 29,78 files/sec) 17:04:14 [File Scan] Scanning in E:\ ... 17:04:53 [File Scan] Scanned 264 files: 13 alarms in 38,65625 seconds (Avg 7,83 files/sec) 17:04:53 [File Scan] Scanning in F:\ ... 17:04:57 [File Scan] Scanned 1 files: 13 alarms in 4,890625 seconds (Avg 1,2 files/sec) 17:04:57 [File Scan] Scanning in G:\ ... 17:05:05 [File Scan] Scanned 67 files: 13 alarms in 7,765625 seconds (Avg 9,63 files/sec) 17:05:05 [File Scan] Scanning in H:\ ... 17:05:05 [File Scan] Scanned 0 files: 13 alarms in 0 seconds (Avg -1,#IND files/sec) 17:05:05 [Scan] Finished. Scan Control Dumped @ 17:07:00 12-04-05 Suspicious Filename: Dual extensions File: c:\documents and settings\mindaug@s\desktop\firefox setup 1.0.2.exe Positive identification <Adv>: Possible WebDownloader File: c:\documents and settings\mindaug@s\desktop\games\cs hacks\furioussp\furioussp.exe Suspicious Filename: Dual extensions File: c:\documents and settings\mindaug@s\desktop\games\cs hacks\ogc_re\cdd 4.26.1 c.exe Positive identification (embedded in file): Keylog.HotKeysHook (dll) (Possible Keylog DLL) File: c:\documents and settings\mindaug@s\desktop\misc\black and white cheats\black_and_white_trainer_15\bw110.exe Suspicious Filename: Dual extensions File: c:\documents and settings\mindaug@s\desktop\misc\new things 4 cs\c]-[r0n!c m!x ~^vol1[1].0~^\c]-[r0n!c m!x ~^vol1.0~^\c]-[r0n!c m!x ~^vol1.0~^.exe Positive identification (embedded in file): Keylog.HotKeysHook (dll) (Possible Keylog DLL) File: c:\documents and settings\mindaug@s\desktop\misc\nfsu2\nfsu2trcr11\nfsu2trcr.exe Suspicious Filename: Dual extensions File: c:\documents and settings\mindaug@s\desktop\misc\sid meyer's\sidmeierspiratessupertrainer\piratestrn-062.exe.exe Positive identification (embedded in file): Keylog.HotKeysHook (dll) (Possible Keylog DLL) File: c:\documents and settings\mindaug@s\desktop\misc\sid meyer's\sidmeierspiratessupertrainer\piratestrn-062.exe.exe Positive identification: Riskware.ProcessRestart File: c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\restart.exe Positive identification: Riskware.ProcessRestart File: c:\program files\logitech\desktop messenger\8876480\6.1.4.61-8876480l\program\restart.exe Positive identification: Trojan.Win32.Dialer.q16 File: c:\recycler\s-1-5-21-796845957-1770027372-682003330-1003\dc7.exe Positive identification: Trojan.Win32.Dialer.q16 File: c:\recycler\s-1-5-21-796845957-1770027372-682003330-1003\dc8.exe Positive identification: Riskware.Tool.KillApp.b File: c:\windows\system32\killapps.exe |
|
|
|
|
04-12-2005, 08:21 AM
|
#9 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
the StartDreck log:
StartDreck (build 2.1.7 public stable) - 2005-04-12 @ 17:11:42 (GMT +03:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Mindaug@s at MINDAUGAS »Registry »Run Keys »Current User »Run *MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background *ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe *LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe *Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized *TaskTray=C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe *Taskbar=C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe »RunOnce +CTStartup *CTStartup="C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play »Default User »Run *CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE *dlite=dllmanager.exe *Start Upping=taksmgr.exe *Windows Compliant=tlfzfx.exe *Start Uppings=mssupdate.exe *Microsoft WinUpdate=spoolsvs.exe »RunOnce *dlite=dllmanager.exe »Local Machine »Run *SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe *NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup *nwiz=nwiz.exe /install *NeroCheck=C:\WINDOWS\system32\\NeroCheck.exe *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *Advanced Tools Check=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE *WinampAgent=C:\Program Files\Winamp\winampa.exe *Logitech Utility=Logi_MwX.Exe *DAEMON Tools-1033="C:\Program Files\D-Tools\daemon.exe" -lang 1033 *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot *Disc Detector=C:\Program Files\Creative\ShareDLL\CtNotify.exe *UpdReg=C:\WINDOWS\Updreg.exe *CTStartup=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run *Jet Detection=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit *Omnipage=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx *Register Homesite+.exe="C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar2.dll *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll *IEFlash.IEFlash/{E5A1691B-D188-4419-AD02-90002030B8EE} `InprocServer32=C:\PROGRA~1\FlashFXP\IEFlash.dll »Internet Explorer »Current User *Local Page=C:\WINDOWS\system32\blank.htm *Search Page= *Start Page=about:blank +SearchUrl *provider= »Default User *Search Bar= *Search Page=http://ie.search.msn.com *Start Page=http://www.msn.com *SearchAssistant=http://ie.search.msn.com »Local Machine *Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=%SystemRoot%\system32\blank.htm *Search Page= *Start Page=about:blank *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll *SystemCheck2= `InprocServer32= »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *C:\Documents and Settings\Mindaug@s\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\Mindaug@s\Start Menu\Programs\Startup\Webshots.lnk »Default User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 *C:\WINDOWS\hosts `66.199.231.174 www.google.com `66.199.231.174 google.com `66.199.231.174 www.google.co.uk `66.199.231.174 google.co.uk `66.199.231.174 www.google.ca `66.199.231.174 google.ca `66.199.231.174 www.google.es `66.199.231.174 google.es `66.199.231.174 www.google.de `66.199.231.174 google.de `66.199.231.174 www.google.fr `66.199.231.174 google.fr `66.199.231.174 www.google.com.au `66.199.231.174 google.com.au `66.199.231.173 www.yahoo.com `66.199.231.173 yahoo.com `66.199.231.172 www.msn.com `66.199.231.172 msn.com `66.199.231.172 search.msn.com `66.199.231.172 www.go.com `66.199.231.172 go.com `66.199.231.171 astalavista.com `66.199.231.171 www.astalavista.com `66.199.231.171 astalavista.box.sk `66.199.231.171 cracks.am `66.199.231.171 www.cracks.am *C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\system32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\notepad.exe *C:\WINDOWS\notepad.exe +C:\WINDOWS\system32\slrundll.exe *C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\taskman.exe *C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\winhlp32.exe *C:\WINDOWS\winhlp32.exe »System/Drivers »Running Processes +0=<idle> +4=<system> +492=\SystemRoot\System32\smss.exe *C:\WINDOWS\system32\ntdll.dll +548=\??\C:\WINDOWS\system32\csrss.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\CSRSRV.dll *C:\WINDOWS\system32\basesrv.dll *C:\WINDOWS\system32\winsrv.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\KERNEL32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\sxs.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\VERSION.dll +572=\??\C:\WINDOWS\system32\winlogon.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\NDdeApi.dll *C:\WINDOWS\system32\PROFMAP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\odbcint.dll *C:\WINDOWS\system32\SHSVCS.dll *C:\WINDOWS\system32\sfc.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\WINSCARD.DLL *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\sxs.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\cscdll.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\WlNotify.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\cscui.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\xpsp2res.dll +616=C:\WINDOWS\system32\services.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SCESRV.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\umpnpmgr.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\eventlog.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\wtsapi32.dll +628=C:\WINDOWS\system32\lsass.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\LSASRV.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SAMSRV.dll *C:\WINDOWS\system32\cryptdll.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\msprivs.dll *C:\WINDOWS\system32\kerberos.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\netlogon.dll *C:\WINDOWS\system32\w32time.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\schannel.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\wdigest.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\setupapi.dll *C:\WINDOWS\system32\scecli.dll *C:\WINDOWS\system32\ipsecsvc.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\oakley.DLL *C:\WINDOWS\system32\WINIPSEC.DLL *C:\WINDOWS\system32\pstorsvc.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\psbase.dll *C:\WINDOWS\system32\dssenh.dll +772=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\SAMLIB.dll *c:\windows\system32\rpcss.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\msi.dll *c:\windows\system32\termsrv.dll *c:\windows\system32\ICAAPI.dll *c:\windows\system32\SETUPAPI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *c:\windows\system32\AUTHZ.dll *c:\windows\system32\mstlsapi.dll *c:\windows\system32\ACTIVEDS.dll *c:\windows\system32\adsldpc.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\rsaenh.dll +852=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\rpcss.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msi.dll +892=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\xpsp2res.dll *c:\windows\system32\shsvcs.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *c:\windows\system32\dhcpcsvc.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\Secur32.dll *C:\WINDOWS\System32\rsaenh.dll *c:\windows\system32\wzcsvc.dll *c:\windows\system32\rtutils.dll *c:\windows\system32\WMI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *c:\windows\system32\WTSAPI32.dll *c:\windows\system32\ESENT.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\System32\SETUPAPI.DLL *C:\WINDOWS\System32\rastls.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\SCHANNEL.dll *C:\WINDOWS\System32\WinSCard.dll *C:\WINDOWS\System32\raschap.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *c:\windows\system32\schedsvc.dll *c:\windows\system32\NTDSAPI.dll *C:\WINDOWS\System32\MSIDLE.DLL *c:\windows\system32\audiosrv.dll *c:\windows\system32\wkssvc.dll *c:\windows\system32\cryptsvc.dll *c:\windows\system32\certcli.dll *c:\windows\system32\srvsvc.dll *c:\windows\pchealth\helpctr\binaries\pchsvc.dll *c:\windows\system32\es.dll *c:\windows\system32\ersvc.dll *c:\windows\system32\dmserver.dll *C:\WINDOWS\System32\HNETCFG.DLL *c:\windows\system32\netman.dll *c:\windows\system32\netshell.dll *c:\windows\system32\credui.dll *c:\windows\system32\WZCSAPI.DLL *c:\windows\system32\seclogon.dll *c:\windows\system32\srsvc.dll *c:\windows\system32\POWRPROF.dll *c:\windows\system32\sens.dll *C:\WINDOWS\System32\SXS.DLL *c:\windows\system32\trkwks.dll *c:\windows\system32\w32time.dll *c:\windows\system32\MSVCP60.dll *c:\windows\system32\wbem\wmisvc.dll *C:\WINDOWS\system32\VSSAPI.DLL *c:\windows\system32\browser.dll *c:\windows\system32\wuauserv.dll *c:\windows\system32\ipnathlp.dll *c:\windows\system32\MSWSOCK.dll *c:\windows\system32\AUTHZ.dll *C:\WINDOWS\system32\wuaueng.dll *C:\WINDOWS\System32\ADVPACK.dll *C:\WINDOWS\System32\SHFOLDER.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\WINHTTP.dll *C:\WINDOWS\System32\Cabinet.dll *C:\WINDOWS\System32\mspatcha.dll *C:\WINDOWS\System32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\comsvcs.dll *C:\WINDOWS\system32\MTXCLU.DLL *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\colbact.DLL *C:\WINDOWS\System32\CLUSAPI.DLL *C:\WINDOWS\System32\RESUTILS.DLL *c:\windows\system32\wscsvc.dll *c:\windows\system32\msi.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *C:\WINDOWS\System32\Wbem\wbemcore.dll *C:\WINDOWS\System32\Wbem\esscli.dll *C:\WINDOWS\System32\Wbem\FastProx.dll *C:\WINDOWS\System32\wbem\wmiutils.dll *C:\WINDOWS\System32\wbem\repdrvfs.dll *C:\WINDOWS\System32\wbem\wmiprvsd.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\System32\wbem\wbemess.dll *C:\WINDOWS\System32\wbem\ncprov.dll *C:\WINDOWS\System32\upnp.dll *C:\WINDOWS\System32\SSDPAPI.dll *C:\WINDOWS\System32\netcfgx.dll *C:\WINDOWS\System32\rasmans.dll *C:\WINDOWS\System32\WINIPSEC.DLL *c:\windows\system32\tapisrv.dll *c:\windows\system32\PSAPI.DLL *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\System32\rastapi.dll *C:\WINDOWS\System32\unimdm.tsp *C:\WINDOWS\System32\uniplat.dll *C:\WINDOWS\System32\kmddsp.tsp *C:\WINDOWS\System32\ndptsp.tsp *C:\WINDOWS\System32\ipconf.tsp *C:\WINDOWS\System32\h323.tsp *C:\WINDOWS\System32\hidphone.tsp *C:\WINDOWS\System32\HID.DLL *C:\WINDOWS\System32\rasppp.dll *C:\WINDOWS\System32\ntlsapi.dll *C:\WINDOWS\system32\kerberos.dll *C:\WINDOWS\System32\cryptdll.dll *C:\WINDOWS\System32\RASDLG.dll *C:\WINDOWS\system32\msxml3.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\System32\dssenh.dll *C:\WINDOWS\System32\cryptnet.dll *C:\WINDOWS\System32\SensApi.dll +944=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\dnsrslvr.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll +1024=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\xpsp2res.dll *c:\windows\system32\lmhsvc.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\webclnt.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\wsock32.dll *c:\windows\system32\regsvc.dll *c:\windows\system32\ssdpsrv.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll +1200=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\Secur32.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\netapi32.dll +1208=C:\WINDOWS\Explorer.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\BROWSEUI.dll *C:\WINDOWS\system32\SHDOCVW.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\System32\themeui.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\MSIMG32.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\ACTXPRXY.DLL *C:\WINDOWS\System32\msutb.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\system32\LINKINFO.dll *C:\WINDOWS\system32\ntshrui.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\NETSHELL.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\msi.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\System32\webcheck.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\stobject.dll *C:\WINDOWS\System32\BatMeter.dll *C:\WINDOWS\System32\POWRPROF.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\system32\rsaenh.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\wdmaud.drv *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\midimap.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\davclnt.dll *C:\WINDOWS\system32\RASDLG.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\RASAPI32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\nvcpl.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\OLEACC.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\nvshell.dll *C:\WINDOWS\system32\browselc.dll *C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *C:\WINDOWS\system32\olepro32.dll *C:\Program Files\Norton AntiVirus\NavShExt.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\DUSER.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\odbcint.dll *C:\Program Files\Microsoft Office\Office10\msohev.dll *C:\WINDOWS\system32\MLANG.dll *C:\WINDOWS\system32\shdoclc.dll *C:\Program Files\PowerArchiver\PASHLEXT.DLL *C:\WINDOWS\system32\tds3shl.dll *C:\Program Files\WinRAR\rarext.dll *C:\Program Files\JetAudio\JetFlExt.dll +1236=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL *C:\PROGRA~1\NORTON~1\NAVEVENT.DLL +1420=C:\WINDOWS\system32\spoolsv.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\SPOOLSS.DLL *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\localspl.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\winspool.drv *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\cnbjmon.dll *C:\WINDOWS\system32\pjlmon.dll *C:\WINDOWS\system32\tcpmon.dll *C:\WINDOWS\system32\usbmon.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\win32spl.dll *C:\WINDOWS\system32\NETRAP.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\inetpp.dll *C:\WINDOWS\system32\xpsp2res.dll +1512=C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll +1540=C:\WINDOWS\system32\CTsvcCDA.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll +1580=C:\Program Files\Norton AntiVirus\navapsvc.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\Program Files\Norton AntiVirus\SAVRT32.DLL *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL +1624=C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\Norton AntiVirus\AdvTools\S32KRNLL.DLL *C:\Program Files\Norton AntiVirus\AdvTools\NUMISC.DLL *C:\Program Files\Norton AntiVirus\AdvTools\S32UTILL.DLL *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Norton AntiVirus\AdvTools\NPComSvr.DLL +1660=C:\WINDOWS\system32\nvsvc32.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\POWRPROF.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\iphlpapi.dll +1736=C:\Program Files\Norton AntiVirus\SAVScan.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Norton AntiVirus\SAVRT32.DLL *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\Program Files\Common Files\Symantec Shared\ccScan.dll *C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050406.008\ecmsvr32.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050406.008\NAVEX32a.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050406.008\NAVENG32.DLL *C:\Program Files\Norton AntiVirus\NAVAP32.DLL *C:\Program Files\Common Files\Symantec Shared\Decomposers\DECSDK.DLL *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\ole32.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll +1808=C:\WINDOWS\system32\ScsiAccess.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll +1912=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll *C:\WINDOWS\system32\MSVCR70.DLL *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll +1948=C:\WINDOWS\System32\wdfmgr.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll +2004=C:\WINDOWS\System32\MsPMSPSv.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\SAMLIB.dll +2040=C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\DBGHELP.DLL *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\netapi32.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis7.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis56.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\sscnav.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\System32\wbem\wbemprox.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *C:\Program Files\Norton AntiVirus\NAVAPSCR.dll *C:\WINDOWS\system32\ATL70.DLL *C:\WINDOWS\system32\WININET.dll *C:\Program Files\Norton AntiVirus\SAVRT32.DLL *C:\Program Files\Norton AntiVirus\NAVError.dll *C:\WINDOWS\System32\wbem\wbemsvc.dll *C:\PROGRA~1\NORTON~1\NAVOpts.dll *C:\PROGRA~1\NORTON~1\N32Exclu.dll *C:\PROGRA~1\NORTON~1\S32NAVO.DLL *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\System32\wbem\fastprox.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\System32\mstask.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL +444=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll +476=C:\Program Files\Common Files\Symantec Shared\ccApp.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL *C:\WINDOWS\system32\WINMM.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL *C:\WINDOWS\system32\MSWSOCK.dll *C:\WINDOWS\system32\SYMREDIR.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\MSCTF.dll *C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL *C:\WINDOWS\system32\ATL70.DLL *C:\PROGRA~1\NORTON~1\DEFALERT.DLL *C:\WINDOWS\system32\WININET.dll *C:\PROGRA~1\NORTON~1\NAVAPW32.DLL *C:\PROGRA~1\NORTON~1\apwutil.dll *C:\PROGRA~1\NORTON~1\SAVRT32.DLL *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\Norton AntiVirus\NAVOPTRF.DLL *C:\WINDOWS\System32\mstask.dll *C:\WINDOWS\System32\NTDSAPI.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\MPR.dll *C:\Program Files\Norton AntiVirus\apwcmdnt.dll *C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll *C:\Program Files\Common Files\Symantec Shared\ccProSub.dll *C:\Program Files\Norton AntiVirus\NavEmail.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\PROGRA~1\NORTON~1\NAVOpts.dll *C:\PROGRA~1\NORTON~1\N32Exclu.dll *C:\PROGRA~1\NORTON~1\S32NAVO.DLL *C:\Program Files\Norton AntiVirus\NAVError.dll *C:\Program Files\Norton AntiVirus\NAVAPSCR.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll +524=C:\Program Files\Winamp\winampa.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\MSCTF.dll +544=C:\Program Files\D-Tools\daemon.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\daemon.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\Program Files\D-Tools\PFCTOC.DLL *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll *C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll *C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll *C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll *C:\Program Files\D-Tools\Plugins\Images\pdimount.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\dsound.dll *C:\WINDOWS\system32\WINMM.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\MSCTF.dll +716=C:\Program Files\Common Files\Real\Update_OB\realsched.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\MSCTF.dll +632=C:\Program Files\Creative\ShareDLL\CtNotify.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\oledlg.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\CtDetRes.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Creative\ShareDLL\CTCDPWR.DLL *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\appHelp.dll +928=C:\WINDOWS\system32\RUNDLL32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\NvMcTray.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\MSCTF.dll +968=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\MSCTF.dll +964=C:\Program Files\Messenger\msmsgs.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll *C:\WINDOWS\system32\MSIMG32.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\cryptdll.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\XPOB2RES.DLL *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\System32\es.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll +988=C:\Program Files\Logitech\MouseWare\system\em_exec.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Logitech\MouseWare\system\EVENTEX.dll *C:\WINDOWS\system32\COMNCTR.dll *C:\Program Files\Logitech\MouseWare\system\MFC42.DLL *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\IMM32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Logitech\MouseWare\system\ccresrce.dll *C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\Logitech\MouseWare\System\devices.dll *C:\Program Files\Logitech\MouseWare\system\ccstmglb.dll *C:\Program Files\Logitech\MouseWare\system\ccustom.dll *C:\Program Files\Logitech\MouseWare\system\ccmsghk.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\system32\MSCTF.dll +1132=C:\WINDOWS\system32\ctfmon.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\MSUTB.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll +1116=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\backWeb.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\clntutil.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\bwsec.dll *C:\WINDOWS\system32\snmpapi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\PROGRA~1\Logitech\DESKTO~1\8876480\614~1.61-\program\EN\ClientRC.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\BWfiles.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\sensapi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\rsaenh.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\bwscriptext.dll *C:\WINDOWS\system32\inetmib1.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll *C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll *C:\WINDOWS\system32\wintrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *c:\windows\system32\vbscript.dll *C:\WINDOWS\system32\SXS.DLL *C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll +1036=C:\Program Files\Skype\Phone\Skype.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\user32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\advapi32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\oleaut32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\mpr.dll *C:\WINDOWS\system32\version.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\imm32.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\wininet.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\winmm.dll *C:\WINDOWS\system32\SHFolder.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\cryptui.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\msimg32.dll *C:\WINDOWS\system32\olepro32.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\wsock32.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll +1468=C:\Program Files\Creative\ShareDLL\MediaDet.Exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\CtDetres.DLL *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Creative\ShareDLL\CTCDPWR.DLL *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SXS.DLL +1564=C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\Creative\SBAudigy\Taskbar\CTLTRRes.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\ctdevcon.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ctosuser.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\system32\piaproxy.dll *C:\WINDOWS\system32\CTDPROXY.DLL *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\MSCTF.dll +1084=C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Creative\SBAudigy\Taskbar\Rotxe.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\Program Files\Creative\SBAudigy\Taskbar\CTLTRES.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\Program Files\Creative\SBAudigy\Taskbar\CTLGDE.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\ctdevcon.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ctosuser.dll *C:\WINDOWS\system32\piaproxy.dll *C:\WINDOWS\system32\CTDPROXY.DLL *C:\Program Files\Creative\ShareDLL\CTRMENU.DLL *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\ATL.DLL *C:\Program Files\Creative\SBAudigy\Taskbar\CTLGRES.DLL *C:\WINDOWS\System32\shdocvw.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll +2080=C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaDB.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\pjObjDB.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\MediaEngine.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\ipworks5.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaImage.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\KCat40.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\kcor40.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll *C:\WINDOWS\system32\ICMP.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVista.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\DbgHelp.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\RICHED32.DLL *C:\WINDOWS\system32\RICHED20.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCollection.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\AcqMod.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCollection.dll *C:\WINDOWS\system32\SHFolder.DLL *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrint.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaPrint.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\WINMM.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameraToDos.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameraToDosCamBack.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDSYSX.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocPCDsysx.dll *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaBrowser.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadSysx.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\WINDOWS\system32\xpsp2res.dll +2124=C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\backWeb.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\clntutil.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\bwsec.dll *C:\WINDOWS\system32\snmpapi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\PROGRA~1\Kodak\KODAKS~1\7288971\614~1.37-\program\EN\ClientRC.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\BWfiles.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\frext-7288971.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\frext.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\inetmib1.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWTargetInf.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll +2324=C:\Program Files\CASIO\Photo Loader\Plauto.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\oledlg.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll +2404=C:\PROGRA~1\Webshots\webshots.scr *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\oledlg.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\rasadhlp.dll +2976=C:\WINDOWS\System32\alg.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\MSWSOCK.DLL *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\xpsp2res.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll +3944=C:\Program Files\Internet Explorer\IEXPLORE.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHDOCVW.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\BROWSEUI.dll *C:\WINDOWS\system32\browselc.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\system32\SETUPAPI.dll *c:\program files\google\googletoolbar2.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\DBGHELP.DLL *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\rsaenh.dll *C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *C:\WINDOWS\system32\olepro32.dll *C:\Program Files\Norton AntiVirus\NavShExt.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\PROGRA~1\FlashFXP\IEFlash.dll *C:\WINDOWS\System32\mshtml.dll *C:\WINDOWS\System32\msls31.dll *C:\WINDOWS\system32\shdoclc.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\MLANG.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\System32\msimtf.dll *C:\WINDOWS\system32\IMM32.DLL *C:\Program Files\Microsoft Office\Office10\msohev.dll *C:\WINDOWS\System32\mshtmled.dll *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll *C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll *c:\windows\system32\jscript.dll *C:\WINDOWS\System32\dxtrans.dll *C:\WINDOWS\System32\ddrawex.dll *C:\WINDOWS\System32\DDRAW.dll *C:\WINDOWS\System32\DCIMAN32.dll *C:\WINDOWS\System32\dxtmsft.dll +980=C:\Documents and Settings\Mindaug@s\Desktop\StartDreck\StartDreck.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Documents and Settings\Mindaug@s\Desktop\StartDreck\VB40032.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\MSVCRT20.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\Documents and Settings\Mindaug@s\Desktop\StartDreck\VB4DE32.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.61-8876480L\Program\temp\IadHide4.dll *C:\DOCUME~1\MINDAU~1\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Documents and Settings\Mindaug@s\Desktop\StartDreck\PSAPI.DLL »NT Services |
|
|
|
|
04-12-2005, 08:22 AM
|
#10 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
*Alerter Alerter - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService *Application Layer Gateway Service ALG running on demand `binary: C:\WINDOWS\System32\alg.exe *Application Management AppMgmt - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Windows Audio AudioSrv running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Autodesk Licensing Service Autodesk Licensing S running auto `binary: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" *Background Intelligent Transfer Service BITS - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Computer Browser Browser running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Symantec Event Manager ccEvtMgr running auto `binary: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" *Symantec Password Validation ccPwdSvc - on demand `binary: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" *Symantec Settings Manager ccSetMgr running auto `binary: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" *Indexing Service cisvc - on demand `binary: C:\WINDOWS\System32\cisvc.exe *ClipBook ClipSrv - disabled `binary: C:\WINDOWS\system32\clipsrv.exe *COM+ System Application COMSysApp - on demand `binary: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} *Creative Service for CDROM Access Creative Service for running auto `binary: C:\WINDOWS\system32\CTsvcCDA.EXE *Cryptographic Services CryptSvc running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *DCOM Server Process Launcher DcomLaunch running auto `binary: C:\WINDOWS\system32\svchost -k DcomLaunch *DHCP Client Dhcp running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *dlite dllmanager.exe - disabled `binary: "C:\WINDOWS\System32\dllmanager.exe" -netsvcs *Logical Disk Manager Administrative Service dmadmin - on demand `binary: C:\WINDOWS\System32\dmadmin.exe /com *Logical Disk Manager dmserver running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *DNS Client Dnscache running auto `binary: C:\WINDOWS\System32\svchost.exe -k NetworkService *Error Reporting Service ERSvc running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Event Log Eventlog running auto `binary: C:\WINDOWS\system32\services.exe *COM+ Event System EventSystem running on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Fast User Switching Compatibility FastUserSwitchingCom running on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Help and Support helpsvc running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Human Interface Device Access HidServ - disabled `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *HTTP SSL HTTPFilter - on demand `binary: C:\WINDOWS\System32\svchost.exe -k HTTPFilter *IMAPI CD-Burning COM Service ImapiService - on demand `binary: C:\WINDOWS\System32\imapi.exe *Server lanmanserver running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Workstation lanmanworkstation running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *TCP/IP NetBIOS Helper LmHosts running auto `binary: C:\WINDOWS\System32\svchost.exe -k LocalService *Macromedia Licensing Service Macromedia Licensing - on demand `binary: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" *Messenger Messenger - disabled `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *NetMeeting Remote Desktop Sharing mnmsrvc - on demand `binary: C:\WINDOWS\System32\mnmsrvc.exe *Distributed Transaction Coordinator MSDTC - on demand `binary: C:\WINDOWS\System32\msdtc.exe *Windows Installer MSIServer - on demand `binary: C:\WINDOWS\System32\msiexec.exe /V *Norton AntiVirus Auto Protect Service navapsvc running auto `binary: "C:\Program Files\Norton AntiVirus\navapsvc.exe" *Network DDE NetDDE - disabled `binary: C:\WINDOWS\system32\netdde.exe *Network DDE DSDM NetDDEdsdm - disabled `binary: C:\WINDOWS\system32\netdde.exe *Net Logon Netlogon - on demand `binary: C:\WINDOWS\System32\lsass.exe *Network Connections Netman running on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Network Location Awareness (NLA) Nla running on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Norton Unerase Protection NProtectService running auto `binary: C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE *NT LM Security Support Provider NtLmSsp - on demand `binary: C:\WINDOWS\System32\lsass.exe *Removable Storage NtmsSvc - on demand `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *NVIDIA Display Driver Service NVSvc running auto `binary: C:\WINDOWS\system32\nvsvc32.exe *Plug and Play PlugPlay running auto `binary: C:\WINDOWS\system32\services.exe *IPSEC Services PolicyAgent running auto `binary: C:\WINDOWS\System32\lsass.exe *Protected Storage ProtectedStorage running auto `binary: C:\WINDOWS\system32\lsass.exe *Remote Access Auto Connection Manager RasAuto - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Remote Access Connection Manager RasMan running on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Remote Desktop Help Session Manager RDSessMgr - on demand `binary: C:\WINDOWS\system32\sessmgr.exe *Routing and Remote Access RemoteAccess - disabled `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Remote Registry RemoteRegistry running auto `binary: C:\WINDOWS\system32\svchost.exe -k LocalService *Remote Procedure Call (RPC) Locator RpcLocator - on demand `binary: C:\WINDOWS\System32\locator.exe *Remote Procedure Call (RPC) RpcSs running auto `binary: C:\WINDOWS\system32\svchost -k rpcss *QoS RSVP RSVP - on demand `binary: C:\WINDOWS\System32\rsvp.exe *Security Accounts Manager SamSs running auto `binary: C:\WINDOWS\system32\lsass.exe *SAVScan SAVScan running auto `binary: "C:\Program Files\Norton AntiVirus\SAVScan.exe" *ScriptBlocking Service SBService - auto `binary: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe *Smart Card SCardSvr - on demand `binary: C:\WINDOWS\System32\SCardSvr.exe *Task Scheduler Schedule running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *ScsiAccess ScsiAccess running auto `binary: C:\WINDOWS\system32\ScsiAccess.EXE *Secondary Logon seclogon running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *System Event Notification SENS running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Windows Firewall/Internet Connection Sharing (I SharedAccess running auto `CS) `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Shell Hardware Detection ShellHWDetection running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Symantec Network Drivers Service SNDSrvc - on demand `binary: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" *Print Spooler Spooler running auto `binary: C:\WINDOWS\system32\spoolsv.exe *System Restore Service srservice running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *SSDP Discovery Service SSDPSRV running on demand `binary: C:\WINDOWS\System32\svchost.exe -k LocalService *Windows Image Acquisition (WIA) stisvc - auto `binary: C:\WINDOWS\System32\svchost.exe -k imgsvc *MS Software Shadow Copy Provider SwPrv - on demand `binary: C:\WINDOWS\System32\dllhost.exe /Processid:{A6A3AB8A-7FC9-44CC-81CE-BE0926DD67CE} *Symantec Core LC Symantec Core LC running auto `binary: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe *SymWMI Service SymWSC running auto `binary: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe *Performance Logs and Alerts SysmonLog - on demand `binary: C:\WINDOWS\system32\smlogsvc.exe *Telephony TapiSrv running on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Terminal Services TermService running on demand `binary: C:\WINDOWS\System32\svchost -k DComLaunch *Themes Themes running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Telnet TlntSvr - on demand `binary: C:\WINDOWS\System32\tlntsvr.exe *Distributed Link Tracking Client TrkWks running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Windows User Mode Driver Framework UMWdf running auto `binary: C:\WINDOWS\System32\wdfmgr.exe *Universal Plug and Play Device Host upnphost - on demand `binary: C:\WINDOWS\System32\svchost.exe -k LocalService *Uninterruptible Power Supply UPS - on demand `binary: C:\WINDOWS\System32\ups.exe *Volume Shadow Copy VSS - on demand `binary: C:\WINDOWS\System32\vssvc.exe *Windows Time W32Time running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *WebClient WebClient running auto `binary: C:\WINDOWS\System32\svchost.exe -k LocalService *Windows Management Instrumentation winmgmt running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *WMDM PMSP Service WMDM PMSP Service running auto `binary: C:\WINDOWS\System32\MsPMSPSv.exe *Portable Media Serial Number Service WmdmPmSN - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Windows Management Instrumentation Driver Exten Wmi - on demand `sions `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *WMI Performance Adapter WmiApSrv - on demand `binary: C:\WINDOWS\System32\wbem\wmiapsrv.exe *Security Center wscsvc running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Automatic Updates wuauserv running auto `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs *Wireless Zero Configuration WZCSVC running auto `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs *Network Provisioning Service xmlprov - on demand `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User |
|
|
|
|
04-13-2005, 04:56 AM
|
#11 (permalink) |
|
TSF Enthusiast
Join Date: Nov 2004
Posts: 437
OS: WinXP
|
Next time you run a startdreck log please uncheck the options I mentioned, it helps to keep the log to a managable size.
Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): c:\recycler\s-1-5-21-796845957-1770027372-682003330-1003\dc7.exe c:\recycler\s-1-5-21-796845957-1770027372-682003330-1003\dc8.exe Reboot into Safe Mode (hit F8 key until menu shows up). Run StartDreck with the same options checked like before. Click on each of the following and hit the Delete button in the program: *dlite=dllmanager.exe *Start Upping=taksmgr.exe *Windows Compliant=tlfzfx.exe *Start Uppings=mssupdate.exe *Microsoft WinUpdate=spoolsvs.exe *dlite=dllmanager.exe *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf Delete this hosts file here only -> C:\WINDOWS\hosts Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. dllmanager.exe taksmgr.exe -- make sure it is spelt like this! tlfzfx.exe mssupdate.exe spoolsvs.exe -- Search for these files and it found remove them Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Restart in normal mode and post up another HijackThis log and another Startdreck log. |
|
|
|
|
04-15-2005, 08:16 AM
|
#12 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
StartDreck log:
StartDreck (build 2.1.7 public stable) - 2005-04-15 @ 17:09:02 (GMT +03:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Mindaug@s at MINDAUGAS »Registry »Run Keys »Current User »Run *MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background *ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe *LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe *Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized *TaskTray=C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe *Taskbar=C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe *Spyware Doctor="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q »RunOnce +CTStartup *CTStartup="C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play »Default User »Run *CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE »RunOnce »Local Machine »Run *SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe *NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup *nwiz=nwiz.exe /install *NeroCheck=C:\WINDOWS\system32\\NeroCheck.exe *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *Advanced Tools Check=C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE *WinampAgent=C:\Program Files\Winamp\winampa.exe *Logitech Utility=Logi_MwX.Exe *DAEMON Tools-1033="C:\Program Files\D-Tools\daemon.exe" -lang 1033 *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot *Disc Detector=C:\Program Files\Creative\ShareDLL\CtNotify.exe *UpdReg=C:\WINDOWS\Updreg.exe *CTStartup=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run *Jet Detection=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit *Omnipage=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx *Register Homesite+.exe="C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar2.dll *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll *IEFlash.IEFlash/{E5A1691B-D188-4419-AD02-90002030B8EE} `InprocServer32=C:\PROGRA~1\FlashFXP\IEFlash.dll »Internet Explorer »Current User *Local Page=C:\WINDOWS\system32\blank.htm *Search Page= *Start Page=about:blank +SearchUrl *provider= »Default User *Search Bar= *Search Page=http://ie.search.msn.com *Start Page=http://www.msn.com *SearchAssistant=http://ie.search.msn.com »Local Machine *Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=%SystemRoot%\system32\blank.htm *Search Page= *Start Page=about:blank *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll *SystemCheck2= `InprocServer32= »Files »Autostart Folders »Current User *C:\Documents and Settings\Mindaug@s\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\Mindaug@s\Start Menu\Programs\Startup\Webshots.lnk »Default User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 *C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\system32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\notepad.exe *C:\WINDOWS\notepad.exe +C:\WINDOWS\system32\slrundll.exe *C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\taskman.exe *C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\winhlp32.exe *C:\WINDOWS\winhlp32.exe »System/Drivers »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User HijackThis Analyzer log: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Spyware Doctor\swdoctor.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 17:15:07, on 2005.04.15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\PROGRA~1\Webshots\webshots.scr R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102610375451 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A74C5CE8-B9D4-4489-9120-B0A478F4F0A9}: NameServer = 212.59.0.1 212.59.0.2 O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) End of KRC HijackThis Analyzer Log. ==================================================================== |
|
|
|
|
04-15-2005, 08:38 AM
|
#13 (permalink) |
|
TSF Enthusiast
Join Date: Nov 2004
Posts: 437
OS: WinXP
|
Right click Del015Domains and choose Save As. Save it to your desktop. Right click on that file and choose Install. You may delete it afterwards.
Reboot into Safe Mode (hit F8 key until menu shows up). Open Hijack This and click on Scan. Check the following entries, if they are still there.(make sure you do not miss any) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) Please remember to close all other windows, including browsers then click Fix checked. Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. How are the original issues now? |
|
|
|
|
04-18-2005, 07:20 AM
|
#14 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Spyware Doctor\swdoctor.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 16:15:41, on 2005.04.18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\PROGRA~1\Webshots\webshots.scr O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O9 - Extra 'Tools' menuitem: KZod - {10954C80-4F0F-11d3-B17C-00C0DFE39333} - C:\Program Files\KZod\KZod.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1102610375451 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A74C5CE8-B9D4-4489-9120-B0A478F4F0A9}: NameServer = 212.59.0.1 212.59.0.2 O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) End of KRC HijackThis Analyzer Log. ==================================================================== Well I'm getting desperate.  Maybe it's not a virus foult, maybe something happened with the Explorer
|
|
|
|
|
04-18-2005, 03:06 PM
|
#15 (permalink) |
|
Analyst, Security Team
|
What problems are you having now? Is it still Internet Explorer?
Go to Start->Run and type in sfc /scannow and hit OK. Let it run the scan and see if it finds any missing/corrupted files. If not, it should close by itself. If anything, it will ask for the XP CD. Then do this: Let's try registering Internet Explorer's DLL files. Go to Start->Run and copy and paste the following into the Run box and hit OK (go to Start->Run again for each one): regsvr32 Shdocvw.dll regsvr32 Shell32.dll regsvr32 Oleaut32.dll regsvr32 Actxprxy.dll regsvr32 Mshtml.dll regsvr32 Urlmon.dll Restart and see how Internet Explorer runs. If it's ok, then: Your log is clean. If you disabled System Restore, make sure to enable it now. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial http://www.greyknight17.com/spyware.htm#prevent and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
04-26-2005, 08:02 AM
|
#16 (permalink) |
|
Registered User
Join Date: Apr 2005
Posts: 27
OS: WinXP
|
Jippy!!!
Thank you Bobrocks for helping me getting rid off those viruses and ect. but the problem were with windows's. I have done what graynight17 told and now everything is back to normal
 . Thanks for all the help!!!BTW, sorry for my English, still learning 
|
|
|
|
| Thread Tools | |
|
|
