|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-11-2005, 07:39 PM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
 |
please help
theLogfile of HijackThis v1.99.1
Scan saved at 8:10:46 PM, on 8/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\Highjack This\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - (no file) O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - blank (file missing) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...S_ZNxdm801XXUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120765339922 O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOAc...allerProj1.cab O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Creative PD1130 RunApp Service (PD1131Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P1131Srv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE This is the log file, I hope this is the right thing. If not please let me know what to do and how to get it. I'm told by my Norton Internet Security that the virus is called W32.Alcra.B. I also did use the hijackthis analyzer, i was told to mention that i guess. But if there is anything I can do to help let me know, and i appreciate this greatly!!!! Thanks guys! |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-12-2005, 02:32 AM
|
#2 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
  |
Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT) Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove New.net/NewDotNet. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...US_ZNxdm801XXUS O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab C:\Program Files\NewDotNet<--delete that folder. Reboot back to normal windows. Please run an online scan at http://www.pandasoftware.com/actives..._principal.htm Select the “Autofix/Clean” option IF it’s found and save the activescan log. Then post that log in your next post along with the logs from the following tools. Download: StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread.. Download Silent runners.Vbs http://www.silentrunners.org/ 1. Make sure you have any script blocking software disabled 2. Run the program. It will take a few minutes to complete. 3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post So I need.. Hijackthis log Startdreck log Silentrunners log Panda Scan log
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-13-2005, 03:59 PM
|
#3 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
reply to please help
i will have to put this in 2 posts i guess cause its to long. so i'll start with the hijackthis scan.
Logfile of HijackThis v1.99.1 Scan saved at 10:37:10 PM, on 8/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Highjack This\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - blank (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120765339922 O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOAc...allerProj1.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Creative PD1130 RunApp Service (PD1131Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P1131Srv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE here is the active panda scan too: Logfile of HijackThis v1.99.1 Scan saved at 10:37:10 PM, on 8/12/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\Highjack This\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - blank (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120765339922 O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOAc...allerProj1.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Creative PD1130 RunApp Service (PD1131Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P1131Srv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE |
|
|
|
|
08-13-2005, 04:12 PM
|
#4 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
2nd half of the reply
ok well i guess i half to split this scan log from startdreck in half since it is to big for this. so i will try my best to make it right.
StartDreck (build 2.1.7 public stable) - 2005-08-13 @ 16:35:14 (GMT -05:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 1) Internet Explorer: 6.0.2800.1106 Logged in as Greg at WILSON »Registry »Run Keys »Current User »Run *DellSupport="C:\Program Files\Dell Support\DSAgnt.exe" /startup *STYLEXP=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide *Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet »RunOnce »Default User »Run »RunOnce »Local Machine »Run *SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe *IgfxTray=C:\WINDOWS\System32\igfxtray.exe *HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe *Dell AIO Printer A920="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" *NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe *Logitech Utility=Logi_MwX.Exe *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *YOP=C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart *MISAggregator= *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *SSC_UserPrompt=C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer *BootSkin Startup Jobs="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs *RegistryMechanic= *SpySweeper="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *YBrowser.HTML=C:\PROGRA~1\Yahoo!\browser\YBrowser.exe %1 +.html *YBrowser.HTML=C:\PROGRA~1\Yahoo!\browser\YBrowser.exe %1 +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe +Fax/{8b15971b-5355-4c82-8c07-7e181ea07608} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser »Browser Helper Objects (LM) *YBIOCtrl.CompanionBHO.4/{02478D38-C3F9-4efb-9B51-7695ECA05670} `InprocServer32=C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *YUber.UberButton.1/{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} `InprocServer32=C:\Program Files\Yahoo!\Common\yiesrvc.dll *DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890} `InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll *YIeTagBm.YahooTaggedBM.1/{65D886A2-7CA7-479B-BB95-14D1EFB7946A} `InprocServer32=C:\Program Files\Yahoo!\Common\YIeTagBm.dll *Nisbho.CNisExtBho.1/{9ECB9560-04F9-4bbc-943D-298DDF1699E1} `InprocServer32=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll *TGT_BHO.CoTGT_BHO.1/{C333CF63-767F-4831-94AC-E683D962C63C} `InprocServer32=C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll *{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} `InprocServer32= »Internet Explorer »Current User *Default_Page_URL=http://www.dell4me.com/myway *First Home Page=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1 *Local Page=c:\windows\system32\blank.htm *Search Bar=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm *Start Page=http://www.yahoo.com *CustomizeSearch=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm +SearchUrl *provider=yaho *=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch »Default User *Default_Page_URL=http://www.dell4me.com/myway *First Home Page=http://www.dell4me.com/myway *Search Bar=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://yahoo.sbc.com/dsl »Local Machine *Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=c:\windows\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.yahoo.com *CustomizeSearch=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *C:\Documents and Settings\Greg\Start Menu\Programs\Startup\DESKTOP.INI *C:\Documents and Settings\Greg\Start Menu\Programs\Startup\TempCleaner.lnk »Default User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\DESKTOP.INI »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=0 `default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn *C:\msdos.sys *C:\config.sys *C:\WINDOWS\System32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\WINDOWS\wininit.ini `[Rename] `NUL=C:\WINDOWS\wupdsnff.exe `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NU=C:\DOCUME~1\Greg\LOCALS~1\Temp\sp2reg.exe *C:\WINDOWS\System32\drivers\etc\hosts `127.0.0.1 1.httpdads.com #SpySweeperCASS `127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS `127.0.0.1 a.mktw.net #SpySweeperCASS `127.0.0.1 a.tribalfusion.com #SpySweeperCASS `127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS `127.0.0.1 a3.suntimes.com #SpySweeperCASS `127.0.0.1 actionsplash.com #SpySweeperCASS `127.0.0.1 ad.abcnews.com #SpySweeperCASS `127.0.0.1 ad.adsmart.net #SpySweeperCASS `127.0.0.1 ad.adtraq.com #SpySweeperCASS `127.0.0.1 ad.atlas.cz #SpySweeperCASS `127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.blm.net #SpySweeperCASS `127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.dogpile.com #SpySweeperCASS `127.0.0.1 ad.doubleclick.com #SpySweeperCASS `127.0.0.1 ad.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.harmony-central.com #SpySweeperCASS `127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS `127.0.0.1 ad.howstuffworks.com #SpySweeperCASS `127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS `127.0.0.1 ad.infoseek.com #SpySweeperCASS `127.0.0.1 ad.iwin.com #SpySweeperCASS `127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.kimo.com.tw #SpySweeperCASS `127.0.0.1 ad.linkexchange.com #SpySweeperCASS `127.0.0.1 ad.linksynergy.com #SpySweeperCASS `127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS `127.0.0.1 ad.net-service.de #SpySweeperCASS `127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.openfind.com.tw #SpySweeperCASS `127.0.0.1 ad.preferances.com #SpySweeperCASS `127.0.0.1 ad.preferences.com #SpySweeperCASS `127.0.0.1 ad.sales.olympics.com #SpySweeperCASS `127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.sma.punto.net #SpySweeperCASS `127.0.0.1 ad.tomshardware.com #SpySweeperCASS `127.0.0.1 ad.trafficmp.com #SpySweeperCASS `127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS `127.0.0.1 ad.usatoday.com #SpySweeperCASS `127.0.0.1 ad.vol.at #SpySweeperCASS `127.0.0.1 ad.washingtonpost.com #SpySweeperCASS `127.0.0.1 ad.webprovider.com #SpySweeperCASS `127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS `127.0.0.1 ad08.focalink.com #SpySweeperCASS `127.0.0.1 ad1.aaddzz.com #SpySweeperCASS `127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS `127.0.0.1 ad10.doubleclick.net #SpySweeperCASS `127.0.0.1 ad11.doubleclick.net #SpySweeperCASS `127.0.0.1 ad12.doubleclick.net #SpySweeperCASS `127.0.0.1 ad13.doubleclick.net #SpySweeperCASS `127.0.0.1 ad14.doubleclick.net #SpySweeperCASS `127.0.0.1 ad15.doubleclick.net #SpySweeperCASS `127.0.0.1 ad16.doubleclick.net #SpySweeperCASS `127.0.0.1 ad17.doubleclick.net #SpySweeperCASS `127.0.0.1 ad18.doubleclick.net #SpySweeperCASS `127.0.0.1 ad19.doubleclick.net #SpySweeperCASS `127.0.0.1 ad2.adcept.net #SpySweeperCASS `127.0.0.1 ad2.doubleclick.net #SpySweeperCASS `127.0.0.1 ad2.peel.com #SpySweeperCASS `127.0.0.1 ad20.doubleclick.net #SpySweeperCASS `127.0.0.1 ad3.doubleclick.net #SpySweeperCASS `127.0.0.1 ad3.peel.com #SpySweeperCASS `127.0.0.1 ad4.doubleclick.net #SpySweeperCASS `127.0.0.1 ad5.doubleclick.net #SpySweeperCASS `127.0.0.1 ad6.doubleclick.net #SpySweeperCASS `127.0.0.1 ad7.doubleclick.net #SpySweeperCASS `127.0.0.1 ad7.internetadserver.com #SpySweeperCASS `127.0.0.1 ad8.doubleclick.net #SpySweeperCASS `127.0.0.1 ad9.doubleclick.net #SpySweeperCASS `127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS `127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS `127.0.0.1 adbot.com #SpySweeperCASS `127.0.0.1 adbureau.net #SpySweeperCASS `127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS `127.0.0.1 adcontent.gamespy.com #SpySweeperCASS `127.0.0.1 adcontroller.unicast.com #SpySweeperCASS `127.0.0.1 adcount.hollywood.com #SpySweeperCASS `127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS `127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS `127.0.0.1 add.yaho.com #SpySweeperCASS `127.0.0.1 adengine.theglobe.com #SpySweeperCASS `127.0.0.1 adex3.flycast.com #SpySweeperCASS `127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS `127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS `127.0.0.1 adforce.adtech.de #SpySweeperCASS `127.0.0.1 adforce.imgis.com #SpySweeperCASS `127.0.0.1 adfu.blockstackers.com #SpySweeperCASS `127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS `127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS `127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS `127.0.0.1 adimage.bankrate.com #SpySweeperCASS `127.0.0.1 adimage.blm.net #SpySweeperCASS `127.0.0.1 adimages.earthweb.com #SpySweeperCASS `127.0.0.1 adimages.go.com #SpySweeperCASS `127.0.0.1 adimg.com.com #SpySweeperCASS `127.0.0.1 adimg.egroups.com #SpySweeperCASS `127.0.0.1 adimg1.chosun.com #SpySweeperCASS `127.0.0.1 adlink.deh.de #SpySweeperCASS `127.0.0.1 adlog.com.com #SpySweeperCASS `127.0.0.1 adlui001.adlink.de #SpySweeperCASS `127.0.0.1 admedia.xoom.com #SpySweeperCASS `127.0.0.1 adng.ascii24.com #SpySweeperCASS `127.0.0.1 adpick.switchboard.com #SpySweeperCASS `127.0.0.1 adpop.theglobe.com #SpySweeperCASS `127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS `127.0.0.1 adremote.pathfinder.com #SpySweeperCASS `127.0.0.1 ads*.focalink.com #SpySweeperCASS `127.0.0.1 ads.1for1.com #SpySweeperCASS `127.0.0.1 ads.adflight.com #SpySweeperCASS `127.0.0.1 ads.ad-flow.com #SpySweeperCASS `127.0.0.1 ads.admaximize.com #SpySweeperCASS `127.0.0.1 ads.admonitor.net #SpySweeperCASS `127.0.0.1 ads.adtegrity.net #SpySweeperCASS `127.0.0.1 ads.advance.net #SpySweeperCASS `127.0.0.1 ads.adviva.net #SpySweeperCASS `127.0.0.1 ads.amazingmedia.com #SpySweeperCASS `127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS `127.0.0.1 ads.astalavista.us #SpySweeperCASS `127.0.0.1 ads.belointeractive.com #SpySweeperCASS `127.0.0.1 ads.bfast.com #SpySweeperCASS `127.0.0.1 ads.bianca.com #SpySweeperCASS `127.0.0.1 ads.bigcitytools.com #SpySweeperCASS `127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS `127.0.0.1 ads.bloomberg.com #SpySweeperCASS `127.0.0.1 ads.cashsurfers.com #SpySweeperCASS `127.0.0.1 ads.cbc.ca #SpySweeperCASS `127.0.0.1 ads.centralohio.com #SpySweeperCASS `127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS `127.0.0.1 ads.clearchannel.com #SpySweeperCASS `127.0.0.1 ads.clickagents.com #SpySweeperCASS `127.0.0.1 ads.clickhouse.com #SpySweeperCASS `127.0.0.1 ads.colo.kiva.net #SpySweeperCASS `127.0.0.1 ads.columbian.com #SpySweeperCASS `127.0.0.1 ads.courierpostonline.com #SpySweeperCASS `127.0.0.1 ads.criticalmass.com #SpySweeperCASS `127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS `127.0.0.1 ads.currantbun.com #SpySweeperCASS `127.0.0.1 ads.dai.net #SpySweeperCASS `127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS `127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS `127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS `127.0.0.1 ads.developershed.com #SpySweeperCASS `127.0.0.1 ads.devx.com #SpySweeperCASS `127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS `127.0.0.1 ads.discovery.com #SpySweeperCASS `127.0.0.1 ads.doubleclick.com #SpySweeperCASS `127.0.0.1 ads.doubleclick.net #SpySweeperCASS `127.0.0.1 ads.ecircles.com #SpySweeperCASS `127.0.0.1 ads.enliven.com #SpySweeperCASS `127.0.0.1 ads.erotism.com #SpySweeperCASS `127.0.0.1 ads.eu.msn.com #SpySweeperCASS `127.0.0.1 ads.exhedra.com #SpySweeperCASS `127.0.0.1 ads.fairfax.com.au #SpySweeperCASS `127.0.0.1 ads.filez.com #SpySweeperCASS `127.0.0.1 ads.floridatoday.com #SpySweeperCASS `127.0.0.1 ads.fool.com #SpySweeperCASS `127.0.0.1 ads.forbes.com #SpySweeperCASS `127.0.0.1 ads.forbes.net #SpySweeperCASS `127.0.0.1 ads.fortunecity.com #SpySweeperCASS `127.0.0.1 ads.fredericksburg.com #SpySweeperCASS `127.0.0.1 ads.freshmeat.net #SpySweeperCASS `127.0.0.1 ads.gameanswers.com #SpySweeperCASS `127.0.0.1 ads.gamespy.com #SpySweeperCASS `127.0.0.1 ads.globeandmail.com #SpySweeperCASS `127.0.0.1 ads.god.co.uk #SpySweeperCASS `127.0.0.1 ads.granadamedia.com #SpySweeperCASS `127.0.0.1 ads.greensboro.com #SpySweeperCASS `127.0.0.1 ads.guardian.co.uk #SpySweeperCASS `127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS `127.0.0.1 ads.hitcents.com #SpySweeperCASS `127.0.0.1 ads.hollywood.com #SpySweeperCASS `127.0.0.1 ads.hyperbanner.net #SpySweeperCASS `127.0.0.1 ads.i33.com #SpySweeperCASS `127.0.0.1 ads.iafrica.com #SpySweeperCASS `127.0.0.1 ads.iambic.com #SpySweeperCASS `127.0.0.1 ads.icq.com #SpySweeperCASS `127.0.0.1 ads.ign.com #SpySweeperCASS `127.0.0.1 ads.imagine-inc.com #SpySweeperCASS `127.0.0.1 ads.imdb.com #SpySweeperCASS `127.0.0.1 ads.infi.net #SpySweeperCASS `127.0.0.1 ads.infospace.com #SpySweeperCASS `127.0.0.1 ads.iwon.com #SpySweeperCASS `127.0.0.1 ads.jacksonsun.com #SpySweeperCASS `127.0.0.1 ads.jpost.com #SpySweeperCASS `127.0.0.1 ads.jwtt3.com #SpySweeperCASS `127.0.0.1 ads.link4ads.com #SpySweeperCASS `127.0.0.1 ads.list-universe.com #SpySweeperCASS `127.0.0.1 ads.live365.com #SpySweeperCASS `127.0.0.1 ads.lycos.com #SpySweeperCASS `127.0.0.1 ads.madison.com #SpySweeperCASS `127.0.0.1 ads.mcafee.com #SpySweeperCASS `127.0.0.1 ads.mdchoice.com #SpySweeperCASS `127.0.0.1 ads.mediadevil.com #SpySweeperCASS `127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS `127.0.0.1 ads.mediaturf.net #SpySweeperCASS `127.0.0.1 ads.mh5.com #SpySweeperCASS `127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS `127.0.0.1 ads.msn.com #SpySweeperCASS `127.0.0.1 ads.msn-ppe.com #SpySweeperCASS `127.0.0.1 ads.musiccity.com #SpySweeperCASS `127.0.0.1 ads.mysimon.com #SpySweeperCASS `127.0.0.1 ads.nandomedia.com #SpySweeperCASS `127.0.0.1 ads.narrowline.com #SpySweeperCASS `127.0.0.1 ads.nerve.com #SpySweeperCASS `127.0.0.1 ads.netmechanic.com #SpySweeperCASS `127.0.0.1 ads.newcity.com #SpySweeperCASS `127.0.0.1 ads.newcitynet.com #SpySweeperCASS `127.0.0.1 ads.newsdigital.net #SpySweeperCASS `127.0.0.1 ads.newsint.co.uk #SpySweeperCASS `127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS `127.0.0.1 ads.newtimes.com #SpySweeperCASS `127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS `127.0.0.1 ads.northjersey.com #SpySweeperCASS `127.0.0.1 ads.nwsource.com #SpySweeperCASS `127.0.0.1 ads.nyi.net #SpySweeperCASS `127.0.0.1 ads.nypost.com #SpySweeperCASS `127.0.0.1 ads.nytimes.com #SpySweeperCASS `127.0.0.1 ads.ole.com #SpySweeperCASS `127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS `127.0.0.1 ads.paxnet.com #SpySweeperCASS `127.0.0.1 ads.peel.com #SpySweeperCASS `127.0.0.1 ads.pennyweb.com #SpySweeperCASS `127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS `127.0.0.1 ads.realcities.com #SpySweeperCASS `127.0.0.1 ads.realmedia.com #SpySweeperCASS `127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS `127.0.0.1 ads.scifi.com #SpySweeperCASS `127.0.0.1 ads.seattletimes.com #SpySweeperCASS `127.0.0.1 ads.smartclicks.com #SpySweeperCASS `127.0.0.1 ads.smartclicks.net #SpySweeperCASS `127.0.0.1 ads.snowball.com #SpySweeperCASS `127.0.0.1 ads.specificpop.com #SpySweeperCASS `127.0.0.1 ads.sptimes.com #SpySweeperCASS `127.0.0.1 ads.starnews.com #SpySweeperCASS `127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS `127.0.0.1 ads.stileproject.com #SpySweeperCASS `127.0.0.1 ads.switchboard.com #SpySweeperCASS `127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS `127.0.0.1 ads.themes.org #SpySweeperCASS `127.0.0.1 ads.theolympian.com #SpySweeperCASS `127.0.0.1 ads.thestar.com #SpySweeperCASS `127.0.0.1 ads.tmcs.net #SpySweeperCASS `127.0.0.1 ads.tripod.com #SpySweeperCASS `127.0.0.1 ads.tucows.com #SpySweeperCASS `127.0.0.1 ads.ugo.com #SpySweeperCASS `127.0.0.1 ads.usatoday.com #SpySweeperCASS `127.0.0.1 ads.viaarena.com #SpySweeperCASS `127.0.0.1 ads.videoaxs.com #SpySweeperCASS `127.0.0.1 ads.vnuemedia.com #SpySweeperCASS `127.0.0.1 ads.washingtonpost.com #SpySweeperCASS `127.0.0.1 ads.web.aol.com #SpySweeperCASS `127.0.0.1 ads.web.de #SpySweeperCASS `127.0.0.1 ads.web21.com #SpySweeperCASS `127.0.0.1 ads.webcash.nl #SpySweeperCASS `127.0.0.1 ads.wnd.com #SpySweeperCASS `127.0.0.1 ads.x10.com #SpySweeperCASS `127.0.0.1 ads.xtra.co.nz #SpySweeperCASS `127.0.0.1 ads.zdnet.com #SpySweeperCASS `127.0.0.1 ads01.focalink.com #SpySweeperCASS `127.0.0.1 ads02.focalink.com #SpySweeperCASS `127.0.0.1 ads03.focalink.com #SpySweeperCASS `127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS `127.0.0.1 ads04.focalink.com #SpySweeperCASS `127.0.0.1 ads05.focalink.com #SpySweeperCASS `127.0.0.1 ads06.focalink.com #SpySweeperCASS `127.0.0.1 ads08.focalink.com #SpySweeperCASS `127.0.0.1 ads09.focalink.com #SpySweeperCASS `127.0.0.1 ads1.activeagent.at #SpySweeperCASS `127.0.0.1 ads1.ad-flow.com #SpySweeperCASS `127.0.0.1 ads1.advance.net #SpySweeperCASS `127.0.0.1 ads1.condenet.com #SpySweeperCASS `127.0.0.1 ads1.intelliads.com #SpySweeperCASS `127.0.0.1 ads1.sptimes.com #SpySweeperCASS `127.0.0.1 ads10.focalink.com #SpySweeperCASS `127.0.0.1 ads11.focalink.com #SpySweeperCASS `127.0.0.1 ads12.focalink.com #SpySweeperCASS `127.0.0.1 ads13.focalink.com #SpySweeperCASS `127.0.0.1 ads14.focalink.com #SpySweeperCASS `127.0.0.1 ads15.focalink.com #SpySweeperCASS `127.0.0.1 ads16.focalink.com #SpySweeperCASS `127.0.0.1 ads17.focalink.com #SpySweeperCASS `127.0.0.1 ads18.bpath.com #SpySweeperCASS `127.0.0.1 ads18.focalink.com #SpySweeperCASS `127.0.0.1 ads19.focalink.com #SpySweeperCASS `127.0.0.1 ads2.advance.net #SpySweeperCASS `127.0.0.1 ads2.clearchannel.com #SpySweeperCASS `127.0.0.1 ads2.condenet.com #SpySweeperCASS `127.0.0.1 ads2.zdnet.com #SpySweeperCASS `127.0.0.1 ads20.focalink.com #SpySweeperCASS `127.0.0.1 ads21.focalink.com #SpySweeperCASS `127.0.0.1 ads22.focalink.com #SpySweeperCASS `127.0.0.1 ads23.focalink.com #SpySweeperCASS `127.0.0.1 ads24.focalink.com #SpySweeperCASS `127.0.0.1 ads25.focalink.com #SpySweeperCASS `127.0.0.1 ads3.advance.net #SpySweeperCASS `127.0.0.1 ads3.zdnet.com #SpySweeperCASS `127.0.0.1 ads4.advance.net #SpySweeperCASS `127.0.0.1 ads4.clearchannel.com #SpySweeperCASS `127.0.0.1 ads4.condenet.com #SpySweeperCASS `127.0.0.1 ads5.advance.net #SpySweeperCASS `127.0.0.1 ads5.canoe.ca #SpySweeperCASS `127.0.0.1 ads5.gamecity.net #SpySweeperCASS `127.0.0.1 ads7.advance.net #SpySweeperCASS `127.0.0.1 ads7.udc.advance.net #SpySweeperCASS `127.0.0.1 ads-b.focalink.com #SpySweeperCASS `127.0.0.1 adserv.iafrica.com #SpySweeperCASS `127.0.0.1 adserv.internetfuel.com #SpySweeperCASS `127.0.0.1 adserv.newcentury.net #SpySweeperCASS `127.0.0.1 adserv.quality-channel.de #SpySweeperCASS `127.0.0.1 adservant.guj.de #SpySweeperCASS `127.0.0.1 adservant.mediapoint.de #SpySweeperCASS `127.0.0.1 adserver.ads360.com #SpySweeperCASS `127.0.0.1 adserver.anm.co.uk #SpySweeperCASS `127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS `127.0.0.1 adserver.colleges.com #SpySweeperCASS `127.0.0.1 adserver.dbusiness.com #SpySweeperCASS `127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS `127.0.0.1 adserver.garden.com #SpySweeperCASS `127.0.0.1 adserver.hispavista.com #SpySweeperCASS `127.0.0.1 adserver.ign.com #SpySweeperCASS `127.0.0.1 adserver.janes.com #SpySweeperCASS `127.0.0.1 adserver.matchcraft.com #SpySweeperCASS `127.0.0.1 adserver.merc.com #SpySweeperCASS `127.0.0.1 adserver.monster.com #SpySweeperCASS `127.0.0.1 adserver.netcast.nl #SpySweeperCASS `127.0.0.1 adserver.news.com.au #SpySweeperCASS `127.0.0.1 adserver.nydailynews.com #SpySweeperCASS `127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS `127.0.0.1 adserver.pollstar.com #SpySweeperCASS `127.0.0.1 adserver.securityfocus.com #SpySweeperCASS `127.0.0.1 adserver.snowball.com #SpySweeperCASS `127.0.0.1 adserver.track-star.com #SpySweeperCASS `127.0.0.1 adserver.trb.com #SpySweeperCASS `127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS `127.0.0.1 adserver.ugo.com #SpySweeperCASS `127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS `127.0.0.1 adserver.webads.com #SpySweeperCASS `127.0.0.1 adserver.webads.nl #SpySweeperCASS `127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS `127.0.0.1 adserver1.realtracker.com #SpySweeperCASS `127.0.0.1 adserver2.realtracker.com #SpySweeperCASS `127.0.0.1 adserver3.realtracker.com #SpySweeperCASS `127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS `127.0.0.1 adsrv.bankrate.com #SpySweeperCASS `127.0.0.1 adsrv.iol.co.za #SpySweeperCASS `127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS `127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS `127.0.0.1 adtegrity.thruport.com #SpySweeperCASS `127.0.0.1 adthru.com #SpySweeperCASS `127.0.0.1 ad-up.com #SpySweeperCASS `127.0.0.1 adverity.adverity.com #SpySweeperCASS `127.0.0.1 advert.bayarea.com #SpySweeperCASS `127.0.0.1 advert.heise.de #SpySweeperCASS `127.0.0.1 affiliate.doteasy.com #SpySweeperCASS `127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS `127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS `127.0.0.1 amch.questionmarket.com #SpySweeperCASS `127.0.0.1 amedia.techies.com #SpySweeperCASS `127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS `127.0.0.1 ar.atwola.com #SpySweeperCASS `127.0.0.1 arc1.msn.com #SpySweeperCASS `127.0.0.1 arc2.msn.com #SpySweeperCASS `127.0.0.1 arc3.msn.com #SpySweeperCASS `127.0.0.1 arc4.msn.com #SpySweeperCASS `127.0.0.1 arc5.msn.com #SpySweeperCASS `127.0.0.1 askmen.thruport.com #SpySweeperCASS `127.0.0.1 au.ads.link4ads.com #SpySweeperCASS `127.0.0.1 banner.adlink.de #SpySweeperCASS `127.0.0.1 banner.coza.com #SpySweeperCASS `127.0.0.1 banner.easyspace.com #SpySweeperCASS `127.0.0.1 banner.linkexchange.com #SpySweeperCASS `127.0.0.1 banner.media-system.de #SpySweeperCASS `127.0.0.1 banner.northsky.com #SpySweeperCASS `127.0.0.1 banner.orb.net #SpySweeperCASS `127.0.0.1 banner.relcom.ru #SpySweeperCASS `127.0.0.1 banner.rootsweb.com #SpySweeperCASS `127.0.0.1 banner1.adlink.de #SpySweeperCASS `127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS `127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS `127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS `127.0.0.1 banners.babylon-x.com #SpySweeperCASS `127.0.0.1 banners.chek.com #SpySweeperCASS `127.0.0.1 banners.easydns.com #SpySweeperCASS `127.0.0.1 banners.friendfinder.com #SpySweeperCASS `127.0.0.1 banners.internetextra.com #SpySweeperCASS `127.0.0.1 banners.looksmart.com #SpySweeperCASS `127.0.0.1 banners.moviegoods.com #SpySweeperCASS `127.0.0.1 banners.nextcard.com #SpySweeperCASS `127.0.0.1 banners.revenuelink.com #SpySweeperCASS `127.0.0.1 banners.valuead.com #SpySweeperCASS `127.0.0.1 banners.wunderground.com #SpySweeperCASS `127.0.0.1 bannerswap.com #SpySweeperCASS `127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS `127.0.0.1 beseenad.looksmart.com #SpySweeperCASS `127.0.0.1 bidclix.net #SpySweeperCASS `127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS `127.0.0.1 bn.bfast.com #SpySweeperCASS `127.0.0.1 c1.zedo.com #SpySweeperCASS `127.0.0.1 c3.xxxcounter.com #SpySweeperCASS `127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS `127.0.0.1 califia.imaginemedia.com #SpySweeperCASS `127.0.0.1 campaigns.f2.com.au #SpySweeperCASS `127.0.0.1 cb.icq.com #SpySweeperCASS `127.0.0.1 cds.mediaplex.com #SpySweeperCASS `127.0.0.1 cf.icq.com #SpySweeperCASS `127.0.0.1 cgi.declicnet.com #SpySweeperCASS `127.0.0.1 classic.adlink.de #SpySweeperCASS `127.0.0.1 click.adlink.de #SpySweeperCASS `127.0.0.1 click.avenuea.com #SpySweeperCASS `127.0.0.1 click.go2net.com #SpySweeperCASS `127.0.0.1 click.linksynergy.com #SpySweeperCASS `127.0.0.1 click.mp3.com #SpySweeperCASS `127.0.0.1 clickit.go2net.com #SpySweeperCASS `127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS `127.0.0.1 commonwealth.riddler.com #SpySweeperCASS `127.0.0.1 comtrack.comclick.com #SpySweeperCASS `127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS `127.0.0.1 cookies.cmpnet.com #SpySweeperCASS `127.0.0.1 coreg.flashtrack.net #SpySweeperCASS `127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS `127.0.0.1 counter.hitbox.com #SpySweeperCASS `127.0.0.1 creative.whi.co.nz #SpySweeperCASS `127.0.0.1 crux.songline.com #SpySweeperCASS `127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS `127.0.0.1 desktop.kazaa.com #SpySweeperCASS `127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS `127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS `127.0.0.1 direct.adlink.de #SpySweeperCASS `127.0.0.1 doubleclick.net #SpySweeperCASS `127.0.0.1 ds.eyeblaster.com #SpySweeperCASS `127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS `127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS `127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS `127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS `127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS `127.0.0.1 engage.speedera.net #SpySweeperCASS `127.0.0.1 erie.smartage.com #SpySweeperCASS `127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS `127.0.0.1 eur.yimg.com #SpySweeperCASS `127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS `127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS `127.0.0.1 fp.valueclick.com #SpySweeperCASS `127.0.0.1 ftp.nacorp.com #SpySweeperCASS `127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS `127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS `127.0.0.1 garden.ngadcenter.net #SpySweeperCASS `127.0.0.1 geoads.osdn.com #SpySweeperCASS `127.0.0.1 global.msads.net #SpySweeperCASS `127.0.0.1 globaltrack.com #SpySweeperCASS `127.0.0.1 globaltrak.net #SpySweeperCASS `127.0.0.1 gm.preferences.com #SpySweeperCASS `127.0.0.1 gp.dejanews.com #SpySweeperCASS `127.0.0.1 hg1.hitbox.com #SpySweeperCASS `127.0.0.1 holland.hyperbanner.net #SpySweeperCASS `127.0.0.1 hurricane.adlink.de #SpySweeperCASS `127.0.0.1 i.timeinc.net #SpySweeperCASS `127.0.0.1 icover.realmedia.com #SpySweeperCASS `127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS `127.0.0.1 im.800.com #SpySweeperCASS `127.0.0.1 image.click2net.com #SpySweeperCASS `127.0.0.1 image.eimg.com #SpySweeperCASS `127.0.0.1 image.imgfarm.com #SpySweeperCASS `127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS `127.0.0.1 images.bizrate.com #SpySweeperCASS `127.0.0.1 images.cybereps.com #SpySweeperCASS `127.0.0.1 images.fastclick.net #SpySweeperCASS `127.0.0.1 images.newsx.cc #SpySweeperCASS `127.0.0.1 images.scripps.com #SpySweeperCASS `127.0.0.1 images.trafficmp.com #SpySweeperCASS `127.0.0.1 images.webads.nl #SpySweeperCASS `127.0.0.1 images2.nytimes.com #SpySweeperCASS `127.0.0.1 imageserv.adtech.de #SpySweeperCASS `127.0.0.1 img.cmpnet.com #SpySweeperCASS `127.0.0.1 information.gopher.com #SpySweeperCASS `127.0.0.1 iv.doubleclick.net #SpySweeperCASS `127.0.0.1 java.yahoo.com #SpySweeperCASS `127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS `127.0.0.1 js1.hitbox.com #SpySweeperCASS `127.0.0.1 k5ads.osdn.com #SpySweeperCASS `127.0.0.1 kansas.valueclick.com #SpySweeperCASS `127.0.0.1 kaplanindex.com #SpySweeperCASS `127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS `127.0.0.1 krd.realcities.com #SpySweeperCASS `127.0.0.1 leader.linkexchange.com #SpySweeperCASS `127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS `127.0.0.1 ln.doubleclick.net #SpySweeperCASS `127.0.0.1 m.doubleclick.net #SpySweeperCASS `127.0.0.1 m.tribalfusion.com #SpySweeperCASS `127.0.0.1 m2.doubleclick.net #SpySweeperCASS `127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS `127.0.0.1 marketing.nyi.net #SpySweeperCASS `127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS `127.0.0.1 mds.centrport.net #SpySweeperCASS `127.0.0.1 media.fastclick.net #SpySweeperCASS `127.0.0.1 media.popuptraffic.com #SpySweeperCASS `127.0.0.1 media.preferences.com #SpySweeperCASS `127.0.0.1 media13.fastclick.net #SpySweeperCASS `127.0.0.1 media15.fastclick.net #SpySweeperCASS `127.0.0.1 media17.fastclick.net #SpySweeperCASS `127.0.0.1 media19.fastclick.net #SpySweeperCASS `127.0.0.1 mediamgr.ugo.com #SpySweeperCASS `127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS `127.0.0.1 mjxads.internet.com #SpySweeperCASS `127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS `127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS `127.0.0.1 mt37.mtree.com #SpySweeperCASS `127.0.0.1 nbc.adbureau.net #SpySweeperCASS `127.0.0.1 neighborhood.standard.net #SpySweeperCASS `127.0.0.1 netcomm.spinbox.net #SpySweeperCASS `127.0.0.1 netshelter.adtrix.com #SpySweeperCASS `127.0.0.1 newads.cmpnet.com #SpySweeperCASS `127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS `127.0.0.1 ngads.smartage.com #SpySweeperCASS `127.0.0.1 nrsite.com #SpySweeperCASS `127.0.0.1 nsads.hotwired.com #SpySweeperCASS `127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS `127.0.0.1 oas.dispatch.com #SpySweeperCASS `127.0.0.1 oas.lee.net #SpySweeperCASS `127.0.0.1 oas.mmd.ch #SpySweeperCASS `127.0.0.1 oas.uniontrib.com #SpySweeperCASS `127.0.0.1 oas.villagevoice.com #SpySweeperCASS `127.0.0.1 oasads.whitepages.com #SpySweeperCASS `127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS `127.0.0.1 oz.valueclick.com #SpySweeperCASS `127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS `127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS `127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS `127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS `127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS `127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS `127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS `127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS `127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS `127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS `127.0.0.1 pluto1.iserver.net #SpySweeperCASS `127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS `127.0.0.1 pub-g.ifrance.com #SpySweeperCASS `127.0.0.1 pubs.mgn.net #SpySweeperCASS `127.0.0.1 q.pni.com #SpySweeperCASS `127.0.0.1 rad.msn.com #SpySweeperCASS `127.0.0.1 rd1.hitbox.com #SpySweeperCASS `127.0.0.1 realads.realmedia.com #SpySweeperCASS `127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS `127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS `127.0.0.1 redirect.click2net.com #SpySweeperCASS `127.0.0.1 regio.adlink.de #SpySweeperCASS `127.0.0.1 reply.mediatris.net #SpySweeperCASS `127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS `127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS `127.0.0.1 rmads.msn.com #SpySweeperCASS `127.0.0.1 rmedia.boston.com #SpySweeperCASS `127.0.0.1 s0b.bluestreak.com #SpySweeperCASS `127.0.0.1 s2.focalink.com #SpySweeperCASS `127.0.0.1 sc.clicksupply.com #SpySweeperCASS `127.0.0.1 scand.adlink.de #SpySweeperCASS `127.0.0.1 secure.webconnect.net #SpySweeperCASS `127.0.0.1 servads.aip.org #SpySweeperCASS `127.0.0.1 serve.thisbanner.com #SpySweeperCASS `127.0.0.1 servedby.advertising.com #SpySweeperCASS `127.0.0.1 service.bfast.com #SpySweeperCASS `127.0.0.1 sfads.osdn.com #SpySweeperCASS `127.0.0.1 sg.yimg.com #SpySweeperCASS `127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS `127.0.0.1 shop.kazaa.com #SpySweeperCASS `127.0.0.1 spd.atdmt.com #SpySweeperCASS `127.0.0.1 speed.pointroll.com #SpySweeperCASS `127.0.0.1 spin.spinbox.net #SpySweeperCASS `127.0.0.1 spinbox.maccentral.com #SpySweeperCASS `127.0.0.1 spinbox.techtracker.com #SpySweeperCASS `127.0.0.1 ss.mtree.com #SpySweeperCASS `127.0.0.1 static.admaximize.com #SpySweeperCASS `127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS `127.0.0.1 stats.superstats.com #SpySweeperCASS `127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS `127.0.0.1 sview.avenuea.com #SpySweeperCASS `127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS `127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS `127.0.0.1 ti.click2net.com #SpySweeperCASS `127.0.0.1 tmsads.tribune.com #SpySweeperCASS `127.0.0.1 toads.osdn.com #SpySweeperCASS `127.0.0.1 tracker.clicktrade.com #SpySweeperCASS `127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS `127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS `127.0.0.1 us.a1.yimg.com #SpySweeperCASS `127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS `127.0.0.1 utils.mediageneral.com #SpySweeperCASS `127.0.0.1 v0.extreme-dm.com #SpySweeperCASS `127.0.0.1 v1.extreme-dm.com #SpySweeperCASS `127.0.0.1 van.ads.link4ads.com #SpySweeperCASS `127.0.0.1 view.accendo.com #SpySweeperCASS `127.0.0.1 view.atdmt.com #SpySweeperCASS `127.0.0.1 view.avenuea.com #SpySweeperCASS `127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS `127.0.0.1 vpdc.ru4.com #SpySweeperCASS `127.0.0.1 w113.hitbox.com #SpySweeperCASS `127.0.0.1 w25.hitbox.com #SpySweeperCASS `127.0.0.1 wap.adlink.de #SpySweeperCASS `127.0.0.1 web2.deja.com #SpySweeperCASS `127.0.0.1 webad.ajeeb.com #SpySweeperCASS `127.0.0.1 webads.bizservers.com #SpySweeperCASS `127.0.0.1 webaffiliate.covad.com #SpySweeperCASS `127.0.0.1 west.adlink.de #SpySweeperCASS `127.0.0.1 wwa.hitbox.com #SpySweeperCASS `127.0.0.1 wwb.hitbox.com #SpySweeperCASS `127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS `127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS `127.0.0.1 www.ad4ex.com #SpySweeperCASS `127.0.0.1 www.ad-flow.com #SpySweeperCASS `127.0.0.1 www.adireland.com #SpySweeperCASS `127.0.0.1 www.admex.com #SpySweeperCASS `127.0.0.1 www.ad-up.com #SpySweeperCASS `127.0.0.1 www.alladvantage.com #SpySweeperCASS `127.0.0.1 www.avsads.com #SpySweeperCASS `127.0.0.1 www.b3d.com #SpySweeperCASS `127.0.0.1 www.banner2u.com #SpySweeperCASS `127.0.0.1 www.bannercampaign.com #SpySweeperCASS `127.0.0.1 www.banneroverdrive.com #SpySweeperCASS `127.0.0.1 www.blissnet.net #SpySweeperCASS `127.0.0.1 www.bonzi.com #SpySweeperCASS `127.0.0.1 www.brilliantdigital.com #SpySweeperCASS `127.0.0.1 www.burstnet.com #SpySweeperCASS `127.0.0.1 www.cibleclick.com #SpySweeperCASS `127.0.0.1 www.click-fr.com #SpySweeperCASS `127.0.0.1 www.commission-junction.com #SpySweeperCASS `127.0.0.1 www.consumerinfo.com #SpySweeperCASS `127.0.0.1 www.crisscross.com #SpySweeperCASS `127.0.0.1 www.cyberbounty.com #SpySweeperCASS `127.0.0.1 www.datais.com #SpySweeperCASS `127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS `127.0.0.1 www.dnps.com #SpySweeperCASS `127.0.0.1 www.doubleclick.net #SpySweeperCASS `127.0.0.1 www.eads.com #SpySweeperCASS `127.0.0.1 www.exchange-it.com #SpySweeperCASS `127.0.0.1 www.fineclicks.com #SpySweeperCASS `127.0.0.1 www.freestats.com #SpySweeperCASS `127.0.0.1 www.imaginemedia.com #SpySweeperCASS `127.0.0.1 www.kaplanindex.com #SpySweeperCASS `127.0.0.1 www.linksynergy.com #SpySweeperCASS `127.0.0.1 www.nailitonline2.com #SpySweeperCASS `127.0.0.1 www.netdirect.nl #SpySweeperCASS `127.0.0.1 www.netflip.com #SpySweeperCASS `127.0.0.1 www.netsponsors.com #SpySweeperCASS `127.0.0.1 www.netvertising.be #SpySweeperCASS `127.0.0.1 www.nrsite.com #SpySweeperCASS `127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS `127.0.0.1 www.onresponse.com #SpySweeperCASS `127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS `127.0.0.1 www.qksrv.net #SpySweeperCASS `127.0.0.1 www.speedyclick.com #SpySweeperCASS `127.0.0.1 www.targetshop.com #SpySweeperCASS `127.0.0.1 www.teknosurf2.com #SpySweeperCASS `127.0.0.1 www.teknosurf3.com #SpySweeperCASS `127.0.0.1 www.valueclick.com #SpySweeperCASS `127.0.0.1 www.webads.nl #SpySweeperCASS `127.0.0.1 www.websitefinancing.com #SpySweeperCASS `127.0.0.1 www10.valueclick.com #SpySweeperCASS `127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS `127.0.0.1 www2.burstnet.com #SpySweeperCASS `127.0.0.1 www2.newtopsites.com #SpySweeperCASS `127.0.0.1 www23.valueclick.com #SpySweeperCASS `127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS `127.0.0.1 www3.bannerspace.com #SpySweeperCASS `127.0.0.1 www3.pagecount.com #SpySweeperCASS `127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS `127.0.0.1 www4.trix.net #SpySweeperCASS `127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS `127.0.0.1 www75.valueclick.com #SpySweeperCASS `127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS `127.0.0.1 www80.valueclick.com #SpySweeperCASS `127.0.0.1 y.ibsys.com #SpySweeperCASS `127.0.0.1 z.extreme-dm.com #SpySweeperCASS `127.0.0.1 z0.extreme-dm.com #SpySweeperCASS `127.0.0.1 z1.adserver.com #SpySweeperCASS `127.0.0.1 z1.extreme-dm.com #SpySweeperCASS `127.0.0.1 zi.r.tv.com #SpySweeperCASS `127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS |
|
|
|
|
08-13-2005, 04:17 PM
|
#5 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
here is the rest of the startdreck
»Program Files
*C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\System32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\UNWISE.EXE *C:\WINDOWS\UNWISE.EXE +C:\WINDOWS\System32\notepad.exe *C:\WINDOWS\notepad.exe +C:\WINDOWS\System32\taskman.exe *C:\WINDOWS\taskman.exe +C:\WINDOWS\System32\winhlp32.exe *C:\WINDOWS\winhlp32.exe »System/Drivers »Running Processes +0=<idle> +4=<system> +912=\SystemRoot\System32\smss.exe *C:\WINDOWS\System32\ntdll.dll +960=\??\C:\WINDOWS\system32\csrss.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\CSRSRV.dll *C:\WINDOWS\system32\basesrv.dll *C:\WINDOWS\system32\winsrv.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\KERNEL32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\sxs.dll +984=\??\C:\WINDOWS\system32\winlogon.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\NDdeApi.dll *C:\WINDOWS\system32\PROFMAP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\System32\MSGINA.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\System32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\odbcint.dll *C:\WINDOWS\System32\SHSVCS.dll *C:\WINDOWS\system32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\System32\WINTRUST.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\WINSCARD.DLL *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\system32\cscdll.dll *C:\WINDOWS\system32\WlNotify.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\sxs.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\System32\wdmaud.drv *C:\WINDOWS\System32\msacm32.drv *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\System32\midimap.dll *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\CLBCATQ.DLL +1028=C:\WINDOWS\system32\services.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SCESRV.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\umpnpmgr.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\eventlog.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\Apphelp.dll +1040=C:\WINDOWS\system32\lsass.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\LSASRV.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SAMSRV.dll *C:\WINDOWS\system32\cryptdll.dll *C:\WINDOWS\system32\msprivs.dll *C:\WINDOWS\system32\kerberos.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\netlogon.dll *C:\WINDOWS\system32\w32time.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\schannel.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\wdigest.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\ipsecsvc.dll *C:\WINDOWS\system32\oakley.DLL *C:\WINDOWS\system32\WINIPSEC.DLL *C:\WINDOWS\system32\pstorsvc.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\psbase.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\dssenh.dll +1240=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *c:\windows\system32\rpcss.dll *C:\WINDOWS\system32\msvcrt.dll *c:\windows\system32\Secur32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\Apphelp.dll +1372=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *c:\windows\system32\shsvcs.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\System32\UxTheme.dll *c:\windows\system32\dhcpcsvc.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\Secur32.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\rsaenh.dll *c:\windows\system32\wzcsvc.dll *c:\windows\system32\rtutils.dll *c:\windows\system32\WMI.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *c:\windows\system32\WTSAPI32.dll *c:\windows\system32\ESENT.dll *C:\WINDOWS\system32\WLDAP32.dll *c:\windows\system32\NETAPI32.dll *C:\WINDOWS\System32\rastls.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\CRYPTUI.dll *C:\WINDOWS\System32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\SCHANNEL.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\WinSCard.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\raschap.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *c:\windows\system32\schedsvc.dll *c:\windows\system32\NTDSAPI.dll *C:\WINDOWS\System32\MSIDLE.DLL *c:\windows\system32\audiosrv.dll *c:\windows\system32\wkssvc.dll *c:\windows\system32\qmgr.dll *C:\WINDOWS\system32\MPR.dll *c:\windows\system32\SHFOLDER.dll *c:\windows\system32\WINHTTP.dll *c:\windows\system32\cryptsvc.dll *c:\windows\system32\certcli.dll *c:\windows\system32\srvsvc.dll *c:\windows\pchealth\helpctr\binaries\pchsvc.dll *c:\windows\system32\es.dll *c:\windows\system32\ersvc.dll *c:\windows\system32\netman.dll *C:\WINDOWS\System32\winspool.drv *c:\windows\system32\seclogon.dll *c:\windows\system32\srsvc.dll *c:\windows\system32\POWRPROF.dll *c:\windows\system32\sens.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\system32\NETSHELL.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\upnp.dll *C:\WINDOWS\System32\SSDPAPI.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *c:\windows\system32\tapisrv.dll *c:\windows\system32\PSAPI.DLL *c:\windows\system32\trkwks.dll *c:\windows\system32\w32time.dll *c:\windows\system32\MSVCP60.dll *c:\windows\system32\wbem\wmisvc.dll *C:\WINDOWS\System32\VSSAPI.DLL *c:\windows\system32\browser.dll *c:\windows\system32\wuauserv.dll *C:\WINDOWS\System32\wuaueng.dll *C:\WINDOWS\System32\ADVPACK.dll *C:\WINDOWS\System32\Cabinet.dll *C:\WINDOWS\System32\mspatcha.dll *C:\WINDOWS\System32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\system32\comsvcs.dll *C:\WINDOWS\system32\MTXCLU.DLL *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\colbact.DLL *C:\WINDOWS\System32\CLUSAPI.DLL *C:\WINDOWS\System32\RESUTILS.DLL *C:\WINDOWS\System32\mtxoci.dll *c:\windows\system32\rasmans.dll *c:\windows\system32\WINIPSEC.DLL *c:\windows\system32\netcfgx.dll *C:\WINDOWS\System32\rastapi.dll *C:\WINDOWS\System32\unimdm.tsp *C:\WINDOWS\System32\uniplat.dll *C:\WINDOWS\System32\unimdmat.dll *C:\WINDOWS\System32\modemui.dll *C:\WINDOWS\System32\kmddsp.tsp *C:\WINDOWS\System32\ndptsp.tsp *C:\WINDOWS\System32\ipconf.tsp *C:\WINDOWS\System32\h323.tsp *C:\WINDOWS\System32\hidphone.tsp *C:\WINDOWS\System32\HID.DLL *C:\WINDOWS\System32\rasppp.dll *C:\WINDOWS\System32\ntlsapi.dll *c:\windows\system32\ipnathlp.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\system32\WBEM\wbemcore.dll *C:\WINDOWS\system32\WBEM\esscli.dll *C:\WINDOWS\system32\WBEM\FastProx.dll *C:\WINDOWS\System32\wbem\wmiutils.dll *C:\WINDOWS\System32\wbem\repdrvfs.dll *C:\WINDOWS\System32\wbem\wmiprvsd.dll *C:\WINDOWS\System32\NCObjAPI.DLL *C:\WINDOWS\System32\wbem\wbemess.dll *c:\windows\system32\termsrv.dll *c:\windows\system32\ICAAPI.dll *c:\windows\system32\AUTHZ.dll *c:\windows\system32\mstlsapi.dll *C:\WINDOWS\System32\REGAPI.dll *C:\WINDOWS\System32\RASDLG.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\wbem\ncprov.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\mlang.dll *C:\WINDOWS\System32\wbem\wbemsvc.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\System32\xactsrv.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\wups.dll *C:\WINDOWS\System32\dssenh.dll *C:\WINDOWS\System32\wups2.dll *C:\WINDOWS\System32\catsrvut.dll *C:\WINDOWS\System32\MfcSubs.dll *C:\WINDOWS\System32\catsrv.dll *C:\WINDOWS\System32\msxml3.dll *C:\WINDOWS\System32\cryptnet.dll *C:\WINDOWS\System32\sensapi.dll *C:\WINDOWS\System32\wbem\wbemprox.dll *C:\WINDOWS\System32\actxprxy.dll +1408=C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\UXTHEME.DLL *C:\WINDOWS\System32\rsaenh.dll +1592=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *c:\windows\system32\dnsrslvr.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll +1624=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *c:\windows\system32\lmhsvc.dll *C:\WINDOWS\system32\msvcrt.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\webclnt.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\wsock32.dll *c:\windows\system32\ssdpsrv.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\uxtheme.dll +216=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\SYMREDIR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\SymNeti.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\DBGHELP.DLL *C:\WINDOWS\System32\IMM32.DLL *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\netapi32.dll *C:\Program Files\Common Files\Symantec Shared\ccSet.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\Program Files\Common Files\Symantec Shared\DPHTML.dll *C:\Program Files\Common Files\Symantec Shared\DPJS.dll *C:\Program Files\Common Files\Symantec Shared\DPVBS.dll *C:\Program Files\Common Files\Symantec Shared\PFAdBlk.dll *C:\Program Files\Common Files\Symantec Shared\PFMisc.dll *C:\Program Files\Common Files\Symantec Shared\PFPriv.dll *C:\Program Files\Common Files\Symantec Shared\PFSec.dll *C:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll *C:\Program Files\Common Files\Symantec Shared\DPHTTP.dll *C:\Program Files\Common Files\Symantec Shared\PxyIM.dll *C:\Program Files\Common Files\Symantec Shared\ccProSub.dll *C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll *C:\Program Files\Common Files\Symantec Shared\ccLogin.dll *C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll *C:\Program Files\Common Files\Symantec Shared\ccCharCv.dll +228=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\DBGHELP.DLL *C:\WINDOWS\System32\IMM32.DLL *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\WTSAPI32.DLL *C:\WINDOWS\System32\WINSTA.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\netapi32.dll *C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll +276=C:\Program Files\Norton Internet Security\ISSVC.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\System32\SymNeti.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\Program Files\Norton Internet Security\NISRES.DLL *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\DBGHELP.DLL *C:\WINDOWS\System32\IMM32.DLL *C:\WINDOWS\System32\Secur32.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\netapi32.dll *C:\Program Files\Norton Internet Security\ObrkData.dll *C:\WINDOWS\system32\WININET.dll *C:\Program Files\Common Files\Symantec Shared\ccSet.dll *C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll *C:\Program Files\Common Files\Symantec Shared\ccProSub.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\RASAPI32.DLL *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\sensapi.dll +288=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\System32\SymNeti.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\RASAPI32.DLL *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL +308=C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\DBGHELP.DLL *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\secur32.dll *C:\WINDOWS\System32\netapi32.dll *C:\Program Files\Common Files\Symantec Shared\ccSet.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll +412=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\DBGHELP.DLL *C:\WINDOWS\System32\IMM32.DLL *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\netapi32.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\WTSAPI32.DLL *C:\WINDOWS\System32\WINSTA.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSPMEVT.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL *C:\Program Files\Common Files\Symantec Shared\ccSet.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL *C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\SYSTEM32\SYMNETI.DLL *C:\WINDOWS\SYSTEM32\MSVCP60.dll +660=C:\WINDOWS\Explorer.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\BROWSEUI.dll *C:\WINDOWS\System32\SHDOCVW.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\System32\themeui.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\MSIMG32.dll *C:\WINDOWS\system32\USERENV.dll *C:\PROGRA~1\WINDOW~2\wmpband.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\LINKINFO.dll *C:\WINDOWS\System32\ntshrui.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\system32\NETSHELL.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\System32\webcheck.dll *C:\WINDOWS\System32\stobject.dll *C:\WINDOWS\System32\BatMeter.dll *C:\WINDOWS\System32\POWRPROF.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\wdmaud.drv *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\msacm32.drv *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\System32\midimap.dll *C:\WINDOWS\System32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\PROGRA~1\WINZIP\WZSHLSTB.DLL *C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll *C:\WINDOWS\System32\ATL71.DLL *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll *C:\WINDOWS\avshlext.dll *C:\WINDOWS\System32\syncui.dll *C:\WINDOWS\System32\mydocs.dll *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\davclnt.dll *C:\WINDOWS\System32\printui.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\CFGMGR32.dll *C:\WINDOWS\System32\fxsst.dll *C:\WINDOWS\System32\FXSAPI.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\shdoclc.dll *C:\WINDOWS\System32\browselc.dll *C:\WINDOWS\System32\DUSER.dll *C:\WINDOWS\System32\igfxpph.dll *C:\WINDOWS\System32\hccutils.DLL *C:\WINDOWS\System32\igfxres.dll *C:\WINDOWS\System32\igfxsrvc.dll *C:\WINDOWS\System32\igfxdev.dll *C:\WINDOWS\System32\MSGINA.dll *C:\WINDOWS\System32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\System32\odbcint.dll *C:\WINDOWS\System32\sti.dll *C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx *C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *C:\WINDOWS\System32\olepro32.dll *C:\WINDOWS\system32\dla\tfswshx.dll *C:\WINDOWS\System32\tfswapi.dll *C:\WINDOWS\system32\dla\tfswcres.dll *C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll +1232=C:\WINDOWS\system32\LEXBCES.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\VERSION.dll +1312=C:\WINDOWS\system32\spoolsv.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SPOOLSS.DLL *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\localspl.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\winspool.drv *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\cnbjmon.dll *C:\WINDOWS\system32\FXSMON.DLL *C:\WINDOWS\system32\FXSEVENT.dll *C:\WINDOWS\system32\pjlmon.dll *C:\WINDOWS\system32\tcpmon.dll *C:\WINDOWS\system32\usbmon.dll *C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBKPP5C.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\win32spl.dll *C:\WINDOWS\system32\NETRAP.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\inetpp.dll *C:\WINDOWS\system32\icmp.dll *C:\WINDOWS\system32\iphlpapi.DLL +1316=C:\WINDOWS\system32\LEXPPS.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\LEXBCE.DLL +1448=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\OLE32.DLL *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\uxtheme.dll +1492=C:\WINDOWS\System32\hkcmd.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\System32\hccutils.DLL *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\igfxdev.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\igfxsrvc.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\igfxres.dll *C:\WINDOWS\System32\igfxhk.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll +1188=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll +1600=C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll +1632=C:\Program Files\Common Files\Symantec Shared\ccApp.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\DBGHELP.DLL *C:\WINDOWS\System32\uxtheme.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\secur32.dll *C:\WINDOWS\System32\netapi32.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASADIPLG.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASAEMSCN.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLOADER.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL *C:\WINDOWS\System32\MSWSOCK.dll *C:\Program Files\Common Files\Symantec Shared\AntiSpam\asSetHlp.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\PROGRA~1\NORTON~1\ISLALERT.DLL *C:\PROGRA~1\NORTON~1\NISRES.DLL *C:\WINDOWS\system32\WININET.dll *C:\PROGRA~1\NORTON~1\NISPROD.DLL *C:\Program Files\Common Files\Symantec Shared\ccSet.dll *C:\Program Files\Common Files\Symantec Shared\AntiSpam\asAuAdIm.dll *C:\WINDOWS\System32\SYMREDIR.DLL *C:\PROGRA~1\NORTON~1\NISTRAY.DLL *C:\PROGRA~1\NORTON~1\NISALERT.DLL *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\SymNeti.DLL *C:\WINDOWS\System32\MSVCP60.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll *C:\PROGRA~1\NORTON~1\NORTON~1\CCIMSCAN.DLL *C:\WINDOWS\System32\ATL71.DLL *C:\Program Files\Common Files\Symantec Shared\ccProSub.dll *C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL *C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.DLL *C:\PROGRA~1\NORTON~1\NORTON~1\apwutil.dll *C:\PROGRA~1\NORTON~1\NORTON~1\SAVRT32.DLL *C:\Program Files\Norton Internet Security\NISLCOM.dll *C:\PROGRA~1\NORTON~1\NORTON~1\NAVOPTRF.DLL *C:\PROGRA~1\NORTON~1\NORTON~1\STATUSHP.DLL *C:\Program Files\Common Files\Symantec Shared\ccLogin.dll *C:\Program Files\Common Files\Symantec Shared\AntiSpam\asFilter.dll *C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL *C:\WINDOWS\System32\WINSPOOL.DRV *C:\PROGRA~1\NORTON~1\NORTON~1\NAVTasks.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\System32\mstask.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\xpsp2res.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVError.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\SHFOLDER.DLL *C:\Program Files\Common Files\Symantec Shared\AntiSpam\asUniPlg.dll *C:\WINDOWS\System32\MAPI32.dll *C:\Program Files\Messenger\msgsc.dll *C:\Program Files\Common Files\Symantec Shared\AntiSpam\asRes.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\apwcmdnt.dll *C:\Program Files\Common Files\Symantec Shared\AntiSpam\asSpmEvt.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\ccAVMail.dll *C:\Program Files\Norton Internet Security\ccEmlflt.dll *C:\Program Files\Norton Internet Security\ObrkData.dll *C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll *C:\Program Files\Norton Internet Security\ObrkAV.dll *C:\PROGRA~1\NORTON~1\NORTON~1\NAVSTATS.dll *C:\WINDOWS\System32\actxprxy.dll *C:\Program Files\Norton Internet Security\ObrkIDS.dll *C:\Program Files\Norton Internet Security\SymFWAgt.dll *C:\Program Files\Norton Internet Security\SFWAlert.dll *C:\Program Files\Norton Internet Security\ccFWSetg.dll *C:\Program Files\Norton Internet Security\TLevel.dll *C:\WINDOWS\System32\msxml3.dll *C:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll *C:\PROGRA~1\NORTON~1\NORTON~1\N32Exclu.dll *C:\PROGRA~1\NORTON~1\NORTON~1\S32NAVO.DLL *C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSCR.dll *C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL *C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL *C:\WINDOWS\System32\msident.dll *C:\WINDOWS\System32\msidntld.dll *C:\WINDOWS\System32\PSTOREC.DLL *C:\WINDOWS\System32\ATL.DLL *C:\Program Files\Common Files\Symantec Shared\ccPwd.dll +1888=C:\Program Files\Logitech\MouseWare\system\em_exec.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Logitech\MouseWare\system\EVENTEX.dll *C:\WINDOWS\System32\COMNCTR.dll *C:\Program Files\Logitech\MouseWare\system\MFC42.DLL *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\IMM32.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\Program Files\Logitech\MouseWare\system\ccresrce.dll *C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Logitech\MouseWare\System\devices.dll *C:\Program Files\Logitech\MouseWare\system\ccstmglb.dll *C:\Program Files\Logitech\MouseWare\system\ccustom.dll *C:\Program Files\Logitech\MouseWare\system\ccmsghk.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll +116=C:\WINDOWS\System32\alg.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\MSWSOCK.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\netshell.dll *C:\WINDOWS\System32\credui.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\System32\DHCPCSVC.DLL *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll +428=C:\Program Files\Yahoo!\Antivirus\ISafe.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\iSafProd.dll *C:\Program Files\Yahoo!\Antivirus\Arclib.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\Program Files\Yahoo!\Antivirus\ISafeEngine.dll +572=C:\WINDOWS\System32\CTsvcCDA.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll +612=C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT32.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\DBGHELP.DLL *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\secur32.dll *C:\WINDOWS\System32\netapi32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\quar32.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\S32NAVO.DLL *C:\WINDOWS\system32\comdlg32.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\qspak32.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVNTUTL.DLL *C:\Program Files\Common Files\Symantec Shared\ccScan.dll *C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL *C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050810.004\ecmsvr32.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050810.004\NAVEX32a.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050810.004\NAVENG32.DLL *C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAP32.DLL +1656=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *c:\windows\system32\wiaservc.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\OLE32.DLL *C:\WINDOWS\system32\SHLWAPI.dll *c:\windows\system32\CFGMGR32.dll *C:\WINDOWS\System32\setupapi.dll *C:\WINDOWS\system32\USERENV.dll *c:\windows\system32\mscms.dll *c:\windows\system32\WINSPOOL.DRV *c:\windows\system32\WINSTA.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\P1131Sti.dll *C:\WINDOWS\System32\ksproxy.ax *C:\WINDOWS\System32\ksuser.dll *C:\WINDOWS\System32\WIAFBDRV.DLL *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\System32\devenum.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\Program Files\Dell AIO Printer A920\dlbkmcro.dll *C:\Program Files\Dell AIO Printer A920\ConvDIB.dll *C:\WINDOWS\System32\kswdmcap.ax *C:\WINDOWS\System32\MFC42.DLL *C:\WINDOWS\system32\COMCTL32.dll *C:\Program Files\Dell AIO Printer A920\rtscan.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\System32\sti.dll +1860=C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\user32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\oleaut32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\OLE32.DLL *C:\WINDOWS\system32\mpr.dll *C:\WINDOWS\system32\version.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\wininet.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\System32\wsock32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\system32\IMAGEHLP.DLL *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\WINDOWS\System32\olepro32.dll *C:\WINDOWS\System32\vdmdbg.dll *C:\WINDOWS\System32\wtsapi32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\netapi32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\davclnt.dll *C:\WINDOWS\System32\PSAPI.dll +2288=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\SHLWAPI.dll *C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll *C:\WINDOWS\System32\MSVCR71.DLL *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll +2424=C:\WINDOWS\System32\wdfmgr.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\Secur32.dll +2496=C:\Program Files\Yahoo!\Antivirus\VetMsg.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\Program Files\Yahoo!\Antivirus\DriverIf.dll *C:\Program Files\Yahoo!\Antivirus\VetNtMsg.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\version.dll *C:\WINDOWS\System32\iSafProd.dll *C:\Program Files\Yahoo!\Antivirus\vete.dll +2568=C:\WINDOWS\System32\MsPMSPSv.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\SAMLIB.dll +3808=C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT32.DLL *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\Program Files\Common Files\Symantec Shared\ccScan.dll *C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL *C:\WINDOWS\System32\MSVCP71.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050810.004\ecmsvr32.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050810.004\NAVEX32a.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050810.004\NAVENG32.DLL *C:\WINDOWS\System32\Crypt32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\secur32.dll *C:\WINDOWS\System32\netapi32.dll *C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAP32.DLL *C:\Program Files\Common Files\Symantec Shared\Decomposers\DECSDK.DLL *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll *C:\WINDOWS\system32\WININET.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll *C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll +2712=C:\WINDOWS\System32\sstext3d.scr *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\COMCTL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\d3d8.dll *C:\WINDOWS\System32\d3d8thk.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\uxtheme.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll +2156=C:\Program Files\Messenger\msmsgs.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\COMCTL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\version.dll *C:\WINDOWS\System32\uxtheme.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\Messenger\MSGSLANG.DLL *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\wtsapi32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\PROGRA~1\MESSEN~1\rtcimsp.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\rtcdll.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\termmgr.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\quartz.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\dxmrtp.dll *C:\WINDOWS\System32\MSVFW32.dll *C:\WINDOWS\System32\DSOUND.dll *C:\WINDOWS\System32\PSAPI.DLL *C:\WINDOWS\System32\devenum.dll *C:\WINDOWS\System32\setupapi.dll *C:\WINDOWS\System32\wdmaud.drv *C:\WINDOWS\System32\msacm32.drv *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\System32\midimap.dll *C:\WINDOWS\System32\dpnhupnp.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\System32\rasapi32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\netshell.dll *C:\WINDOWS\System32\credui.dll *C:\WINDOWS\System32\DHCPCSVC.DLL *C:\WINDOWS\System32\wbem\wbemprox.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\wbem\wbemsvc.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\System32\wbem\fastprox.dll *C:\WINDOWS\System32\netcfgx.dll *C:\WINDOWS\System32\CLUSAPI.dll *C:\WINDOWS\System32\es.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\System32\wintrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\schannel.dll *C:\WINDOWS\System32\sensapi.dll *C:\WINDOWS\System32\dssenh.dll +2720=C:\WINDOWS\System32\wuauclt.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\COMCTL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\wuaucpl.cpl *C:\WINDOWS\System32\SHFOLDER.dll *C:\WINDOWS\System32\wuaueng.dll *C:\WINDOWS\System32\ADVPACK.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\ESENT.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WINHTTP.dll *C:\WINDOWS\System32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\Cabinet.dll *C:\WINDOWS\System32\mspatcha.dll *C:\WINDOWS\System32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\System32\MSIMG32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\wups.dll *C:\WINDOWS\System32\wups2.dll *C:\WINDOWS\System32\wucltui.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll +880=C:\Program Files\Yahoo!\browser\ybrowser.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Yahoo!\browser\YBrwRes.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSVCR70.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\COMCTL32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\PROGRA~1\Yahoo!\browser\ybskin.dll *C:\WINDOWS\System32\msxml3.dll *C:\Program Files\Yahoo!\browser\ytbctl.dll *C:\Program Files\Yahoo!\browser\ypopupblocker.dll *C:\Program Files\Yahoo!\browser\YCommon.Dll *C:\WINDOWS\System32\RASAPI32.DLL *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\shdocvw.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\appHelp.dll *C:\Program Files\Yahoo!\browser\yuc.dll *C:\WINDOWS\System32\MLANG.dll *C:\WINDOWS\System32\shdoclc.dll *C:\WINDOWS\System32\MSRATING.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\msratelc.dll *C:\WINDOWS\System32\mshtml.dll *C:\PROGRA~1\Yahoo!\browser\ybcomp.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\Program Files\Yahoo!\browser\YCommonPS.dll *C:\WINDOWS\System32\msimtf.dll *C:\WINDOWS\System32\MSCTF.dll *C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll *C:\WINDOWS\System32\MSVCP71.dll *C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll *C:\Program Files\Common Files\Symantec Shared\ccL30.dll *C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll *C:\WINDOWS\System32\WinTrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\userenv.dll *c:\windows\system32\jscript.dll *C:\WINDOWS\System32\sensapi.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\System32\MSLS31.DLL *C:\WINDOWS\System32\IMM32.DLL *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\Program Files\Yahoo!\browser\ylocalinfo.dll *C:\WINDOWS\System32\dxtrans.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\ddrawex.dll *C:\WINDOWS\System32\DDRAW.dll *C:\WINDOWS\System32\DCIMAN32.dll *C:\WINDOWS\System32\dxtmsft.dll *C:\WINDOWS\System32\imgutil.dll *C:\WINDOWS\System32\mshtmled.dll *C:\WINDOWS\System32\asycfilt.dll *c:\windows\system32\vbscript.dll *C:\WINDOWS\System32\macromed\flash\Flash.ocx *C:\WINDOWS\System32\wdmaud.drv *C:\WINDOWS\System32\msacm32.drv *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\System32\midimap.dll *C:\WINDOWS\System32\iepeers.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\System32\plugin.ocx +3492=C:\PROGRA~1\Yahoo!\browser\ycommon.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\serwvdrv.dll *C:\WINDOWS\System32\umdmxfrm.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\PROGRA~1\Yahoo!\browser\YCommon.Dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\MSVCR70.dll *C:\WINDOWS\System32\uxtheme.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\Program Files\Yahoo!\browser\YCommonPS.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\wsock32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\RASAPI32.DLL *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\System32\sensapi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\System32\VetRedir.dll *C:\WINDOWS\System32\ISafeIf.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\msxml3.dll +164=C:\Program Files\Yahoo!\browser\ybrwicon.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\System32\MSVCR70.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll *C:\WINDOWS\System32\uxtheme.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\Program Files\Yahoo!\browser\YBrwRes.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\Program Files\Yahoo!\browser\YCommonPS.dll *C:\WINDOWS\System32\msi.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll +3368=C:\Highjack This\StartDreck.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Highjack This\VB40032.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\System32\MSVCRT20.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\System32\OLEPRO32.DLL *C:\Highjack This\VB4DE32.DLL *C:\WINDOWS\System32\uxtheme.dll *C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll *C:\WINDOWS\System32\MSVCR71.dll *C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll *C:\WINDOWS\System32\MSVCP60.dll *C:\Highjack This\PSAPI.DLL »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User i hope this is ok for you to understand, I'm sorry for any trouble! Thanks again!! |
|
|
|
|
08-13-2005, 04:24 PM
|
#6 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
oh yeah i forgot!
when I try to download the silentrunners i get a windows error. I did however save it to the same folder as the hijackthis stuff and that might be why I don't know but at any rate this is what the error says:
Script: C:\Hijack This\Silent Runners.vbs Line: 84 Char: 13 Error: Could not create object named "WScript.Shell" Code: 800040111 Source: WScript.CreateObject I'm not sure about this but I'm sure you can help steer me in the right direction. Thanks so much for your help!!!! And I apologize for the confusion! |
|
|
|
|
08-14-2005, 02:38 AM
|
#7 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. Reboot/logoff when prompted Navigate to this file and open it with wordpad....C:\WINDOWS\wininit.ini Delete the entrys below and then save the file... `NUL=C:\WINDOWS\wupdsnff.exe `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NU=C:\DOCUME~1\Greg\LOCALS~1\Temp\sp2reg.exe C:\WINDOWS\wupdsnff.exe<--locate and delete that file Reboot back to normal windows. Download Silent Runner Red Run that script once. Then rerun the standard silentrunners your first downloaded and post it's log. Were is the Panda scan I asked for??
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-14-2005, 11:05 AM
|
#8 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
sorry here is the panda active scan
I'm sorry I thought I included this one I had to redo the other one like 10 times in order to make it fit so I must have missed it. Sorry again!
Incident Status Location Spyware:spyware/betterinet No disinfected C:\WINDOWS\SYSTEM32\in10b6s.dll Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe Adware:adware/ncase No disinfected C:\TEMP\FLEOK Adware:adware/savenow No disinfected Windows Registry Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Close fork meal army\BALMITCH.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Close fork meal army\Cool Setup.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Close fork meal army\Less Book.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Close fork meal army\Program kind.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Application Data\safe 16 team\Debug shim.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Application Data\safe 16 team\Fork bows ping.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Application Data\safe 16 team\rmfbeqnf.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Application Data\Sixth Tons Trust\slow book.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Local Settings\Temp\cdcnjwqm.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Local Settings\Temp\Inside Program.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Local Settings\Temp\ndjfners.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Local Settings\Temp\sta13.exe Adware:Adware/Lop No disinfected C:\Documents and Settings\Gavin\Local Settings\Temp\sta61.exe Adware:Adware/SAHAgent No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041221195059.zip[xmltok_.dll] Spyware:Spyware/New.net No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20050122173736.zip[NDNuninstall6_38.exe] Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000019.exe Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000026.dll Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe okm this should be it sorry again for the delay! |
|
|
|
|
08-14-2005, 06:54 PM
|
#9 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
i have a problem
ok I downloaded the cleanup program and ran it just fine, and i deleted those files except i couldn't locate this one C:\WINDOWS\wupdsnff.exe, and when trying to download the silentrunners red i get a script error again saying this:
Script: C:\documents and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\WDAXWT@H\Silent%20Runners%20RED[1].vbs Line: 50 Char: 13 Error: Could not create object named "WScript.Shell". Code: 80040111 Source: WScript.CreateObject And I tried to run the other silentrunners (the first one you gave me) and I still get that same error as before. I'm not sure if it's me or this is something to be expected, but hopefully we can figure it out. I thank you so much again for helping me and replying so soon, you been a great help!! THANK YOU! |
|
|
|
|
08-15-2005, 01:52 AM
|
#10 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Ok..
Make sure you have any script blocking software (Like Norton/Symantec) disabled...otherwise it blocks the script from running. If you still can't get it to work...lets try another approach... Open hijackthis...click...config..misctools. Check the 2 box’s next to "Generate Startup List" and then click "Generate Startup List". Post that log in your next post Also... Download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and past it here in your reply.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-15-2005, 06:16 AM
|
#11 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
ok I completely disabled norton and the silentrunners programs (I tried both of them) will still not run. But here are the 2 logs you requested:
StartupList report, 8/15/2005, 7:08:48 AM StartupList version: 1.52.2 Started from : C:\Highjack This\HJT.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\PROGRA~1\Yahoo!\browser\YBrowser.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Highjack This\HJT.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Greg\Start Menu\Programs\Startup] TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe Dell AIO Printer A920 = "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe Logitech Utility = Logi_MwX.Exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime YOP = C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart MISAggregator = ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer BootSkin Startup Jobs = "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs RegistryMechanic = SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Program Files\Yahoo!\Common\YIeTagBm.dll - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll - {C333CF63-767F-4831-94AC-E683D962C63C} (no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -------------------------------------------------- Enumerating Task Scheduler jobs: 8610F022900B8A7A.job AA2D55BC9BB2C6A4.job ABE3B49E91AC2A5A.job AC14823191B33539.job AE2B5CB492A4D984.job AE812B56903ADB7E.job AEA521DD9612F835.job AEED41B59026F889.job AEF7F0E391846127.job B6FB743799F8EA97.job B830D1B8981747D0.job BBA5ABB690525316.job BFB8AC1B83CB5CFB.job Norton AntiVirus - Scan my computer - Greg.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab [Windows Genuine Advantage] InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.dll CODEBASE = http://go.microsoft.com/fwlink/?link...67&clcid=0x409 [WXcom Class] CODEBASE = http://us.dl1.yimg.com/download.yaho...tr_current.cab [McAfee.com Operating System Class] CODEBASE = http://download.mcafee.com/molbin/sh...4/mcinsctl.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsu...?1120765339922 [CLOActiveXInstaller Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\CLOACT~1.OCX CODEBASE = http://www.igl.net/clo/install/CLOAc...allerProj1.cab [Yahoo! Webcam Upload Wrapper] InProcServer32 = C:\WINDOWS\Downloaded Program Files\yuplapp.dll CODEBASE = http://chat.yahoo.com/cab/yuplapp.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://www.pandasoftware.com/actives...ree/asinst.cab [DwnldGroupMgr Class] InProcServer32 = C:\WINDOWS\System32\McGDMgr.dll CODEBASE = http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://fpdownload.macromedia.com/get...sh/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: C:\WINDOWS\System32\VetRedir.dll Protocol #2: C:\WINDOWS\System32\VetRedir.dll Protocol #3: C:\WINDOWS\System32\VetRedir.dll Protocol #17: C:\WINDOWS\System32\VetRedir.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 9,267 bytes Report generated in 0.109 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only _________________________________________________________________ StartupList report, 8/15/2005, 7:08:48 AM StartupList version: 1.52.2 Started from : C:\Highjack This\HJT.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\PROGRA~1\Yahoo!\browser\YBrowser.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Highjack This\HJT.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Greg\Start Menu\Programs\Startup] TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe IgfxTray = C:\WINDOWS\System32\igfxtray.exe HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe Dell AIO Printer A920 = "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe Logitech Utility = Logi_MwX.Exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime YOP = C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart MISAggregator = ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer BootSkin Startup Jobs = "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs RegistryMechanic = SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Program Files\Yahoo!\Common\YIeTagBm.dll - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll - {C333CF63-767F-4831-94AC-E683D962C63C} (no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -------------------------------------------------- Enumerating Task Scheduler jobs: 8610F022900B8A7A.job AA2D55BC9BB2C6A4.job ABE3B49E91AC2A5A.job AC14823191B33539.job AE2B5CB492A4D984.job AE812B56903ADB7E.job AEA521DD9612F835.job AEED41B59026F889.job AEF7F0E391846127.job B6FB743799F8EA97.job B830D1B8981747D0.job BBA5ABB690525316.job BFB8AC1B83CB5CFB.job Norton AntiVirus - Scan my computer - Greg.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab [Shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab [Windows Genuine Advantage] InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.dll CODEBASE = http://go.microsoft.com/fwlink/?link...67&clcid=0x409 [WXcom Class] CODEBASE = http://us.dl1.yimg.com/download.yaho...tr_current.cab [McAfee.com Operating System Class] CODEBASE = http://download.mcafee.com/molbin/sh...4/mcinsctl.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsu...?1120765339922 [CLOActiveXInstaller Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\CLOACT~1.OCX CODEBASE = http://www.igl.net/clo/install/CLOAc...allerProj1.cab [Yahoo! Webcam Upload Wrapper] InProcServer32 = C:\WINDOWS\Downloaded Program Files\yuplapp.dll CODEBASE = http://chat.yahoo.com/cab/yuplapp.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://www.pandasoftware.com/actives...ree/asinst.cab [DwnldGroupMgr Class] InProcServer32 = C:\WINDOWS\System32\McGDMgr.dll CODEBASE = http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://fpdownload.macromedia.com/get...sh/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: C:\WINDOWS\System32\VetRedir.dll Protocol #2: C:\WINDOWS\System32\VetRedir.dll Protocol #3: C:\WINDOWS\System32\VetRedir.dll Protocol #17: C:\WINDOWS\System32\VetRedir.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 9,267 bytes Report generated in 0.109 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
|
|
|
|
08-15-2005, 06:24 AM
|
#12 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
sorry
here is the other log you needed, I don't know how i keep messing this up, I apologize for the trouble. here is the findlop.txt:
[TRACE] Enumerating jobs and queues [TRACE] Activating job '8610F022900B8A7A.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/18/1996 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AA2D55BC9BB2C6A4.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/10/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'ABE3B49E91AC2A5A.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/17/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AC14823191B33539.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/08/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AE2B5CB492A4D984.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/05/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AE812B56903ADB7E.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\greg\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/03/1995 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AEA521DD9612F835.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\audrey\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'audrey' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/15/1998 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AEED41B59026F889.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/24/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AEF7F0E391846127.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/10/1996 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'B6FB743799F8EA97.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/25/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'B830D1B8981747D0.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\audrey\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'audrey' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/17/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'BBA5ABB690525316.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/09/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'BFB8AC1B83CB5CFB.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/15/2005 8:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/08/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Norton AntiVirus - Scan my computer - Greg.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/19/2005 20:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 07/23/2005 EndDate: 00/00/0000 StartTime: 20:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate' Comment: 'Symantec NetDetect' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/15/2005 4:32:00 NextRun: 08/15/2005 8:33:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 08/15/2005 EndDate: 00/00/0000 StartTime: 08:33 MinutesDuration: 1440 MinutesInterval: 240 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 ok finally there it is. |
|
|
|
|
08-15-2005, 01:35 PM
|
#13 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Download, install, and update Ewido Security Suite
After the updates are installed, exit Ewido Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip DISCONNECT this PC from any internet access! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. Reboot/logoff when prompted. Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Now open your Task Scheduler and delete the following jobs! 8610F022900B8A7A.job AA2D55BC9BB2C6A4.job ABE3B49E91AC2A5A.job AC14823191B33539.job AE2B5CB492A4D984.job AE812B56903ADB7E.job AEA521DD9612F835.job AEED41B59026F889.job AEF7F0E391846127.job B6FB743799F8EA97.job B830D1B8981747D0.job BBA5ABB690525316.job BFB8AC1B83CB5CFB.job Now delete the following files/folders. c:\docume~1\gavin\applic~1\safe16~1 c:\progra~1\safe16~1 c:\docume~1\greg\applic~1\safe16~1 c:\docume~1\audrey\applic~1\safe16~1 c:\docume~1\gavin\applic~1\safe16~1 C:\Documents and Settings\All Users\Application Data\Close fork meal army C:\Documents and Settings\Gavin\Application Data\Sixth Tons Trust *note* Check each of your users and ALL users Program and Application Data folders for any strange named folders..like the ones we are deleting (safe 16 team, Close fork meal army, Sixth Tons Trust) as this infection installs these in each account on the PC including the users, ALL users, Admin..ect accounts. Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. C:\WINDOWS\SYSTEM32\in10b6s.dll C:\WINDOWS\NDNuninstall6_38.exe On the reboot..boot directly back to safe mode. Run Ewido:
Run Cleanup again and reboot/logoff. ONce back to normal mode... RECONNECT your internet connection. Please run an online scan at http://www.pandasoftware.com/actives..._principal.htm Select the “Autofix/Clean” option IF it’s found and save the activescan log. Then post that log in your next post along with the others. So I need.... Panda scan log Ewido log Hijackthis log findlop.bat log
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-15-2005, 06:01 PM
|
#14 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
just a quick question
ok where exactly do i find the task scheduler, and how do i go about finding the application and datd folders for all users? and do i need to run the hijackthis scan and the findlop.bat very last after deleting all these files? sorry for the trouble but i want to make sure i do exactly what you are telling me. THANKS!
|
|
|
|
|
08-16-2005, 08:37 AM
|
#15 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
panda,ewido,hijackthis,findlop
ok here are those scans, the only thing is i looked in the scheduled task folder located in the control panel, i assumed that was what you were meaning, and i did'nt see any of the jobs you had listed for me to deleted. i may be wrong but i hope not, and also i did delete the folders for ALL users in the application and datd folders i'm pretty sure. so here are the scans you requested:
EWIDO: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 12:32:09 AM, 8/16/2005 + Report-Checksum: 943839F8 + Scan result: C:\Program Files\Yahoo!\YPSR\Quarantine\20050122173736.zip/WINDOWS/NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned without backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq146.tmp -> Spyware.Cookie.Atdmt : Cleaned without backup C:\Program Files\Yahoo!\YPSR\Quarantine\ppq147.tmp -> Spyware.Cookie.Doubleclick : Cleaned without backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000019.exe -> Spyware.NewDotNet : Cleaned without backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000026.dll -> Spyware.NewDotNet : Cleaned without backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001085.dll -> Adware.eZula : Cleaned without backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001086.exe -> Spyware.NewDotNet : Cleaned without backup C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned without backup C:\WINDOWS\Temp\tmp1C.tmp -> Worm.VB.an : Error during cleaning ::Report End PANDA: Incident Status Location Adware:adware/ncase No disinfected C:\WINDOWS\180Solutions Adware:adware/savenow No disinfected Windows Registry Adware:Adware/SAHAgent No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041221195059.zip[xmltok_.dll] Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001053.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001054.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001055.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001056.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001057.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0001058.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004102.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004103.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004104.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004105.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004106.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004107.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004108.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004109.exe Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP9\A0004110.exe i will post the others in next window. |
|
|
|
|
08-16-2005, 08:41 AM
|
#16 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
HIJACKTHIS:
Logfile of HijackThis v1.99.1 Scan saved at 9:30:27 AM, on 8/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec .exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\Highjack This\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycom p5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A } - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872 } - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - blank (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88 } - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycom p5_6_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D 6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\Boot Skin.exe" /StartupJobs O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45 } - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467& clcid=0x409 O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/ dl/controls/ysftcntr/ysftcntr_current.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A2 1} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/ mcinsctl/en-us/4,0,0,84/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C } (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v 6/V5Controls/en/x86/client/wuweb_site.cab?1 120765339922 O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC } (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstal lerProj1.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48 } (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as 5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389 } (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/ mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr. exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Creative PD1130 RunApp Service (PD1131Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P1131Srv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIP T~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE FINDLOP.BAT: [TRACE] Enumerating jobs and queues [TRACE] Activating job '8610F022900B8A7A.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/18/1996 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AA2D55BC9BB2C6A4.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/10/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'ABE3B49E91AC2A5A.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/17/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AC14823191B33539.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/08/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AD4A09DD9181BD41.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_S_TASK_HAS_NOT_RUN ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/09/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AE2B5CB492A4D984.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/05/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AE812B56903ADB7E.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\greg\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/03/1995 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AEA521DD9612F835.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\audrey\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'audrey' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/15/1998 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AEED41B59026F889.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/24/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'AEF7F0E391846127.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/10/1996 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'B6FB743799F8EA97.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/25/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'B830D1B8981747D0.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\audrey\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'audrey' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 02/17/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'BBA5ABB690525316.job' [TRACE] Printing all job properties ApplicationName: 'c:\progra~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 10/09/2000 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'BFB8AC1B83CB5CFB.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\gavin\applic~1\safe16~1\Fork bows ping.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'Gavin' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/16/2005 10:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/08/1997 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Norton AntiVirus - Scan my computer - Greg.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/19/2005 20:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 07/23/2005 EndDate: 00/00/0000 StartTime: 20:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate' Comment: 'Symantec NetDetect' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/16/2005 8:36:00 NextRun: 08/16/2005 12:36:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 08/16/2005 EndDate: 00/00/0000 StartTime: 12:36 MinutesDuration: 1440 MinutesInterval: 240 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 If there is anything i left out let me know and I'll get it for you. Thanks again! |
|
|
|
|
08-16-2005, 07:15 PM
|
#17 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Please close the spacing on your post. The hijackthis log is unreadable. Also..delete the logs from the find.lop and run it again and post it's log. I think your posting the old log.
C:\WINDOWS\180Solutions <--delete that folder Without booting into safe mode...open task scheduler and look for those jobs. If found delete them.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-17-2005, 10:01 PM
|
#18 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
ok i hope this is better!
Logfile of HijackThis v1.99.1 Scan saved at 10:58:53 PM, on 8/17/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Yahoo!\Antivirus\ISafe.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Yahoo!\Antivirus\VetMsg.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Yahoo!\browser\ybrowser.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Highjack This\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - blank (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Startup: TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yaho...tr_current.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120765339922 O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOAc...allerProj1.cab O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Creative PD1130 RunApp Service (PD1131Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P1131Srv.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE --------------------------------------------------------------------------- [TRACE] Enumerating jobs and queues [TRACE] Activating job 'Norton AntiVirus - Scan my computer - Greg.job' [TRACE] Printing all job properties ApplicationName: 'C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe' Parameters: '/task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"' WorkingDirectory: '' Comment: 'This is a schedule scan task from Norton AntiVirus.' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 00/00/0000 0:00:00 NextRun: 08/19/2005 20:00:00 StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET ExitCode: 0 Status: SCHED_S_TASK_HAS_NOT_RUN ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Weekly WeeksInterval: 1 DaysOfTheWeek: .....F. StartDate: 07/23/2005 EndDate: 00/00/0000 StartTime: 20:00 MinutesDuration: 0 MinutesInterval: 0 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 [TRACE] Activating job 'Symantec NetDetect.job' [TRACE] Printing all job properties ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE' Parameters: '' WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate' Comment: 'Symantec NetDetect' Creator: 'Greg' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 08/16/2005 8:36:00 NextRun: 08/18/2005 0:36:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 0 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 08/16/2005 EndDate: 00/00/0000 StartTime: 12:36 MinutesDuration: 1440 MinutesInterval: 240 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0 ok that should be right, i did in fact find those jobs in scheduled tasks, they were in the hidden tasks folder. thanks! |
|
|
|
|
08-18-2005, 11:53 PM
|
#19 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7
|
Excellent work. Looks like we are almost there. Any problems?? Please post 1 more Panda scan...so I can make sure LOP is toast!
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-22-2005, 10:10 PM
|
#20 (permalink) |
|
Registered User
Join Date: Aug 2005
Location: Indianapolis, Indiana
Posts: 62
OS: windows xp
|
ok here is the panda scan, sorry for the long delay i was out of town but anyway here it is.
Incident Status Location Adware:adware/savenow No disinfected Windows Registry Adware:Adware/SAHAgent No disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041221195059.zip[xmltok_.dll] what do you think about uninstalling norton and trying another virus program? |
|
|
|
| Thread Tools | |
|
|
