|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-16-2005, 02:41 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
Please review Hijackthis log
Hi
I've used Adaware, Spybot and AVG. Some Trojans were caught and isolated, (Trojan Downloader, Riskware Net toolWin 32 PSKILL, and Adware Backewb.a & Sahat.n) but my PC keeps getting maxed CPU and runs very slow. Also have hard time getting to internet (DSL techs say teting OK) Here is my Hijack Analyzer log: Thank you for your help ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 4:18:35 PM, on 8/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Iomega\AutoDisk\ADUserMon.exe E:\Program Files\Iomega\DriveIcons\ImgIcon.exe E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe E:\Program Files\QuickTime\qttask.exe E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe E:\Program Files\HP\hpcoretech\hpcmpmgr.exe E:\WINDOWS\system32\hphmon05.exe E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe E:\Program Files\Microsoft Office\Office\OSA.EXE E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe E:\WINDOWS\System32\drivers\CDAC11BA.EXE E:\WINDOWS\System32\cisvc.exe E:\PROGRA~1\Iomega\System32\AppServices.exe C:\Marimba\CASTAN~1\Tuner.exe E:\WINDOWS\System32\svchost.exe C:\Marimba\CASTAN~1\lib\jre\bin\jre.exe E:\Program Files\Iomega\AutoDisk\ADService.exe E:\WINDOWS\system32\CCM\CcmExec.exe E:\WINDOWS\system32\HPZipm12.exe E:\WINDOWS\system32\cidaemon.exe E:\Program Files\Grisoft\AVG Free\avgcc.exe E:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe e:\program files\mcafee.com\agent\mcagent.exe E:\Program Files\MSN\MSNCoreFiles\msn.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\PROGRA~1\MOZILL~1\FIREFOX.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://eweb.verizon.com/home.shtml R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar_en_2.0.113-deleon.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll O4 - HKLM\..\Run: [ADUserMon] E:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [Motive SmartBridge] E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [MPFExe] E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] E:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MCAgentExe] e:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] e:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - Startup: Office Startup.lnk = E:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Marimba User Login.LNK = E:\WINDOWS\system32\wscript.exe O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://e:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {62360003-D8A7-418B-9DC6-2B9DE95273A0} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v8/0326/ticker.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://lopes.armstrong.com/ib/databa...image40803.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activ...oadControl.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{97755D23-1BE1-46C3-9456-40759517B4CD}: NameServer = 151.203.0.84 151.203.0.85 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ent.verizon.com,verizon.com,US1.ent.verizon.com,Bell-atl.com,Bellatlantic.com,NYNEX.com O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - E:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - E:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: Iomega App Services - Iomega Corporation - E:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Castanet Tuner 4.6 (Marimba) - Marimba, Inc. - C:\Marimba\CASTAN~1\Tuner.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam - Unknown owner - E:\PROGRA~1\symantec\LIVEUP~1\savroam.exe (file missing) O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - E:\Program Files\Iomega\AutoDisk\ADService.exe End of KRC HijackThis Analyzer Log. ==================================================================== |
|
     |
| Sponsored Links |
|
08-17-2005, 01:07 AM
|
#2 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2
  |
Download: StartDreck
Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread.. Download Silent runners.Vbs http://www.silentrunners.org/ 1. Make sure you have any script blocking software disabled 2. Run the program. It will take a few minutes to complete. 3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post. Please run an online scan at http://www.pandasoftware.com/actives..._principal.htm Once it has finished save the activescan log. Then post that log in your next post.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
   Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-17-2005, 04:19 AM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
Hi
here is the Startdeck log StartDreck (build 2.1.7 public stable) - 2005-08-17 @ 07:17:14 (GMT -04:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Nancy at NANCY-7KWMCA4TO »Registry »Run Keys »Current User »Run *LDM=\Program\BackWeb-8876480.exe »RunOnce »Default User »Run *AVG7_Run=E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE »RunOnce »Local Machine »Run *ADUserMon=E:\Program Files\Iomega\AutoDisk\ADUserMon.exe *Iomega Drive Icons=E:\Program Files\Iomega\DriveIcons\ImgIcon.exe *Deskup=E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART *Motive SmartBridge=E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe *MPFExe=E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe *Microsoft Works Update Detection=E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe *QuickTime Task="E:\Program Files\QuickTime\qttask.exe" -atboottime *TkBellExe="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot *HPDJ Taskbar Utility=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe *HPHUPD05=E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe *HP Component Manager="E:\Program Files\HP\hpcoretech\hpcmpmgr.exe" *HPHmon05=E:\WINDOWS\system32\hphmon05.exe *HP Software Update=E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe *AVG7_CC=E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP *MCAgentExe=e:\PROGRA~1\mcafee.com\agent\mcagent.exe *MCUpdateExe=E:\PROGRA~1\mcafee.com\agent\mcupdate.exe *AVG7_EMC=E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="E:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=E:\WINDOWS\System32\mshta.exe "%1" %* +.htm *FirefoxHTML=E:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.html *FirefoxHTML=E:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\wmp.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe +Fax/{8b15971b-5355-4c82-8c07-7e181ea07608} *StubPath=rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=E:\PROGRA~1\SPYBOT~1\SDHelper.dll *ST/{9394EDE7-C8B5-483E-8773-474BF36AF6E4} `InprocServer32=E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll *MSNToolBandBHO/{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} `InprocServer32=E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll »Internet Explorer »Current User *Local Page=E:\WINDOWS\system32\blank.htm *Search Bar= *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.msn.com/ *Window Title=Microsoft Internet Explorer provided by Verizon Online *SearchAssistant=http://ie.search.msn.com +SearchUrl *provider= *=http://home.microsoft.com/access/autosearch.asp?p=%s »Default User »Local Machine *Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=%SystemRoot%\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=E:\WINDOWS\System32\stobject.dll *UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1} `InprocServer32=E:\WINDOWS\system32\upnpui.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=E:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *E:\Documents and Settings\Nancy\Start Menu\Programs\Startup\desktop.ini *E:\Documents and Settings\Nancy\Start Menu\Programs\Startup\Office Startup.lnk »Default User *E:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini »Local Machine *E:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk *E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Marimba User Login.LNK »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *E:\boot.ini `[boot loader] `timeout=1 `default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn *C:\msdos.sys *E:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *E:\autoexec.bat `SET PATH=%PATH%;E:\PROGRA~1\E!OC *E:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 `lh %SystemRoot%\system32\nw16 `lh %SystemRoot%\system32\vwipxspx *E:\WINDOWS\wininit.ini `[rename] `NUL=E:\DOCUME~1\Nancy\LOCALS~1\Temp\randreco.exe `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\UNINST.EXE `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD7.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD6.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD5.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD4.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD3.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD2.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD1.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\7b3432.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\7b3428.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\_SETUP.LIB `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\WELCOME.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\PROTECT.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\PROPWIN.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\JAZTHANK.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\CTL3D.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\6D4133.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\_SETUP.LIB `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\WELCOME.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\PROTECT.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\PROPWIN.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\JAZTHANK.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\CTL3D.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\6AB0CA.DLL *E:\WINDOWS\winstart.bat `@E:\WINDOWS\tmpcpyis.bat *E:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost `127.0.0.1 www.ishareit.net `127.0.0.1 www.edonkey-2000.de `127.0.0.1 www.edonkey-bot.de `127.0.0.1 www.edonkey-edonkey2000.de `127.0.0.1 www.edonkey-hilfe.de `127.0.0.1 www.edonkey-morpheus-forum.de `127.0.0.1 www.emule-hilfe.de `127.0.0.1 www.file-sharing-forum.de `127.0.0.1 www.filesharing-forum.de `127.0.0.1 www.imesh-download.de `127.0.0.1 www.1md.de `127.0.0.1 www.mariodolzer.de `127.0.0.1 www.morpheus-forum.de `127.0.0.1 www.overnet-download.de `127.0.0.1 www.overnet-hilfe.de `127.0.0.1 www.winmx-download.de `127.0.0.1 www.winmx-hilfe.de `127.0.0.1 www.download-und-hilfe.de `127.0.0.1 www.filesharing-hilfe-forum.de `127.0.0.1 www.musik-download.biz `127.0.0.1 www.mp3downloads.ch `127.0.0.1 www.icisnet.org `127.0.0.1 www.filesharing-download.de `127.0.0.1 www.p2p.tm `127.0.0.1 www.filesharing-center.de `127.0.0.1 www.filesharing-tools.de `127.0.0.1 www.rippro.net `127.0.0.1 www.kazaalite.org `127.0.0.1 www.filesharing-software.de `127.0.0.1 www.k-lite.co.uk `127.0.0.1 kazzaa.info `127.0.0.1 www.dingosoft.net `127.0.0.1 rippro.net `127.0.0.1 kazaa.filez.ws `127.0.0.1 www.every.biz `127.0.0.1 ad.adsmart.net `127.0.0.1 ad.ca.doubleclick.net `127.0.0.1 ad.de.doubleclick.net `127.0.0.1 ad.doubleclick.net `127.0.0.1 ad.es.doubleclick.net `127.0.0.1 ad.fr.doubleclick.net `127.0.0.1 ad.it.doubleclick.net `127.0.0.1 ad.jp.doubleclick.net `127.0.0.1 ad.kr.doubleclick.net `127.0.0.1 ad.nl.doubleclick.net `127.0.0.1 ad.no.doubleclick.net `127.0.0.1 ad.se.doubleclick.net `127.0.0.1 ad.sma.punto.net `127.0.0.1 ad.uk.doubleclick.net `127.0.0.1 ad1.adcept.net `127.0.0.1 ad1.icorp.net `127.0.0.1 ad2.adcept.net `127.0.0.1 ad3.adcept.net `127.0.0.1 adimage.blm.net `127.0.0.1 admonitor.net `127.0.0.1 adproject.net `127.0.0.1 ads.admonitor.net `127.0.0.1 ads.astalavista.us `127.0.0.1 ads.box.sk `127.0.0.1 ads.dai.net `127.0.0.1 ads.fortunecity.fr `127.0.0.1 ads.freshmeat.net `127.0.0.1 ads.god.co.uk `127.0.0.1 ads.guardianunlimited.co.uk `127.0.0.1 ads.i12.de `127.0.0.1 ads.infi.net `127.0.0.1 ads.lycos.de `127.0.0.1 ads.mediaturf.net `127.0.0.1 ads.smartclicks.net `127.0.0.1 ads.tiscali.fr `127.0.0.1 ads.xtra.co.nz `127.0.0.1 ads1.activeagent.at `127.0.0.1 ads5.gamecity.net `127.0.0.1 adserv.quality-channel.de `127.0.0.1 adserver.adtech.de `127.0.0.1 adserver.akqa.net `127.0.0.1 adserver.directforce.net `127.0.0.1 adserver.tweakers.net `127.0.0.1 adserver.webads.nl `127.0.0.1 adserver1.ogilvy-interactive.de `127.0.0.1 adsubstract `127.0.0.1 adtegrity.spinbox.net `127.0.0.1 badservant.guj.de `127.0.0.1 banner.de `127.0.0.1 banner.i-3.de `127.0.0.1 banner.media-system.de `127.0.0.1 banner.orb.net `127.0.0.1 bannerads.de `127.0.0.1 banners.hotlinks.net `127.0.0.1 bizad.nikkeibp.co.jp `127.0.0.1 cash4banner.de `127.0.0.1 code02.pbtech.net `127.0.0.1 ct.iac-online.de `127.0.0.1 de.netstatpro.net `127.0.0.1 doubleclick.net `127.0.0.1 download1.libereco.net `127.0.0.1 econnect.libereco.net `127.0.0.1 etad.telegraph.co.uk `127.0.0.1 everyone.net `127.0.0.1 fragmentserv.iac-online.de `127.0.0.1 fs.dai.net `127.0.0.1 global.msads.net `127.0.0.1 hit.hotlog.ru `127.0.0.1 imageserv.adtech.de `127.0.0.1 itn.adbureau.net `127.0.0.1 jobkeys.ngadcenter.net `127.0.0.1 ln.doubleclick.net `127.0.0.1 m.doubleclick.net `127.0.0.1 media.carpediem.fr `127.0.0.1 media.fastclick.net `127.0.0.1 media20.fastclick.net `127.0.0.1 megacash.de `127.0.0.1 megawebcams.tv `127.0.0.1 mercury.rmuk.co.uk `127.0.0.1 monsterhitz.to `127.0.0.1 n24.de `127.0.0.1 nbc.adbureau.net `127.0.0.1 newsticker.shortnews.de `127.0.0.1 oas.benchmark.fr `127.0.0.1 pub.epiknet.org `127.0.0.1 pub.telmedia.fr `127.0.0.1 pub.weborama.fr `127.0.0.1 redherring.ngadcenter.net `127.0.0.1 redirect.iac-online.de `127.0.0.1 regio.adlink.de `127.0.0.1 script.weborama.fr `127.0.0.1 sh4banner.de `127.0.0.1 sh4sure-images.adbureau.net `127.0.0.1 shortwin.de `127.0.0.1 spezialreporte.de `127.0.0.1 spin.spinbox.net `127.0.0.1 survey.proactive.nl `127.0.0.1 thinknyc.eu-adcenter.net `127.0.0.1 ugo.eu-adcenter.net `127.0.0.1 vant.guj.de `127.0.0.1 visite.weborama.fr `127.0.0.1 VNU.eu-adcenter.net `127.0.0.1 weblist.de `127.0.0.1 www.12traffic.de `127.0.0.1 www.adexit.de `127.0.0.1 www.adnetz.net `127.0.0.1 www.adserver.net `127.0.0.1 www.adsmart.net `127.0.0.1 www.adverline.fr `127.0.0.1 www.adviews-sponsor.de `127.0.0.1 www.bannerads.de `127.0.0.1 www.cash1x1.de `127.0.0.1 www.cash2002.de `127.0.0.1 www.cash4banner.de `127.0.0.1 www.crxwarez.net `127.0.0.1 www.directvalue.nl `127.0.0.1 www.eclic.net `127.0.0.1 www.fastclick.net `127.0.0.1 www.flycast.co.uk `127.0.0.1 www.gator.co.uk `127.0.0.1 www.gator.net `127.0.0.1 www.megacash.de `127.0.0.1 www.megawebcams.tv `127.0.0.1 www.money4exit.de `127.0.0.1 www.nic.co.il `127.0.0.1 www.paidpopup.de `127.0.0.1 www.piratos.de `127.0.0.1 www.popdown.de `127.0.0.1 www.popupad.net `127.0.0.1 www.qksrv.net `127.0.0.1 www.service-url.de `127.0.0.1 www.sponsor2002.de `127.0.0.1 www.trafficbox.net `127.0.0.1 www.web3000.co.uk `127.0.0.1 www.webads.nl `127.0.0.1 www.webhancer.net `127.0.0.1 www.weblist.de `127.0.0.1 www.win24.de `127.0.0.1 www.zeloop.net `127.0.0.1 www4.trix.net `127.0.0.1 img.thebugs.ws `127.0.0.1 pet.thebugs.ws `127.0.0.1 bidclix.net `127.0.0.1 www.media-ads.org `127.0.0.1 dropcharge.stardialer.de `127.0.0.1 download.stardialer.de `127.0.0.1 install.serviceurl.de `127.0.0.1 www.flyswat.net `127.0.0.1 www.flyswat.org `127.0.0.1 www.flyswat.co.uk `127.0.0.1 www.conducent.co.uk `127.0.0.1 www.lolitafree.de `127.0.0.1 hop.clickbank.net `127.0.0.1 ads.flabber.nl `127.0.0.1 servlets.kliks.nl `127.0.0.1 affiliates.kliks.nl `127.0.0.1 ads.revenue.net `127.0.0.1 ads.tripod.lycos.co.uk `127.0.0.1 download.globaldialer.net `127.0.0.1 www.xtra.fm `127.0.0.1 www.mp3bank.nl »Program Files *E:\ntldr *E:\ntdetect.com *C:\io.sys *E:\WINDOWS\system32\win.com *E:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\FORMAT.COM *E:\WINDOWS\system32\format.com +E:\WINDOWS\system32\notepad.exe *E:\WINDOWS\notepad.exe +E:\WINDOWS\system32\slrundll.exe *E:\WINDOWS\slrundll.exe +E:\WINDOWS\system32\taskman.exe *E:\WINDOWS\TASKMAN.EXE +E:\WINDOWS\system32\winhlp32.exe *E:\WINDOWS\winhlp32.exe +E:\WINDOWS\AddUser.exe *E:\WINDOWS\adduser.cmd »System/Drivers »Running Processes +0=<idle> +4=<system> +968=\SystemRoot\System32\smss.exe *E:\WINDOWS\system32\ntdll.dll +1100=<unkown> +1124=\??\E:\WINDOWS\system32\winlogon.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\AUTHZ.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\NDdeApi.dll *E:\WINDOWS\system32\PROFMAP.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\PSAPI.DLL *E:\WINDOWS\system32\REGAPI.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\MSGINA.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\system32\ODBC32.dll *E:\WINDOWS\system32\comdlg32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\odbcint.dll *E:\WINDOWS\system32\SHSVCS.dll *E:\WINDOWS\system32\sfc.dll *E:\WINDOWS\system32\sfc_os.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\Apphelp.dll *E:\WINDOWS\system32\WINSCARD.DLL *E:\WINDOWS\system32\WTSAPI32.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\uxtheme.dll *E:\WINDOWS\system32\cscdll.dll *E:\WINDOWS\system32\rsaenh.dll *E:\WINDOWS\system32\WlNotify.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\sxs.dll *E:\WINDOWS\system32\wldap32.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\WINDOWS\system32\cscui.dll *E:\WINDOWS\system32\wdmaud.drv *E:\WINDOWS\system32\msacm32.drv *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\midimap.dll *E:\WINDOWS\system32\MPRAPI.dll *E:\WINDOWS\system32\ACTIVEDS.dll *E:\WINDOWS\system32\adsldpc.dll *E:\WINDOWS\system32\ATL.DLL *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\rtutils.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\CLBCATQ.DLL +1168=E:\WINDOWS\system32\services.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\SCESRV.dll *E:\WINDOWS\system32\AUTHZ.dll *E:\WINDOWS\system32\umpnpmgr.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\NCObjAPI.DLL *E:\WINDOWS\system32\MSVCP60.dll *E:\WINDOWS\system32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\secur32.dll *E:\WINDOWS\system32\Apphelp.dll *E:\WINDOWS\system32\eventlog.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\PSAPI.DLL *E:\WINDOWS\system32\wtsapi32.dll +1180=E:\WINDOWS\system32\lsass.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\LSASRV.dll *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\NTDSAPI.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\WINDOWS\system32\SAMSRV.dll *E:\WINDOWS\system32\cryptdll.dll *E:\WINDOWS\system32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\msprivs.dll *E:\WINDOWS\system32\kerberos.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\netlogon.dll *E:\WINDOWS\system32\w32time.dll *E:\WINDOWS\system32\MSVCP60.dll *E:\WINDOWS\system32\schannel.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\wdigest.dll *E:\WINDOWS\system32\rsaenh.dll *E:\WINDOWS\system32\nwprovau.dll *E:\WINDOWS\system32\setupapi.dll *E:\WINDOWS\system32\scecli.dll *E:\WINDOWS\system32\pstorsvc.dll *E:\WINDOWS\system32\psbase.dll *E:\WINDOWS\system32\dssenh.dll +1348=E:\WINDOWS\system32\svchost.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\SAMLIB.dll *e:\windows\system32\rpcss.dll *e:\windows\system32\Secur32.dll *e:\windows\system32\WS2_32.dll *e:\windows\system32\WS2HELP.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\WTSAPI32.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\iphlpapi.dll *e:\windows\system32\termsrv.dll *e:\windows\system32\ICAAPI.dll *e:\windows\system32\SETUPAPI.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\IMAGEHLP.dll *e:\windows\system32\AUTHZ.dll *e:\windows\system32\mstlsapi.dll *e:\windows\system32\ACTIVEDS.dll *e:\windows\system32\adsldpc.dll *e:\windows\system32\ATL.DLL *E:\WINDOWS\system32\REGAPI.dll *E:\WINDOWS\system32\rsaenh.dll *E:\WINDOWS\system32\rdpwsx.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\Apphelp.dll +1396=<unkown> +1700=E:\WINDOWS\System32\svchost.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\System32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\System32\WINMM.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\System32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\System32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\System32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\System32\SAMLIB.dll *E:\WINDOWS\System32\xpsp2res.dll *e:\windows\system32\shsvcs.dll *E:\WINDOWS\System32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\System32\rsaenh.dll *e:\windows\system32\dhcpcsvc.dll *e:\windows\system32\DNSAPI.dll *e:\windows\system32\WS2_32.dll *e:\windows\system32\WS2HELP.dll *e:\windows\system32\iphlpapi.dll *e:\windows\system32\Secur32.dll *e:\windows\system32\wzcsvc.dll *e:\windows\system32\rtutils.dll *e:\windows\system32\WMI.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *e:\windows\system32\WTSAPI32.dll *e:\windows\system32\ESENT.dll *e:\windows\system32\ATL.DLL *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\System32\hnetcfg.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\WINDOWS\System32\rastls.dll *E:\WINDOWS\system32\CRYPTUI.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\System32\MPRAPI.dll *E:\WINDOWS\System32\ACTIVEDS.dll *E:\WINDOWS\System32\adsldpc.dll *E:\WINDOWS\System32\SETUPAPI.dll *E:\WINDOWS\System32\RASAPI32.dll *E:\WINDOWS\System32\rasman.dll *E:\WINDOWS\System32\TAPI32.dll *E:\WINDOWS\System32\SCHANNEL.dll *E:\WINDOWS\System32\WinSCard.dll *E:\WINDOWS\System32\raschap.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *e:\windows\system32\schedsvc.dll *e:\windows\system32\NTDSAPI.dll *E:\WINDOWS\System32\MSIDLE.DLL *e:\windows\system32\audiosrv.dll *e:\windows\system32\wkssvc.dll *e:\windows\system32\nwwks.dll *e:\windows\system32\NWPROVAU.dll *E:\WINDOWS\system32\MPR.dll *e:\windows\system32\NWAPI32.dll *e:\windows\system32\qmgr.dll *e:\windows\system32\SHFOLDER.dll *e:\windows\system32\WINHTTP.dll *e:\windows\system32\cryptsvc.dll *e:\windows\system32\certcli.dll *e:\windows\pchealth\helpctr\binaries\pchsvc.dll *e:\windows\system32\es.dll *e:\windows\system32\ersvc.dll *e:\windows\system32\dmserver.dll *e:\windows\system32\srvsvc.dll *e:\windows\system32\netman.dll *e:\windows\system32\netshell.dll *e:\windows\system32\credui.dll *e:\windows\system32\WZCSAPI.DLL *e:\windows\system32\srsvc.dll *e:\windows\system32\POWRPROF.dll *e:\windows\system32\sens.dll *e:\windows\system32\seclogon.dll *e:\windows\system32\mprdim.dll *e:\windows\system32\wuauserv.dll *e:\windows\system32\wbem\wmisvc.dll *E:\WINDOWS\system32\VSSAPI.DLL *E:\WINDOWS\system32\wuaueng.dll *E:\WINDOWS\System32\ADVPACK.dll *E:\WINDOWS\System32\WINSPOOL.DRV *E:\WINDOWS\System32\Cabinet.dll *E:\WINDOWS\System32\mspatcha.dll *E:\WINDOWS\System32\sfc.dll *E:\WINDOWS\System32\sfc_os.dll *E:\WINDOWS\System32\iprtrmgr.dll *E:\WINDOWS\System32\rtm.dll *E:\WINDOWS\System32\WSOCK32.dll *E:\WINDOWS\System32\iprtprio.dll *e:\windows\system32\w32time.dll *e:\windows\system32\MSVCP60.dll *e:\windows\system32\trkwks.dll *e:\windows\system32\browser.dll *E:\WINDOWS\System32\SXS.DLL *E:\WINDOWS\System32\ipxrtmgr.dll *E:\WINDOWS\System32\adptif.dll *E:\WINDOWS\system32\comsvcs.dll *E:\WINDOWS\system32\MTXCLU.DLL *E:\WINDOWS\system32\colbact.DLL *E:\WINDOWS\System32\CLUSAPI.DLL *E:\WINDOWS\System32\RESUTILS.DLL *e:\windows\system32\wscsvc.dll *e:\windows\system32\msi.dll *E:\WINDOWS\System32\rasppp.dll *E:\WINDOWS\System32\ntlsapi.dll *E:\WINDOWS\System32\Wbem\wbemcore.dll *E:\WINDOWS\System32\Wbem\esscli.dll *E:\WINDOWS\System32\Wbem\wbemcomn.dll *E:\WINDOWS\System32\Wbem\FastProx.dll *e:\windows\system32\ipnathlp.dll *e:\windows\system32\AUTHZ.dll *E:\WINDOWS\System32\ipxwan.dll *E:\WINDOWS\System32\wbem\wbemsvc.dll *E:\WINDOWS\System32\wbem\wmiutils.dll *E:\WINDOWS\System32\wbem\repdrvfs.dll *E:\WINDOWS\System32\upnp.dll *E:\WINDOWS\System32\SSDPAPI.dll *E:\WINDOWS\System32\wbem\wmiprvsd.dll *E:\WINDOWS\system32\NCObjAPI.DLL *e:\windows\system32\tapisrv.dll *e:\windows\system32\PSAPI.DLL *e:\windows\system32\rasmans.dll *e:\windows\system32\WINIPSEC.DLL *e:\windows\system32\netcfgx.dll *E:\WINDOWS\System32\wbem\wbemess.dll *E:\WINDOWS\System32\ipxrip.dll *E:\WINDOWS\System32\ipxsap.dll *E:\WINDOWS\System32\mprddm.dll *E:\WINDOWS\System32\iashlpr.dll *E:\WINDOWS\System32\iasrad.dll *E:\WINDOWS\System32\iaspolcy.dll *E:\WINDOWS\System32\iassvcs.dll *E:\WINDOWS\System32\rastapi.dll *E:\WINDOWS\System32\wbem\ncprov.dll *E:\WINDOWS\System32\rasadhlp.dll *E:\WINDOWS\System32\unimdm.tsp *E:\WINDOWS\System32\uniplat.dll *E:\WINDOWS\System32\unimdmat.dll *E:\WINDOWS\system32\modemui.dll *E:\WINDOWS\System32\kmddsp.tsp *E:\WINDOWS\System32\ndptsp.tsp *E:\WINDOWS\System32\ipconf.tsp *E:\WINDOWS\System32\h323.tsp *E:\WINDOWS\System32\hidphone.tsp *E:\WINDOWS\System32\HID.DLL *E:\WINDOWS\system32\kerberos.dll *E:\WINDOWS\System32\cryptdll.dll *E:\WINDOWS\System32\iassdo.dll *E:\Program Files\Common Files\System\Ole DB\oledb32.dll *E:\WINDOWS\system32\MSDART.DLL *E:\WINDOWS\system32\comdlg32.dll *E:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL *E:\WINDOWS\System32\RASDLG.dll *E:\WINDOWS\System32\VBAJET32.DLL *E:\WINDOWS\System32\iasnap.dll *E:\WINDOWS\System32\iassam.dll *E:\WINDOWS\System32\iasacct.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\System32\msxml3.dll *E:\WINDOWS\system32\Apphelp.dll *E:\WINDOWS\system32\wups.dll *E:\WINDOWS\system32\wups2.dll *E:\WINDOWS\System32\qmgrprxy.dll +1772=<unkown> +1824=<unkown> +456=E:\WINDOWS\system32\spoolsv.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\SPOOLSS.DLL *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\rasadhlp.dll *E:\WINDOWS\system32\localspl.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\sfc_os.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\winspool.drv *E:\WINDOWS\system32\netapi32.dll *E:\WINDOWS\system32\cnbjmon.dll *E:\WINDOWS\system32\hpzlnt09.dll *E:\WINDOWS\system32\FXSMON.DLL *E:\WINDOWS\system32\FXSEVENT.dll *E:\WINDOWS\system32\pjlmon.dll *E:\WINDOWS\system32\tcpmon.dll *E:\WINDOWS\system32\usbmon.dll *E:\WINDOWS\System32\mswsock.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\nwprovau.dll *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\system32\win32spl.dll *E:\WINDOWS\system32\NETRAP.dll *E:\WINDOWS\system32\NTDSAPI.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\inetpp.dll *E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL *E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL +956=E:\WINDOWS\Explorer.EXE *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\BROWSEUI.dll *E:\WINDOWS\system32\SHDOCVW.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\CRYPTUI.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\system32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\appHelp.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\System32\cscui.dll *E:\WINDOWS\System32\CSCDLL.dll *E:\WINDOWS\System32\themeui.dll *E:\WINDOWS\System32\Secur32.dll *E:\WINDOWS\System32\MSIMG32.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\System32\ACTXPRXY.DLL *E:\WINDOWS\system32\LINKINFO.dll *E:\WINDOWS\system32\ntshrui.dll *E:\WINDOWS\system32\ATL.DLL *E:\WINDOWS\system32\NETSHELL.dll *E:\WINDOWS\system32\rtutils.dll *E:\WINDOWS\system32\credui.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\system32\urlmon.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\System32\webcheck.dll *E:\WINDOWS\System32\WSOCK32.dll *E:\WINDOWS\system32\msi.dll *E:\WINDOWS\System32\stobject.dll *E:\WINDOWS\System32\BatMeter.dll *E:\WINDOWS\System32\POWRPROF.dll *E:\WINDOWS\System32\WTSAPI32.dll *E:\WINDOWS\system32\upnpui.dll *E:\WINDOWS\System32\upnp.dll *E:\WINDOWS\System32\WINHTTP.dll *E:\WINDOWS\System32\SSDPAPI.dll *E:\WINDOWS\system32\rsaenh.dll *E:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\System32\nwprovau.dll *E:\WINDOWS\System32\drprov.dll *E:\WINDOWS\System32\ntlanman.dll *E:\WINDOWS\System32\NETUI0.dll *E:\WINDOWS\System32\NETUI1.dll *E:\WINDOWS\System32\NETRAP.dll *E:\WINDOWS\System32\SAMLIB.dll *E:\WINDOWS\System32\davclnt.dll *E:\WINDOWS\system32\fxsst.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\FXSAPI.dll *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\WZCSAPI.DLL *E:\WINDOWS\system32\RASDLG.dll *E:\WINDOWS\system32\MPRAPI.dll *E:\WINDOWS\system32\ACTIVEDS.dll *E:\WINDOWS\system32\adsldpc.dll *E:\WINDOWS\system32\RASAPI32.dll *E:\WINDOWS\system32\rasman.dll *E:\WINDOWS\system32\TAPI32.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\SXS.DLL *E:\WINDOWS\system32\shdoclc.dll *E:\WINDOWS\system32\printui.dll *E:\WINDOWS\system32\CFGMGR32.dll *E:\WINDOWS\System32\zipfldr.dll *E:\WINDOWS\system32\browselc.dll *E:\PROGRA~1\SPYBOT~1\SDHelper.dll *E:\WINDOWS\system32\olepro32.dll *E:\WINDOWS\system32\DUSER.dll +1072=E:\Program Files\Iomega\AutoDisk\ADUserMon.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\system32\oledlg.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll +1088=E:\Program Files\Iomega\DriveIcons\ImgIcon.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *E:\Program Files\Iomega\Common\IoATLDrv.dll *E:\Program Files\Iomega\Common\IoReady.dll *E:\WINDOWS\system32\IomIcons.dll +1248=E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\VERSION.dll *E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\SBHook.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\httpclient50.dll *E:\WINDOWS\system32\WSOCK32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\clientutil50.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\uxtheme.dll *E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\SBRes.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\psapi.dll *E:\WINDOWS\system32\IMAGEHLP.dll +1184=E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\comdlg32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\SensApi.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\system32\RICHED32.DLL *E:\WINDOWS\system32\RICHED20.dll *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\PROGRA~1\McAfee.com\PERSON~1\Localized.DLL *E:\WINDOWS\system32\MPFAPI.dll *E:\WINDOWS\system32\SHFOLDER.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *e:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\System32\msxml3.dll *E:\WINDOWS\system32\WINHTTP.dll *E:\WINDOWS\system32\xpsp2res.dll *e:\program files\mcafee.com\agent\mcagntps.dll *E:\WINDOWS\system32\WTSAPI32.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\system32\Apphelp.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\urlmon.dll *E:\WINDOWS\system32\RASAPI32.DLL *E:\WINDOWS\system32\rasman.dll *E:\WINDOWS\system32\TAPI32.dll *E:\WINDOWS\system32\rtutils.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\rsaenh.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\wsock32.dll *E:\WINDOWS\System32\mswsock.dll *E:\WINDOWS\system32\rasadhlp.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\system32\hnetcfg.dll *E:\WINDOWS\System32\wshtcpip.dll +1356=E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll +1448=E:\Program Files\QuickTime\qttask.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\wdmaud.drv *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\msacm32.drv *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\midimap.dll *E:\WINDOWS\system32\dsound.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll +1476=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3209.dll +1568=E:\Program Files\HP\hpcoretech\hpcmpmgr.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\Program Files\HP\hpcoretech\HPVCR70.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\Cabinet.dll *E:\WINDOWS\system32\rsaenh.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\MSXML4.dll *E:\WINDOWS\system32\urlmon.dll *E:\WINDOWS\system32\mlang.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\msi.dll *E:\WINDOWS\system32\SXS.DLL +1592=E:\WINDOWS\system32\hphmon05.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHFOLDER.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\hpzIPR12.dll *E:\WINDOWS\system32\setupapi.dll *E:\WINDOWS\system32\cfgmgr32.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL +1640=E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll +1748=E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\MFC71.DLL *E:\WINDOWS\system32\MSVCR71.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\MSVFW32.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\MSVCP71.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\MPR.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll *E:\WINDOWS\system32\SHFOLDER.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\Program Files\Grisoft\AVG Free\avgcfg.dll *E:\Program Files\Grisoft\AVG Free\avgklib.dll *E:\Program Files\Grisoft\AVG Free\avglng.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL *E:\Program Files\Grisoft\AVG Free\avgf.dll *E:\Program Files\Grisoft\AVG Free\AVGRES.DLL *E:\Program Files\Grisoft\AVG Free\avgcckrn.dll *E:\Program Files\Grisoft\AVG Free\avgvault.dll *E:\Program Files\Grisoft\AVG Free\avgscan.dll *E:\Program Files\Grisoft\AVG Free\avgunarc.dll *E:\Program Files\Grisoft\AVG Free\avgrep.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\avgemsui.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll +1856=E:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SensApi.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\PROGRA~1\McAfee.com\PERSON~1\Localized.DLL *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\SAMLIB.dll *e:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\System32\msxml3.dll *E:\WINDOWS\system32\WINHTTP.dll *e:\program files\mcafee.com\agent\mcagntps.dll +1916=E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll *E:\WINDOWS\system32\WSOCK32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\MSVCR71.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\MSVCP71.dll *E:\WINDOWS\system32\SHFOLDER.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\Program Files\Grisoft\AVG Free\avgcfg.dll *E:\Program Files\Grisoft\AVG Free\avgklib.dll *E:\Program Files\Grisoft\AVG Free\avglng.dll *E:\Program Files\Grisoft\AVG Free\avgscan.dll *E:\Program Files\Grisoft\AVG Free\avgunarc.dll *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\system32\RASAPI32.DLL *E:\WINDOWS\system32\rasman.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\TAPI32.dll *E:\WINDOWS\system32\rtutils.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\SCHANNEL.DLL *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\USERENV.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll *E:\Program Files\Grisoft\AVG Free\avgmail.dll *E:\WINDOWS\system32\SensAPI.DLL *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\system32\hnetcfg.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll +272=E:\Program Files\Microsoft Office\Office\OSA.EXE *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\Program Files\Microsoft Office\Office\MSO97.DLL *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\Program Files\Microsoft Office\Office\osaintl.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\COMRes.dll +1648=E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\MSVCP71.dll *E:\WINDOWS\system32\MSVCR71.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\Program Files\Grisoft\AVG Free\avgcfg.dll *E:\Program Files\Grisoft\AVG Free\avgklib.dll *E:\WINDOWS\system32\SHFOLDER.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\System32\wbem\wbemprox.dll *E:\WINDOWS\System32\wbem\wbemcomn.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\System32\wbem\wbemsvc.dll *E:\WINDOWS\System32\wbem\fastprox.dll *E:\WINDOWS\system32\MSVCP60.dll *E:\WINDOWS\system32\NTDSAPI.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\Secur32.dll *E:\Program Files\Grisoft\AVG Free\avglng.dll +1792=E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\Secur32.dll +1884=E:\WINDOWS\System32\drivers\CDAC11BA.EXE *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll +1988=E:\WINDOWS\System32\cisvc.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\System32\query.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\System32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\System32\WINMM.dll *E:\WINDOWS\System32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\System32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *E:\WINDOWS\System32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\System32\SAMLIB.dll *E:\WINDOWS\system32\Apphelp.dll +2044=E:\PROGRA~1\Iomega\System32\AppServices.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll +196=C:\Marimba\CASTAN~1\Tuner.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\MSVCRT.dll *C:\Marimba\CASTAN~1\lib\mrbmod.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\WSOCK32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\Apphelp.dll +240=E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SensApi.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\system32\hnetcfg.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\WINDOWS\system32\MPFAPI.dll +228=C:\Marimba\CASTAN~1\lib\jre\bin\jre.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\MSVCRT.dll *C:\Marimba\CASTAN~1\lib\jre\bin\javai.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *C:\Marimba\CASTAN~1\lib\jre\bin\zip.dll *E:\WINDOWS\system32\Secur32.dll *C:\Marimba\CASTAN~1\lib\marimba.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\WSOCK32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\Rasapi32.dll *E:\WINDOWS\system32\rasman.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\TAPI32.dll *E:\WINDOWS\system32\rtutils.dll *C:\Marimba\CASTAN~1\lib\mrmdial.dll *C:\Marimba\CASTAN~1\lib\jre\bin\net.dll *E:\WINDOWS\System32\mswsock.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\hnetcfg.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\rsaenh.dll *C:\Marimba\CASTAN~1\lib\jre\bin\math.dll *C:\Marimba\CASTAN~1\lib\mrbssl.dll *E:\WINDOWS\system32\rasadhlp.dll *E:\WINDOWS\system32\PSAPI.DLL *C:\Marimba\CASTAN~1\lib\jre\bin\winawt.dll *E:\WINDOWS\system32\comdlg32.dll *C:\Marimba\Channels\.marimba\ws3\ch.1\data\subscription5102.dll *E:\WINDOWS\system32\OLEAUT32.dll +292=E:\WINDOWS\System32\svchost.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\System32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\System32\WINMM.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\System32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\System32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *e:\windows\system32\wiaservc.dll *e:\windows\system32\CFGMGR32.dll *e:\windows\system32\setupapi.DLL *e:\windows\system32\mscms.dll *e:\windows\system32\WINSPOOL.DRV *e:\windows\system32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\System32\xpsp2res.dll *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\System32\ACTXPRXY.DLL +496=E:\Program Files\Iomega\AutoDisk\ADService.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\Program Files\Iomega\AutoDisk\IoReady.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\Program Files\Iomega\AutoDisk\IomIcons.dll +764=E:\WINDOWS\system32\CCM\CcmExec.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\MSVCP60.dll *E:\WINDOWS\system32\ATL.DLL *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\ccmcore.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\WTSAPI32.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\PSAPI.DLL *E:\WINDOWS\system32\CCM\ccmperf.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\CCM\CCMGenCert.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\System32\wbem\wbemprox.dll *E:\WINDOWS\System32\wbem\wbemcomn.dll *E:\WINDOWS\System32\wbem\wbemsvc.dll *E:\WINDOWS\System32\wbem\fastprox.dll *E:\WINDOWS\system32\NTDSAPI.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\msi.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\system32\APPHELP.DLL *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\rsaenh.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\CCM\PolicyAgent.dll *E:\WINDOWS\system32\CCM\PatchUIMonitor.dll *E:\WINDOWS\system32\CCM\SrcUpdateMgr.dll *E:\WINDOWS\system32\CCM\smscore.dll *E:\WINDOWS\system32\CCM\ContentAccess.dll *E:\WINDOWS\system32\CCM\CcmDTS.dll *E:\WINDOWS\system32\CCM\CPApplet.dll *E:\WINDOWS\system32\CCM\CcmCTM.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\System32\es.dll *E:\WINDOWS\system32\CCM\ccmident.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\MPRAPI.dll *E:\WINDOWS\system32\ACTIVEDS.dll *E:\WINDOWS\system32\adsldpc.dll *E:\WINDOWS\system32\rtutils.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\system32\CCM\StatusAgent.dll *E:\WINDOWS\system32\CCM\CCMAuthMessageHook.dll *E:\WINDOWS\system32\CCM\LSUtilities.dll *E:\WINDOWS\System32\wbem\wmidcprv.dll *E:\WINDOWS\System32\wbem\wmiutils.dll *E:\WINDOWS\System32\wbem\esscli.dll *E:\WINDOWS\system32\CCM\LSInterface.dll *E:\WINDOWS\system32\SensApi.dll *E:\WINDOWS\System32\msxml3.dll *E:\WINDOWS\system32\WINHTTP.dll *E:\WINDOWS\system32\CCM\MtrMgr.dll *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\system32\CCM\Prep.dll *E:\WINDOWS\system32\CCM\Sched.dll *E:\WINDOWS\system32\CCM\AdvertSched.dll *E:\WINDOWS\System32\Wbem\framedyn.dll *E:\WINDOWS\system32\CCM\execmgr.dll *E:\WINDOWS\system32\CCM\PolicyAgentEndpoint.dll *E:\WINDOWS\system32\CCM\StatusAgentProxy.dll *E:\WINDOWS\system32\CCM\smsclient.dll *E:\WINDOWS\system32\SXS.DLL *E:\WINDOWS\system32\comsvcs.dll *E:\WINDOWS\system32\MTXCLU.DLL *E:\WINDOWS\system32\WSOCK32.dll *E:\WINDOWS\system32\colbact.DLL *E:\WINDOWS\system32\CLUSAPI.DLL *E:\WINDOWS\system32\RESUTILS.DLL +2016=E:\WINDOWS\system32\HPZipm12.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\WSOCK32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\WINDOWS\system32\HPZidr12.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\WINSPOOL.DRV +3220=<unkown> +3452=<unkown> +2576=<unkown> +3804=E:\WINDOWS\system32\wuauclt.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ATL.DLL *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\wuaucpl.cpl *E:\WINDOWS\system32\SHFOLDER.dll *E:\WINDOWS\system32\wuaueng.dll *E:\WINDOWS\system32\ADVPACK.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\ESENT.dll *E:\WINDOWS\system32\WTSAPI32.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\system32\WINHTTP.dll *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\Cabinet.dll *E:\WINDOWS\system32\mspatcha.dll *E:\WINDOWS\system32\sfc.dll *E:\WINDOWS\system32\sfc_os.dll *E:\WINDOWS\system32\MSIMG32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\wups.dll *E:\WINDOWS\system32\wups2.dll *E:\WINDOWS\system32\wucltui.dll +3848=E:\Program Files\Mozilla Firefox\firefox.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\Program Files\Mozilla Firefox\js3250.dll *E:\Program Files\Mozilla Firefox\nspr4.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\WSOCK32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\Program Files\Mozilla Firefox\xpcom.dll *E:\Program Files\Mozilla Firefox\plc4.dll *E:\Program Files\Mozilla Firefox\plds4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ole32.dll *E:\Program Files\Mozilla Firefox\smime3.dll *E:\Program Files\Mozilla Firefox\nss3.dll *E:\Program Files\Mozilla Firefox\softokn3.dll *E:\Program Files\Mozilla Firefox\ssl3.dll *E:\Program Files\Mozilla Firefox\xpcom_compat.dll *E:\WINDOWS\system32\comdlg32.dll *E:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\WINSPOOL.DRV *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\system32\hnetcfg.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\WINDOWS\System32\msimtf.dll *E:\WINDOWS\System32\MSCTF.dll *E:\Program Files\Mozilla Firefox\plugins\npnul32.dll *E:\Program Files\Java\j2re1.4.1\bin\NPOJI610.dll *E:\Program Files\Java\j2re1.4.1\bin\jpins32.dll *E:\Program Files\Java\j2re1.4.1\bin\jpishare.dll *E:\Program Files\Mozilla Firefox\components\jar50.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL *E:\WINDOWS\system32\uxtheme.dll *E:\WINDOWS\system32\msimg32.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\rasadhlp.dll *E:\WINDOWS\system32\appHelp.dll *E:\WINDOWS\System32\cscui.dll *E:\WINDOWS\System32\CSCDLL.dll *E:\PROGRA~1\MOZILL~1\nssckbi.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\System32\mlang.dll *E:\WINDOWS\system32\wdmaud.drv *E:\WINDOWS\system32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\msacm32.drv *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\midimap.dll *E:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\system32\Macromed\Common\SwSupport.dll *E:\WINDOWS\system32\netapi32.dll +1624=E:\WINDOWS\system32\cidaemon.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\query.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ShimEng.dll *E:\WINDOWS\AppPatch\AcGenral.DLL *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\MSACM32.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\NTMARTA.DLL *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\LINKINFO.dll *E:\WINDOWS\system32\ntshrui.dll *E:\WINDOWS\system32\ATL.DLL *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\system32\LangWrbk.dll *E:\WINDOWS\system32\appHelp.dll *E:\WINDOWS\System32\mstask.dll *E:\WINDOWS\System32\NTDSAPI.dll *E:\WINDOWS\System32\DNSAPI.dll *E:\WINDOWS\System32\WS2_32.dll *E:\WINDOWS\System32\WS2HELP.dll *E:\WINDOWS\System32\Secur32.dll *E:\WINDOWS\system32\comdlg32.dll *E:\WINDOWS\system32\MPR.dll +3520=E:\Program Files\MSN Messenger\msnmsgr.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\Program Files\MSN Messenger\MSGSLANG.DLL *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\System32\es.dll *E:\WINDOWS\system32\wtsapi32.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\xpsp2res.dll *E:\WINDOWS\system32\SXS.DLL *E:\WINDOWS\system32\wininet.dll *E:\Program Files\MSN Messenger\msgsc.dll *E:\WINDOWS\system32\msi.dll *E:\WINDOWS\System32\ACTXPRXY.DLL *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\urlmon.dll *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\system32\hnetcfg.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\WINDOWS\system32\RASAPI32.DLL *E:\WINDOWS\system32\rasman.dll *E:\WINDOWS\system32\TAPI32.dll *E:\WINDOWS\system32\rtutils.dll *E:\WINDOWS\system32\WINMM.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\rsaenh.dll *E:\WINDOWS\system32\wsock32.dll *E:\WINDOWS\system32\wintrust.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\schannel.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\rasadhlp.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\sensapi.dll *E:\WINDOWS\system32\dssenh.dll *E:\WINDOWS\System32\devenum.dll *E:\WINDOWS\system32\setupapi.dll *E:\WINDOWS\system32\msdmo.dll *E:\WINDOWS\system32\MSIMG32.DLL *E:\WINDOWS\System32\qmgrprxy.dll *E:\WINDOWS\system32\RICHED20.dll *E:\WINDOWS\system32\IMM32.dll +832=E:\Documents and Settings\Nancy\My Documents\startdreck\StartDreck.exe *E:\WINDOWS\system32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\Documents and Settings\Nancy\My Documents\startdreck\VB40032.DLL *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\MSVCRT20.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\OLEPRO32.DLL *E:\Documents and Settings\Nancy\My Documents\startdreck\VB4DE32.DLL *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *E:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\Documents and Settings\Nancy\My Documents\startdreck\PSAPI.DLL »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User *E:\Program Files\Microsoft Office\Office\STARTUP\FineReader6.dot *E:\Program Files\Microsoft Office\Office\STARTUP\MSCREATE.DIR »Default User »Local Machine »ICQ NetDetect »Current User »Default User |
|
|
|
|
08-17-2005, 04:41 AM
|
#4 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
here is the Silent Runner file
"Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "LDM" = "\Program\BackWeb-8876480.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ADUserMon" = "E:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ["Iomega Corporation"] "Iomega Drive Icons" = "E:\Program Files\Iomega\DriveIcons\ImgIcon.exe" ["Iomega"] "Deskup" = "E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART" ["Iomega"] "Motive SmartBridge" = "E:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."] "MPFExe" = "E:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "Microsoft Works Update Detection" = "E:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "TkBellExe" = ""E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "HPDJ Taskbar Utility" = "E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"] "HPHUPD05" = "E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" ["Hewlett-Packard"] "HP Component Manager" = ""E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HPHmon05" = "E:\WINDOWS\system32\hphmon05.exe" ["Hewlett-Packard"] "HP Software Update" = "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "AVG7_CC" = "E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "MCAgentExe" = "e:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "AVG7_EMC" = "E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll" [file not found] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{c7745760-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Iomega\Shell\ImgMenu.dll" ["Iomega Corp."] "{c7745761-8ead-11ce-b750-02608ca5202c}" = "IomegaWare Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Iomega\Shell\ImgProp.dll" ["Iomega Corp."] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices" -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\system32\upnpui.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."] "{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] "{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] "{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a˛ Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\ABBYY\FineReader 6.0\FECMenu.dll" ["ABBYY (BIT Software)"] NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}" -> {CLSID}\InProcServer32\(Default) = "nwprovau.dll" [MS] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "E:\Documents and Settings\Nancy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "E:\WINDOWS\System32\ssstars.scr" [MS] Startup items in "Nancy" & "All Users" startup folders: ------------------------------------------------------- E:\Documents and Settings\Nancy\Start Menu\Programs\Startup "Office Startup" -> shortcut to: "E:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS] E:\Documents and Settings\All Users\Start Menu\Programs\Startup "Logitech Desktop Messenger" -> shortcut to: "E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"] "Marimba User Login" -> shortcut to: "E:\WINDOWS\system32\wscript.exe C:\marimba\mbsacliapp\getuser.vbe" [MS] Enabled Scheduled Tasks: ------------------------ "HP Usg Daily" -> launches: "E:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe" [empty string] "McAfee.com Update Check (NANCY-7KWMCA4TO-admin 1)" -> launches: "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"] "McAfee.com Update Check (NANCY-7KWMCA4TO-Nancy)" -> launches: "E:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["McAfee, Inc"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar_en_2.0.113-deleon.dll" ["Google Inc."] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "e:\program files\google\googletoolbar_en_2.0.113-deleon.dll" ["Google Inc."] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0" -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {CLSID}\InProcServer32\(Default) = "E:\WINDOWS\System32\msjava.dll" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] C-DillaCdaC11BA, C-DillaCdaC11BA, "E:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["C-Dilla Ltd"] Castanet Tuner 4.6, Marimba, "C:\Marimba\CASTAN~1\Tuner.exe" ["Marimba, Inc."] Client Service for NetWare, NWCWorkstation, "E:\WINDOWS\System32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\nwwks.dll" [MS]} Iomega Active Disk, _IOMEGA_ACTIVE_DISK_SERVICE_, ""E:\Program Files\Iomega\AutoDisk\ADService.exe"" ["Iomega Corporation"] Iomega App Services, Iomega App Services, ""E:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"] McAfee Personal Firewall Service, MpfService, "E:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"] Pml Driver HPZ12, Pml Driver HPZ12, "E:\WINDOWS\system32\HPZipm12.exe" ["HP"] SMS Agent Host, CcmExec, "E:\WINDOWS\system32\CCM\CcmExec.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 169 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 118 seconds. ---------- (total run time: 430 seconds) |
|
|
|
|
08-17-2005, 07:29 AM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
panda scan results
Incident Status Location Adware:adware/sqwire No disinfected E:\WINDOWS\SYSTEM32\tsuninst.exe Adware:adware/apropos No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\LOCAL SETTINGS\TEMP\cfout.txt Spyware:spyware/istbar No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\LOCAL SETTINGS\TEMP\targetsaver.exe Adware:adware/twain-tech No disinfected E:\WINDOWS\INF\twaintec.inf Adware:adware/ipinsight No disinfected E:\WINDOWS\alchem.ini Adware:adware/sahagent No disinfected E:\WINDOWS\u6f6uftuc.exe Adware:adware/sidesearch No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\APPLICATION DATA\Lycos Adware:adware/cws No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\FAVORITES\Going Places Spyware:spyware/media-motor No disinfected Windows Registry Adware:Adware/FunWeb No disinfected C:\hjt\backups\backup-20041006-173418-198.inf Adware:Adware/SideFind No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\GLFED9GLFED9.EXE Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\GLFF44GLFF44.EXE Adware:Adware/SideFind No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\targetsaver.exe Adware:Adware/Twain-Tech No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\twaintec.inf Spyware:Spyware/BargainBuddy No disinfected E:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup\barg1302.BUD[bargains.exe] Adware:Adware/Twain-Tech No disinfected E:\WINDOWS\inf\twaintec.inf Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\hochkaod3.ini Spyware:Spyware/ISTbar No disinfected E:\WINDOWS\system32\tsuninst.exe Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\u6f6uftuc.ini |
|
|
|
|
08-17-2005, 07:32 AM
|
#6 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
panda results
Incident Status Location Adware:adware/sqwire No disinfected E:\WINDOWS\SYSTEM32\tsuninst.exe Adware:adware/apropos No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\LOCAL SETTINGS\TEMP\cfout.txt Spyware:spyware/istbar No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\LOCAL SETTINGS\TEMP\targetsaver.exe Adware:adware/twain-tech No disinfected E:\WINDOWS\INF\twaintec.inf Adware:adware/ipinsight No disinfected E:\WINDOWS\alchem.ini Adware:adware/sahagent No disinfected E:\WINDOWS\u6f6uftuc.exe Adware:adware/sidesearch No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\APPLICATION DATA\Lycos Adware:adware/cws No disinfected E:\DOCUMENTS AND SETTINGS\NANCY\FAVORITES\Going Places Spyware:spyware/media-motor No disinfected Windows Registry Adware:Adware/FunWeb No disinfected C:\hjt\backups\backup-20041006-173418-198.inf Adware:Adware/SideFind No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\GLFED9GLFED9.EXE Spyware:Spyware/ISTbar No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\GLFF44GLFF44.EXE Adware:Adware/SideFind No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\targetsaver.exe Adware:Adware/Twain-Tech No disinfected E:\Documents and Settings\Nancy\Local Settings\Temp\twaintec.inf Spyware:Spyware/BargainBuddy No disinfected E:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup\barg1302.BUD[bargains.exe] Adware:Adware/Twain-Tech No disinfected E:\WINDOWS\inf\twaintec.inf Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\hochkaod3.ini Spyware:Spyware/ISTbar No disinfected E:\WINDOWS\system32\tsuninst.exe Adware:Adware/SAHAgent No disinfected E:\WINDOWS\system32\u6f6uftuc.ini |
|
|
|
|
08-17-2005, 11:20 PM
|
#7 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2
|
Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT) Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point. Please go to at least two of these sites and run an online Virus Scan. Be sure to have the AutoFix box(es) checked. http://housecall.trendmicro.com/ http://www3.ca.com/virusinfo/virusscan.aspx http://www.pandasoftware.com/actives..._principal.htm http://www.bitdefender.com/scan/license.php http://us.mcafee.com/root/mfs/default.asp http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/virusinfo/virusscan.aspx Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip Download and install CleanUp! but do not run it yet. *NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Download, install, and update Ewido Security Suite
After the updates are installed, exit Ewido Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. Reboot/logoff when prompted. Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Delete these folders. E:\DOCUMENTS AND SETTINGS\NANCY\APPLICATION DATA\Lycos E:\DOCUMENTS AND SETTINGS\NANCY\FAVORITES\Going Places Now navigate to this file and open it with wordpad.. E:\WINDOWS\wininit.ini Delete the following entrys...and then save the file. `NUL=E:\DOCUME~1\Nancy\LOCALS~1\Temp\randreco.exe `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\UNINST.EXE `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD7.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD6.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD5.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD4.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD3.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD2.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\BBRD1.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\7b3432.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP0.DIR\7b3428.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\_SETUP.LIB `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\WELCOME.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\PROTECT.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\PROPWIN.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\JAZTHANK.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\CTL3D.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP2.DIR\6D4133.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\_SETUP.LIB `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\WELCOME.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\PROTECT.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\PROPWIN.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\JAZTHANK.BMP `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\CTL3D.DLL `NUL=E:\WINDOWS\TEMP\_ISTMP1.DIR\6AB0CA.DLL Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. E:\WINDOWS\SYSTEM32\tsuninst.exe E:\WINDOWS\INF\twaintec.inf E:\WINDOWS\alchem.ini E:\WINDOWS\u6f6uftuc.exe E:\WINDOWS\system32\hochkaod3.ini On the reboot..boot directly back to safe mode. Run Ewido:
Run the Cleanup utility again and reboot back to normal mode. Then run another Panda scan...save it's log and post it here along with the log from the Ewido scan.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-20-2005, 11:01 AM
|
#8 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
Hello again
Sorry it took so long to respond with the test results. When I ran Ad-aware = nothing found Spybot = got message "problem in file E:\program files - Spybot S&D Includes/hijakers.sbi CW shredder was OK. I did all the other tasks as requested. I ran Ewidow and Cleanup nothing found: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 8:51:50 PM, 8/19/2005 + Report-Checksum: B7AF9392 + Scan result: No infected objects found. ::Report End This morning, I tried to run Panda on line (scan my computer). My cpu kept jumping to 100% and the Panda site would lock up and I' get message "program not responding". I tried several times, and finally tried "scan local disks". this seemed to work. It takes @ 2 hrs for this to complete, so went & did some other stuff. When I came back to the PC, all that was there was the Panda Start scan page. I checked on it about 95% of the way through and there was nothing found at that point. There was no option to save a report.. is it possible that nothing was found and therefore no report? While all the scans appear to look clean, I am curious why my cpu usage is all over the place, and my pc is running very slow. What else can I try? Also, I normaly have AVG running. Should I keep this on (Ithink i turned it offf while Ewidow was running). Should I keep AVG and Ewidow on together? Thanks so much for your help and patience. |
|
|
|
|
08-20-2005, 08:49 PM
|
#9 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2
|
When doing the Panda scan shut down everthing. Anyway..it looks like your clean...but lets try another scanner.
Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system. Also manually go to each of those directorys we deleted those files from in your last post and make sure they are gone.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-21-2005, 09:21 AM
|
#10 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
Hello again
I ran the Trend micro antispyware program 2x, both came up clean: Started Scanning Internet Cookies Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Also, I checked all the files we deleted and they are gone. I did find E:\WINDOWS\INF\twaintec.pnf ipo .inf file. Is this something to be concerned about? Thanks again. |
|
|
|
|
08-21-2005, 02:27 PM
|
#11 (permalink) |
|
Analyst, Security Team
|
Yes, delete that twaintec.pnf file.
Your log is clean. To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
08-21-2005, 03:04 PM
|
#12 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2
|
Yes..as "Greyknight" suggested delete them. Also have a peek in the system for any files named like this....alchem That file we deleted sometimes leaves behind a same name exe file.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
|
08-22-2005, 05:34 AM
|
#13 (permalink) |
|
Registered User
Join Date: Oct 2004
Posts: 15
OS: XP
|
Hi
I deleted the pnf file and found an alchem.pnf deleted that as well. back in Post #7, you wrote: Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point. How do I go back to a clean restore point? Thanks for all your help getting my PC back to normal. |
|
|
|
|
08-22-2005, 07:44 PM
|
#14 (permalink) |
|
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,965
OS: Windows XP-Pro SP2
|
Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below. Your restore point question is answered below.
Reset hidden/system files and folders Windows XP ===============
Windows 2000 ===============
Windows ME ===============
Windows 95/98/98SE ===============
Create a new System Restore point Windows XP ===============
Windows ME ===============
Reboot the PC and repeat the above procedure again When you get to this option
For Windows ME..we MUST create a new restore point now as Windows ME will not create one automatically until the computer has been on for 10 hours or 24 hours has passed. To create a new restore point follow the procedure below.
Enable Windows Auto Update
Please visit Microsoft's Window's Update Page and install the latest service packs, patch’s and security updates for your system. Recommended Protection Programs Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
If you do not have a firewall, here are 4 free ones available for personal use: In today’s world you MUST have an Antivirus program. If you do not have one, here are 3 FREE ones available for personal use: In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles Please stay safe out there and take the helpful advice that’s been given. The goal here is to prevent the adware/spyware/virus/worms from getting on the system in the first place. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!
Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder |
|
|
|
| Thread Tools | |
|
|
