|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-07-2005, 06:28 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
www.oldgames.se popup problems
Hi - I have a problem with popups - namely the one above and a few more unsavoury ones.
Below is my analysed HiJack This log - I have followed to the letter, the instructions in the "read this first" post. Have run the scans, installed HiJack this and analysed. Look forward to some assistance. Regards Catherine ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 12:17:56 a.m., on 8/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Documents and Settings\Owner\HIJACK This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/advanced_search?hl=en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing) End of KRC HijackThis Analyzer Log. ==================================================================== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-07-2005, 07:39 AM
|
#2 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Hello loch-heart and welcome to TSF,
Please print out or copy this page to Notepad since you will not have any of browsers open while you are fixing this. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Again, you should not have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked. Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one if they are still listed (they shouldn't be - but double check it):(You must kill them one at a time). C:\WINDOWS\system32\P2P Networking\P2P Networking.exe Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) Using Windows Explorer, delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\system32\P2P Networking C:\WINDOWS\System32\vbsys2 Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here. |
|
|
|
|
07-07-2005, 03:56 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
New log attached - with a couple of issues
Hi, I have attached the new log. Two of the files you indicated should be deleted did not appear on the log when I rebooted in safe mode.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop However, when I have deleted the rest of the files and rebooted, these files above appear again in the new log. Is it an issue? Regards Catherine Logfile of HijackThis v1.99.1 Scan saved at 9:52:29 a.m., on 8/07/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\gearsec.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe C:\Documents and Settings\Administrator\HIJACK This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/advanced_search?hl=en R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing) O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
07-07-2005, 04:00 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
Uh oh ... another thing
I have lost my ability to log into my internet banking - the .asp pages come up with page cannot be displayed. Have just checked the three pages I usually log into to do my banking (three different banks) and all have come back with the same message. Will this have something to do with any of the files I deleted?
|
|
|
|
|
07-08-2005, 01:11 AM
|
#5 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
NO. The files you deleted were malware related and not part of your issue with the web sites. Can you give me a direct link to your logon page so I can make sure it's up? Lets look deeper...
Download Silent runners.Vbs http://www.silentrunners.org/ 1. Make sure you have any script blocking software disabled 2. Run the program. It will take a few minutes to complete. 3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post. Download: StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread..
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
07-08-2005, 03:05 AM
|
#6 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
Silent Runner / StartDreck results
Hi there - thanks for all the assistance so far. I have completed the previous two requests and have attached the results. Look forward to your response.
Cheers Catherine SILENT RUNNER LOG attached "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."] "Acme.PCHButton" = "C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe" ["Motive Communications, Inc."] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."] "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll" ["Eastman Kodak Company"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\RecordNow!\shlext.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\scrnsave.scr" [MS] DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- D:\cmdcons\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\MiniNT\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\PRELOAD\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\I386\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\TOOLS\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] D:\hp\DESKTOP.INI [.ShellClassInfo] CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db} -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"] Startup items in "Owner" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "Kodak EasyShare software" -> shortcut to: "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h" ["Eastman Kodak Company"] "Kodak software updater" -> shortcut to: "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" [null data] "Updates from HP" -> shortcut to: "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe -startup" [null data] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "c:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "HP view" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "HP view" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "HP view" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."] {8F4902B6-6C04-4ADE-8052-AA58578A21BD}\ = "hp view" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ = "HP view" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {CLSID}\InProcServer32\(Default) = "blank" [file not found] {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ "ButtonText" = "Messenger" "MenuText" = "Yahoo! Messenger" "CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Gear Security Service, GEARSecurity, "C:\WINDOWS\System32\gearsec.exe" ["GEAR Software"] Kodak Camera Connection Software, KodakCCS, "C:\WINDOWS\system32\drivers\KodakCCS.exe" ["Eastman Kodak Company"] Norton AntiVirus Auto Protect Service, navapsvc, ""c:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] ScsiAccess, ScsiAccess, "C:\WINDOWS\System32\ScsiAccess.EXE" [null data] Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 187 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 27 seconds. ---------- (total run time: 292 seconds) ******************************************************** STARTDRECK LOG attached StartDreck (build 2.1.7 public stable) - 2005-07-08 @ 20:59:15 (GMT +12:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Owner at CAMELOT »Registry »Run Keys »Current User »Run *MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background *Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet *Acme.PCHButton=C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe »RunOnce »Default User »Run *Symantec NetDriver Warning=C:\PROGRA~1\SYMNET~1\SNDWarn.exe »RunOnce »Local Machine »Run »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe +Fax/{8b15971b-5355-4c82-8c07-7e181ea07608} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser »Browser Helper Objects (LM) *YBIOCtrl.CompanionBHO.4/{02478D38-C3F9-4efb-9B51-7695ECA05670} `InprocServer32=C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll *Nisbho.CNisExtBho.1/{9ECB9560-04F9-4bbc-943D-298DDF1699E1} `InprocServer32=c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll *Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar2.dll *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=c:\Program Files\Norton AntiVirus\NavShExt.dll *{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} `InprocServer32= »Internet Explorer »Current User *Default_Page_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop *Default_Search_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q304&bd=pavilion&pf=desktop *Local Page=C:\WINDOWS\system32\blank.htm *Start Page=http://www.google.co.nz/advanced_search?hl=en +SearchUrl *provider=gogl *=http://www.google.com/keyword/%s »Default User »Local Machine *Local Page=%SystemRoot%\system32\blank.htm *Start Page=about:blank *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini »Default User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=3 `default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn `C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\autoexec.bat *C:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 *C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\system32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\notepad.exe *C:\WINDOWS\notepad.exe +C:\WINDOWS\system32\ps2.EXE *C:\WINDOWS\system32\ps2.bat +C:\WINDOWS\system32\slrundll.exe *C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\taskman.exe *C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\winhlp32.exe *C:\WINDOWS\winhlp32.exe »System/Drivers »Running Processes +0=<idle> +4=<system> +464=\SystemRoot\System32\smss.exe *C:\WINDOWS\system32\ntdll.dll +520=\??\C:\WINDOWS\system32\csrss.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\CSRSRV.dll *C:\WINDOWS\system32\basesrv.dll *C:\WINDOWS\system32\winsrv.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\KERNEL32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\sxs.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\VERSION.dll +544=\??\C:\WINDOWS\system32\winlogon.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\NDdeApi.dll *C:\WINDOWS\system32\PROFMAP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\odbcint.dll *C:\WINDOWS\system32\SHSVCS.dll *C:\WINDOWS\system32\sfc.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\WINSCARD.DLL *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\sxs.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\cscdll.dll *C:\WINDOWS\system32\WlNotify.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\cscui.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll +588=C:\WINDOWS\system32\services.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SCESRV.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\umpnpmgr.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\eventlog.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\wtsapi32.dll +600=C:\WINDOWS\system32\lsass.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\LSASRV.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SAMSRV.dll *C:\WINDOWS\system32\cryptdll.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\msprivs.dll *C:\WINDOWS\system32\kerberos.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\netlogon.dll *C:\WINDOWS\system32\w32time.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\schannel.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\wdigest.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\scecli.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\ipsecsvc.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\oakley.DLL *C:\WINDOWS\system32\WINIPSEC.DLL *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\pstorsvc.dll *C:\WINDOWS\system32\psbase.dll *C:\WINDOWS\system32\dssenh.dll +748=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\SAMLIB.dll *c:\windows\system32\rpcss.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\xpsp2res.dll *c:\windows\system32\termsrv.dll *c:\windows\system32\ICAAPI.dll *c:\windows\system32\SETUPAPI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *c:\windows\system32\AUTHZ.dll *c:\windows\system32\mstlsapi.dll *c:\windows\system32\ACTIVEDS.dll *c:\windows\system32\adsldpc.dll *C:\WINDOWS\system32\NETAPI32.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll +808=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\rpcss.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msi.dll +876=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\System32\LPK.DLL *C:\WINDOWS\System32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\xpsp2res.dll *c:\windows\system32\shsvcs.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *c:\windows\system32\dhcpcsvc.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\Secur32.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *c:\windows\system32\wzcsvc.dll *c:\windows\system32\rtutils.dll *c:\windows\system32\WMI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *c:\windows\system32\WTSAPI32.dll *c:\windows\system32\ESENT.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\System32\rastls.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\SCHANNEL.dll *C:\WINDOWS\System32\WinSCard.dll *C:\WINDOWS\System32\raschap.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *c:\windows\system32\schedsvc.dll *c:\windows\system32\NTDSAPI.dll *C:\WINDOWS\System32\MSIDLE.DLL *c:\windows\system32\audiosrv.dll *c:\windows\system32\wkssvc.dll *c:\windows\system32\cryptsvc.dll *c:\windows\system32\certcli.dll *c:\windows\system32\es.dll *c:\windows\system32\ersvc.dll *c:\windows\pchealth\helpctr\binaries\pchsvc.dll *c:\windows\system32\srvsvc.dll *c:\windows\system32\netman.dll *c:\windows\system32\netshell.dll *c:\windows\system32\credui.dll *c:\windows\system32\WZCSAPI.DLL *c:\windows\system32\sens.dll *c:\windows\system32\seclogon.dll *c:\windows\system32\srsvc.dll *c:\windows\system32\POWRPROF.dll *c:\windows\system32\trkwks.dll *c:\windows\system32\w32time.dll *c:\windows\system32\MSVCP60.dll *c:\windows\system32\browser.dll *c:\windows\system32\wuauserv.dll *c:\windows\system32\wbem\wmisvc.dll *C:\WINDOWS\system32\VSSAPI.DLL *C:\WINDOWS\system32\wuaueng.dll *C:\WINDOWS\System32\ADVPACK.dll *C:\WINDOWS\System32\SHFOLDER.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\WINHTTP.dll *C:\WINDOWS\System32\Cabinet.dll *C:\WINDOWS\System32\mspatcha.dll *C:\WINDOWS\System32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *c:\windows\system32\ipnathlp.dll *c:\windows\system32\AUTHZ.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\system32\comsvcs.dll *C:\WINDOWS\system32\MTXCLU.DLL *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\colbact.DLL *C:\WINDOWS\System32\CLUSAPI.DLL *C:\WINDOWS\System32\RESUTILS.DLL *c:\windows\system32\wscsvc.dll *c:\windows\system32\msi.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *C:\WINDOWS\System32\Wbem\wbemcore.dll *C:\WINDOWS\System32\Wbem\esscli.dll *C:\WINDOWS\System32\Wbem\FastProx.dll *C:\WINDOWS\System32\wbem\wmiutils.dll *C:\WINDOWS\System32\wbem\repdrvfs.dll *C:\WINDOWS\System32\wbem\wmiprvsd.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\System32\wbem\wbemess.dll *C:\WINDOWS\System32\wbem\ncprov.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\System32\msxml3.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\System32\netcfgx.dll *C:\WINDOWS\System32\upnp.dll *C:\WINDOWS\System32\SSDPAPI.dll *C:\WINDOWS\System32\rasmans.dll *C:\WINDOWS\System32\WINIPSEC.DLL *c:\windows\system32\tapisrv.dll *c:\windows\system32\PSAPI.DLL *C:\WINDOWS\System32\rastapi.dll *C:\WINDOWS\System32\unimdm.tsp *C:\WINDOWS\System32\uniplat.dll *C:\WINDOWS\System32\unimdmat.dll *C:\WINDOWS\system32\modemui.dll *C:\WINDOWS\System32\kmddsp.tsp *C:\WINDOWS\System32\ndptsp.tsp *C:\WINDOWS\System32\ipconf.tsp *C:\WINDOWS\System32\h323.tsp *C:\WINDOWS\System32\hidphone.tsp *C:\WINDOWS\System32\HID.DLL *C:\WINDOWS\System32\rasppp.dll *C:\WINDOWS\System32\ntlsapi.dll *C:\WINDOWS\system32\kerberos.dll *C:\WINDOWS\System32\cryptdll.dll *C:\WINDOWS\System32\RASDLG.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\System32\wbem\wbemsvc.dll +952=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\System32\LPK.DLL *C:\WINDOWS\System32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\dnsrslvr.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll +1040=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\System32\LPK.DLL *C:\WINDOWS\System32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\xpsp2res.dll *c:\windows\system32\lmhsvc.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\webclnt.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\wsock32.dll *c:\windows\system32\ssdpsrv.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\rasadhlp.dll +1176=C:\WINDOWS\system32\spoolsv.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\SPOOLSS.DLL *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\localspl.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\winspool.drv *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\cnbjmon.dll *C:\WINDOWS\system32\mdimon.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\FXSMON.DLL *C:\WINDOWS\system32\FXSEVENT.dll *C:\WINDOWS\system32\pjlmon.dll *C:\WINDOWS\system32\tcpmon.dll *C:\WINDOWS\system32\usbmon.dll *C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\win32spl.dll *C:\WINDOWS\system32\NETRAP.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\inetpp.dll *C:\WINDOWS\system32\xpsp2res.dll +1516=c:\Program Files\Common Files\Symantec Shared\ccProxy.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SYMREDIR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SymNeti.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *c:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\netapi32.dll *c:\Program Files\Common Files\Symantec Shared\ccSet.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *c:\Program Files\Common Files\Symantec Shared\DPHTML.dll *c:\Program Files\Common Files\Symantec Shared\SymIConv.dll *c:\Program Files\Common Files\Symantec Shared\DPJS.dll *c:\Program Files\Common Files\Symantec Shared\DPVBS.dll *c:\Program Files\Common Files\Symantec Shared\PFMisc.dll *c:\Program Files\Common Files\Symantec Shared\PFPriv.dll *c:\Program Files\Common Files\Symantec Shared\StrmFilt.dll *c:\Program Files\Common Files\Symantec Shared\PFSec.dll *c:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll *c:\Program Files\Common Files\Symantec Shared\DPHTTP.dll *c:\Program Files\Common Files\Symantec Shared\PxyIM.dll *c:\Program Files\Common Files\Symantec Shared\ccProSub.dll *c:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll *c:\Program Files\Common Files\Symantec Shared\ccLogin.dll *c:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll +1536=c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\Secur32.dll *c:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\netapi32.dll +1560=C:\WINDOWS\System32\gearsec.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\System32\LPK.DLL *C:\WINDOWS\System32\USP10.dll *C:\WINDOWS\system32\msvcrt.dll +1580=C:\WINDOWS\system32\drivers\KodakCCS.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll +1616=c:\Program Files\Norton AntiVirus\navapsvc.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\SHLWAPI.dll *c:\Program Files\Norton AntiVirus\SAVRT32.DLL *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *c:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\netapi32.dll +1740=C:\WINDOWS\System32\ScsiAccess.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll +1780=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SymNeti.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll +1824=C:\WINDOWS\system32\wdfmgr.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll +1884=c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *c:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\SYSTEM32\SYMNETI.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\SYSTEM32\MSVCP60.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL *C:\PROGRA~1\NORTON~1\NAVEVENT.DLL +1964=C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\DBGHELP.DLL *C:\WINDOWS\system32\xpsp2res.dll *c:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WinTrust.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\netapi32.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis7.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis56.dll *C:\Program Files\Common Files\Symantec Shared\Security Center\sscnav.dll *C:\WINDOWS\system32\SymNeti.DLL *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\System32\wbem\wbemprox.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *c:\Program Files\Norton AntiVirus\NAVAPSCR.dll *C:\WINDOWS\system32\ATL70.DLL *C:\WINDOWS\system32\WININET.dll *c:\Program Files\Norton AntiVirus\SAVRT32.DLL *c:\Program Files\Norton AntiVirus\NAVError.dll *c:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll *c:\PROGRA~1\NORTON~1\NAVOpts.dll *c:\PROGRA~1\NORTON~1\N32Exclu.dll *c:\PROGRA~1\NORTON~1\S32NAVO.DLL *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\System32\wbem\wbemsvc.dll *c:\Program Files\Common Files\Symantec Shared\ccProSub.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *c:\Program Files\Norton Personal Firewall\NISRes.dll *C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_5.DLL *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\System32\wbem\fastprox.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\mstask.dll *C:\WINDOWS\system32\MPR.dll +512=C:\WINDOWS\System32\alg.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\MSWSOCK.DLL *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\System32\LPK.DLL *C:\WINDOWS\System32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\xpsp2res.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll +1144=C:\WINDOWS\Explorer.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\BROWSEUI.dll *C:\WINDOWS\system32\SHDOCVW.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\System32\themeui.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\MSIMG32.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\System32\msutb.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\ntshrui.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\System32\webcheck.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\stobject.dll *C:\WINDOWS\System32\BatMeter.dll *C:\WINDOWS\System32\POWRPROF.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\LINKINFO.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\midimap.dll *C:\WINDOWS\system32\NETSHELL.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\DSOUND.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\fxsst.dll *C:\WINDOWS\system32\FXSAPI.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\davclnt.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\shdoclc.dll *c:\Program Files\Norton AntiVirus\NavShExt.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\browselc.dll *C:\WINDOWS\system32\MSCOREE.DLL *C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll *C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll *C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *C:\WINDOWS\system32\DUSER.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\odbcint.dll *C:\PROGRA~1\SPYBOT~1\SDHelper.dll *C:\WINDOWS\system32\olepro32.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\system32\WINHTTP.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\sensapi.dll *C:\WINDOWS\System32\jscript.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\system32\MLANG.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll *C:\WINDOWS\system32\msadp32.acm *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll *C:\WINDOWS\System32\mydocs.dll *C:\WINDOWS\system32\cabview.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\System32\msxml3.dll *C:\WINDOWS\system32\query.dll *C:\WINDOWS\system32\PRINTUI.dll *C:\WINDOWS\system32\CFGMGR32.dll *C:\WINDOWS\system32\nlhtml.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\System32\zipfldr.dll *c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\MSVCP60.dll +308=C:\Program Files\Messenger\msmsgs.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll *C:\WINDOWS\system32\MSIMG32.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\cryptdll.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\XPOB2RES.DLL *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\System32\es.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\msi.dll *C:\Program Files\Messenger\msgsc.dll +1172=C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHI18N.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINHTTP.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\mlang.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\wsock32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\wintrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\schannel.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\sensapi.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll +496=C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHFOLDER.dll *C:\WINDOWS\system32\WTSAPI32.DLL *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\msi.dll *c:\Program Files\HP\Digital Imaging\bin\hpquio08.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc *c:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll *C:\WINDOWS\system32\SXS.DLL *c:\Program Files\HP\Digital Imaging\Unload\hpiCamTA.dll *C:\WINDOWS\system32\MFC71.DLL *C:\WINDOWS\system32\MSVCR71.dll *C:\WINDOWS\system32\ATL71.DLL *C:\WINDOWS\system32\MSVCP71.dll *C:\WINDOWS\system32\MFC71ENU.DLL *c:\Program Files\HP\Digital Imaging\Unload\HpqUnRes.dll *c:\Program Files\HP\Digital Imaging\bin\hpotra08.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\CFGMGR32.dll *c:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc *c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll *c:\Program Files\HP\Digital Imaging\bin\hpodvd08.dll *C:\WINDOWS\system32\WINSPOOL.DRV +1400=C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaDB.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\pjObjDB.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\MediaEngine.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\ipworks5.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaImage.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\KCat40.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\kcor40.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTDIS10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTKRN10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTFIL10N.DLL *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTIMG10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LTEFX10N.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll *C:\WINDOWS\system32\ICMP.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVista.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\DbgHelp.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\RICHED32.DLL *C:\WINDOWS\system32\RICHED20.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCollection.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\AcqMod.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCameraUploadSysx.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadSysx.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCollection.dll *C:\WINDOWS\system32\SHFolder.DLL *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrint.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaPrint.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\WINMM.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameraToDos.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameraToDosCamBack.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDSYSX.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocPCDsysx.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaBrowser.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll *C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCameraCenter.syx *C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraCenter.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\WINDOWS\system32\xpsp2res.dll +360=C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\backWeb.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\clntutil.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\bwsec.dll *C:\WINDOWS\system32\snmpapi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\PROGRA~1\Kodak\KODAKS~1\7288971\614~1.37-\program\EN\ClientRC.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\BWfiles.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll *C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\frext-7288971.dll *C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\frext.dll *C:\WINDOWS\system32\inetmib1.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\BWTargetInf.dll +904=C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\BackWeb.dll *C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\clntutil.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\bwsec.dll *C:\WINDOWS\system32\snmpapi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\PROGRA~1\BackWeb\BACKWE~1\623~1.66\program\EN\ClientRC.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\Updates from HP\137903\Program\BWfiles-137903.dll *C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\BWfiles.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll *C:\WINDOWS\system32\inetmib1.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\Program Files\Updates from HP\137903\Program\frext-137903.dll *C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\frext.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL *C:\Program Files\Updates from HP\137903\Program\HPClientExt.dll *C:\WINDOWS\system32\rasapi32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll +3088=C:\Program Files\Internet Explorer\iexplore.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHDOCVW.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll *C:\WINDOWS\system32\BROWSEUI.dll *C:\WINDOWS\system32\browselc.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *c:\program files\google\googletoolbar2.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ntshrui.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\davclnt.dll *C:\WINDOWS\System32\shgina.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\odbcint.dll *C:\WINDOWS\system32\Audiodev.dll *C:\WINDOWS\system32\WMVCore.DLL *C:\WINDOWS\system32\WMASF.DLL *C:\WINDOWS\system32\DBGHELP.DLL *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\sensapi.dll *c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll *C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll *C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll *C:\PROGRA~1\SPYBOT~1\SDHelper.dll *C:\WINDOWS\system32\olepro32.dll *c:\Program Files\Norton AntiVirus\NavShExt.dll *C:\WINDOWS\system32\MSVCP70.dll *C:\WINDOWS\system32\MSVCR70.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\shdoclc.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\mlang.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\System32\mshtml.dll *C:\WINDOWS\System32\msls31.dll *C:\WINDOWS\System32\msimtf.dll *C:\WINDOWS\System32\MSCTF.dll *C:\Program Files\Microsoft Office\OFFICE11\msohev.dll *C:\WINDOWS\System32\jscript.dll *C:\WINDOWS\System32\mshtmled.dll *C:\WINDOWS\System32\dxtrans.dll *C:\WINDOWS\System32\ddrawex.dll *C:\WINDOWS\System32\DDRAW.dll *C:\WINDOWS\System32\DCIMAN32.dll *C:\WINDOWS\System32\dxtmsft.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\system32\plugin.ocx *C:\WINDOWS\system32\LINKINFO.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\corpol.dll *C:\WINDOWS\system32\SOFTPUB.DLL *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\inetcpl.cpl *C:\WINDOWS\system32\inetcplc.dll *C:\WINDOWS\system32\OCCache.DLL *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll *C:\WINDOWS\system32\wuapi.dll +3232=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\System32\LPK.DLL *C:\WINDOWS\System32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\wiaservc.dll *c:\windows\system32\CFGMGR32.dll *c:\windows\system32\setupapi.DLL *c:\windows\system32\mscms.dll *c:\windows\system32\WINSPOOL.DRV *c:\windows\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\System32\xpsp2res.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\System32\sti.dll +2972=C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\Program Files\Yahoo!\Messenger\MSVCP71.dll *C:\Program Files\Yahoo!\Messenger\MSVCR71.dll *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Yahoo!\Shared\YbSkin2.dll *C:\WINDOWS\system32\msimg32.dll *C:\WINDOWS\System32\msxml3.dll *C:\WINDOWS\system32\WINHTTP.dll *C:\Program Files\Yahoo!\Messenger\res_msgr.dll *C:\WINDOWS\system32\msctfime.ime +3084=C:\Documents and Settings\Owner\Desktop\startdreck\StartDreck.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Documents and Settings\Owner\Desktop\startdreck\VB40032.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\MSVCRT20.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\WINDOWS\system32\IMM32.DLL *C:\WINDOWS\system32\LPK.DLL *C:\WINDOWS\system32\USP10.dll *C:\Documents and Settings\Owner\Desktop\startdreck\VB4DE32.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\DOCUME~1\Owner\LOCALS~1\TempIadHide4.dll *C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll *C:\WINDOWS\system32\msctfime.ime *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\Documents and Settings\Owner\Desktop\startdreck\PSAPI.DLL »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User |
|
|
|
|
07-08-2005, 03:12 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
Link to login pages
Sorry, forgot to give you these links:
www.kiwibank.co.nz www.bnz.co.nz When I access either of these sites, I then enter my login details into the internet banking tabs. Cheers C |
|
|
|
|
07-08-2005, 09:09 AM
|
#8 (permalink) |
|
TSF Enthusiast
|
If present, delete both:
c:\ied_s7m.cab c:\x.cab You should not need to boot into Safe Mode. But if they do not delete, then boot into Safe Mode and Delete from there. When finished Empty Recycle Bin and await next instructions.
__________________
Ich kann auf Deutsch helfen. Mach ein' post und PM mich. Peebs85 kann auch Deutsch. If I help you, please donate to upgrade our outgrown server. I will donate my time to helping you for free, but the server is not free. Please send donations to Jason Connors (TSF owner), 4410 Grandwood Lane, New Port Richey, FL 34653. Even if its only a dollar. Thank you. |
|
|
|
|
07-08-2005, 06:28 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
c:\ied_s7m.cab & c:\x.cab
Re these files - I couldn't find either of them - the only thing that came up when I did a search was c:\hp\drivers\hpiz350\setup\DirectX
I'm assuming that's not one I should delete? |
|
|
|
|
07-08-2005, 09:12 PM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Hi,
No, do not delete that file.  I tried your links earlier today and also got the 'page cannot be displayed'. I just tried it again (11:00pm EST) and I was able to connect. Those sites may have been experiencing problems earlier--try them now. |
|
|
|
|
07-08-2005, 09:58 PM
|
#11 (permalink) |
|
Guest
Posts: n/a
OS:
|
! ! !
" I have lost my ability to log into my internet banking - the .asp pages come up with page cannot be displayed. "
You weren't not trying to use online banking i assume you were just checking out ? You may help someone to have a nice vacation in singapore paying for it :)) ( even you can access to the online banking site : pls don't use any passwords till your system is declared clean. ) |
|
|
|
07-09-2005, 02:08 AM
|
#12 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
Internet Banking Logins
TO Ried
I can access the bank websites but I can't access the pages via which I enter my login and password details. Have tried at various times throughout the day. I previously tried to sort out my popup/redirect issue (re the www.oldgames.se and other sites opening up on my PC) and resolved through to exactly this point but gave up and restored my PC as the issue with not being able to connect my internet banking logins could not be resolved. This time I have decided I want to see it through. I am tired of the popups. If need be, I will take my PC in to be checked out by a technician, but if you think I can resolve the issue this way from people on the forum, I'm happy to keep trying. TO PurpleSky - Your post made no sense. Regards Catherine |
|
|
|
|
07-09-2005, 02:24 AM
|
#13 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
Page Cannot Be Displayed
Hmmm, I've just noticed something else. I trade on an online auction site - I have just gone in to top up my account from my credit card and again, the page where I would normally put in my credit card details has come up as Page Cannot Be Displayed. The site is www.trademe.co.nz
I'm wondering if I should revert to my restore point and look at resolving the popups another way? Catherine |
|
|
|
|
07-09-2005, 07:11 AM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Reregister dll's to access secured websites
Click Start, and then click Run. 2. In the Open box, type cmd, and then click OK. 3. At the command prompt, type or copy/paste each of the following lines and press ENTER after each line: regsvr32 softpub.dll regsvr32 wintrust.dll regsvr32 initpki.dll regsvr32 dssenh.dll regsvr32 rsaenh.dll regsvr32 gpkcsp.dll regsvr32 sccbase.dll regsvr32 slbcsp.dll regsvr32 cryptdlg.dll Click OK when you receive the message that DllRegisterServer in FileName succeeded. 5.Type exit. |
|
|
|
|
07-09-2005, 09:36 AM
|
#16 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Hi Catherine,
Usually we would see any keylogger/password stealer show up in the silent runners or Startdreck log. Let's be certain though as Scott does have a point Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool. Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3) 1. Save it to a folder. 2. Reboot into Safe Mode. 3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything. 4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane. 5. In the Virus Log Information Pane...... Left click and highlight all the information in the Lower pane --- Use CTRL C on your keyboard to copy everything found in the lower pane and save it to a notepad file *Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files. Once you copy that to a Notepad file...highlight the text and copy it here. |
|
|
|
|
07-12-2005, 02:50 AM
|
#17 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
mwav log
This is one huge document ...
The scan took nearly three hours - said it found 44 viruses and 85 errors - I toook a copy of the summary page if that helps at all ... Cheers Catherine Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "FunWebProducts Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msxml3a.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\Default.rul". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\README\Updater_Readme_1033.HTM". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0514B040-84EA-11D0-A8BF-00A0C9008A48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{4C171D40-8277-11D5-AD55-00010333D0AD}" refers to invalid object "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{BFFFD262-7705-11D0-B5DC-444553540000}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0}" refers to invalid object "C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MDTDF.Form.1" refers to invalid object "{105B80D2-95F1-11D0-B0A0-00AA00BDCB5C}". Action Taken: No Action Taken. Entry "HKCR\MyWebSearch.HTMLPanel" refers to invalid object "{3E720452-B472-4954-B7AA-33069EB53906}". Action Taken: No Action Taken. Entry "HKCR\MyWebSearch.HTMLPanel.1" refers to invalid object "{3E720452-B472-4954-B7AA-33069EB53906}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\SigningModule.SigningModule" refers to invalid object "{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}". Action Taken: No Action Taken. Entry "HKCR\SigningModule.SigningModule.1" refers to invalid object "{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. Entry "HKCR\WebP2PInstaller.Installer" refers to invalid object "{1D6711C8-7154-40BB-8380-3DEA45B69CBF}". Action Taken: No Action Taken. Entry "HKCR\WebP2PInstaller.Installer.1" refers to invalid object "{1D6711C8-7154-40BB-8380-3DEA45B69CBF}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. File C:\DOCUME~1\Owner\LOCALS~1\Temp\ycomp_5.5.7.0_ypsr_1.9_us_setup_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\LYV9LU4Y\SmileyCentralFWBInitialSetup1.0.0.8-2[1].cab tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temp\ycomp_5.5.7.0_ypsr_1.9_us_setup_.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LYV9LU4Y\SmileyCentralFWBInitialSetup1.0.0.8-2[1].cab tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\hp\bin\Python-2.2.1.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\HP Pavilion PC Help\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Yahoo!\Installs\ymsgrie.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Program Files\Yahoo!\Messenger\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Python22\Lib\site-packages\UnWisePW32.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\Python22\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. File C:\RECYCLER\S-1-5-21-4275160224-3089482726-1724309591-500\Dc1.dll infected by "Trojan-Clicker.Win32.Agent.ac" Virus! Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070423.DLL tagged as "not-a-virus:AdWare.FunWeb.a". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070548.scr tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070549.DLL tagged as "not-a-virus:AdWare.FunWeb.d". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070550.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070551.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070552.SCR tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070554.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070555.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070556.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070557.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070558.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.f". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070559.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070560.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070561.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070563.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.i". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070708.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070709.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070711.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\System Volume Information\_restore{A98C8833-5FDD-4D8A-AF31-AA7A3072AC11}\RP241\A0070712.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken. File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. |
|
|
|
|
07-12-2005, 06:11 PM
|
#18 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Hi Catherine,
As bad as that looks, most of it is harmless. To clean out those orphaned registry entries showing in Mwav, please download Ccleaner www.ccleaner.com Do not run it yet. Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Do not run it yet. Reboot into Safe Mode. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\LY V9LU4Y\SmileyCentralFWBInitialSetup1.0.0.8-2[1].cab C:\RECYCLER\S-1-5-21-4275160224-3089482726-1724309591-500\Dc1.dll Using Windows Explorer, delete the following files and folders: C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\LY V9LU4Y\SmileyCentralFWBInitialSetup1.0.0.8-2[1].cab C:\RECYCLER\S-1-5-21-4275160224-3089482726-1724309591-500\Dc1.dll Before you run Ccleaner, you may want to move this file to a more permanent location: (this belongs to your Yahoo Companion) C:\Documents and Settings\Owner\Local Settings\Temp\ycomp_5.5.7.0_ypsr_1.9_us_setup_.exe Create a folder on your desktop or the C:\drive and move it there. Just right click an empty space, click New Folder and name it whatever you want. When you click open the .exe file, onn the left panel, you should see the option to 'Move'. Run Ccleaner. Look over the options of what to clean out then Analyze the Windows and Applications sections and clean those. Click on the 'Issues' tab to clean registry. Be sure that box is checked to 'prompt to backup registry' in the Options>Advanced section. Reboot into Normal Mode. Can you access secured websites now? |
|
|
|
|
07-13-2005, 03:21 AM
|
#19 (permalink) |
|
Registered User
Join Date: Jul 2005
Location: Wellington, New Zealand
Posts: 14
OS: XP
|
Secured Sites
Hi there - I have completed the downloads / cleaning of files as indicated, but still cannot access my logins.
This is the detail of the page I get when I try - and I have checked everything in my settings to ensure I've got it all right. Any other ideas? Thanks for all your help so far :) Catherine ********************************************************** The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. -------------------------------------------------------------------------------- Please try the following: Click the Refresh button, or try again later. If you typed the page address in the Address bar, make sure that it is spelled correctly. To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP). See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting). Click the Tools menu, and then click Internet Options. On the Connections tab, click LAN Settings. Select Automatically detect settings, and then click OK. Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed. If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0. Click the Back button to try another link. Cannot find server or DNS Error Internet Explorer |
|
|
|
|
07-14-2005, 05:29 PM
|
#20 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista
|
Hi Catherine,
Alright, we're going to run down a couple things here. Configure Security settings for the Trusted sites zone in Internet Explorer: In Internet Explorer, on the Tools menu, click Internet Options, and select the Security tab Select Trusted sites, and then click Default Level Add the secure Web site you are trying to access to the Trusted sites zone. To do so, click Sites, type the address (URL) of the site in the Add this Web site to the zone box, click Add, click OK, and then click Apply Clear the Secure Sockets Layer (SSL) slate and AutoComplete history: In Internet Explorer, on the Tools menu, click Internet Options, and select the Content tab Under Certificates, click Clear SSL State Click OK when you receive the message that the SSL cache was successfully cleared Under Personal information, click AutoComplete Under Clear AutoComplete history, click Clear Forms. Click OK when you are prompted to confirm the operation. Verify that Internet Explorer is configured to use SSL 2.0 and SSL 3.0: In Internet Explorer, on the Tools menu, click Internet Options, and select the Advanced tab In the Settings box, under the Security header, click to select the Use SSL 2.0 and Use SSL 3.0 check boxes (if they are not already selected), and then click OK Verify that the Date and Time Settings on Your Computer Are Correct: Because SSL certificates have an expiry date, if the date on your computer isn't correct, it may prevent you from connecting to secure sites. To verify that your computer is configured with the correct date and time settings: Click Start > click Control Panel Click Date, Time, Language, and Regional Options, and then click Date and Time Select the Date & Time tab Check to make sure that the date and time settings are configured to use the current date and time, and then click OK If still no access: Check your Norton Firewall Settings. In one user's instance, Norton Internet Security package had changed the firewall and wouldn't let him reset it. He ended up uninstalling it and then reinstalled it and it resolved the issue. |
|
|
|
| Thread Tools | |
|
|
