reformatted after winsock takeover, still having problems - Page 2

tinkerbellnhl · 01-11-2006, 12:02 PM

Bump!

MicroBell · 01-12-2006, 02:39 PM

Lets try this....

Download/Install the tool on this page..http://www.dougknox.com/xp/utils/xp_securityconsole.htm

Lauch the tool and check the "System Security" tab and see if you can take control of the firewall.

Spybot detecting this entry...HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0 is fine. Set it up to ignore the entry as it's an issue with spybot and the entry is correct.

My concern is the windows popup...

I also need a log from the following tool...

Please download Rootkit Revealer (link is at the very bottom of the page)

Unzip it to your desktop.
Open the rootkitrevealer folder and double-click rootkitrevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go up to File > Save. Choose to save it to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

tinkerbellnhl · 01-12-2006, 09:54 PM

The Doug Knox utility was not formatted to work with your instructions. You said to check the "System Security" tab and then see if I can take control of the firewall. You can highlight the System Security in the left column, but then there are several boxes which you can check on the right side. I'm not sure which ones I am supposed to check.

As for the Root Kit, here is the log:

HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32* 1/8/2006 12:17 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\Dhcp\Parameters\{231CBD2D-D5CD-4FD8-95F2-DF0E0C3F06CE} 1/12/2006 9:56 PM 164 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\bobbie\Local Settings\Temporary Internet Files\Content.IE5\8HYJ8TE7\mail[1].htm 1/12/2006 9:59 PM 680 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\bobbie\Local Settings\Temporary Internet Files\Content.IE5\8HYJ8TE7\mail[2].htm 1/12/2006 10:01 PM 680 bytes Hidden from Windows API.
C:\Documents and Settings\bobbie\Local Settings\Temporary Internet Files\Content.IE5\8HYJ8TE7\test[1].htm 1/12/2006 10:37 PM 449 bytes Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\Temp\5ff8_appcompat.txt 1/12/2006 10:28 PM 0 bytes Hidden from Windows API.

MicroBell · 01-14-2006, 01:53 AM

I have not messed with that program yet....so I don't know what options it has but my understanding was you can take "Control" of XP's security features from within that program.

You also mentiond that "Group" that was created. When you tryed to delete the group were you logged on under the Administrator account??

Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

Close the program.

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Standard
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

tinkerbellnhl · 01-15-2006, 07:21 AM

I ran CCleaner fine, but I cannot get Kaspersky to work no matter what I do. I disabled all security monitoring on my computer, enabled pop-ups and Active X, but nothing. It just sits there saying it's downloading the Active X and initializing the update, etc., but it's not.

tinkerbellnhl · 01-15-2006, 10:21 AM

Just thought I'd send a new HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 11:18:36 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\Program Files\HijackThis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sanriotown.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = bobbie
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136279193156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

MicroBell · 01-15-2006, 07:50 PM

Can you post a SpySweeper log then?

Configure it as followed:

From the left pane, click Options
Select the Sweep Options tab & ensure the following are ticked:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All Users accounts
- Do Not Sweep System Restore Folder
- Enable Direct Disk Sweeping
- Sweep For Rootkits
After that's done, select Sweep from the left pane & click on the Start button
Allow Spysweeper to reboot your machine to remove the infected files.

After rebooting, launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply along with an Ewido log.

tinkerbellnhl · 01-15-2006, 10:04 PM

I scanned for what you suggested. I am not subscribed to Spy Sweeper, so I could not remove the infected files, but here is what they were:

247realmedia cookie
2o7.net cookie
about cookie
adrevolver cookie
banner cookie
customer cookie
dealtime cookie
pointroll cookie
statcounter cookie
tribalfusion cookie
yieldmanager cookie

This is the ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:52:44 PM, 1/15/2006
+ Report-Checksum: A2605C3A

+ Scan result:

C:\Documents and Settings\bobbie\Cookies\bobbie@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wflicjcpocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wfmyomcpokp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

::Report End

Also, I cannot run Microsoft Windows Update. This is the screen I get:

[Error number: 0x800A1391]
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup
For assisted support options:

Microsoft Online Assisted Support (no-cost for Windows Update issues)

Read more about steps you can take to resolve this problem yourself.

I completed the self-help instructions of adding the MS sites to my trusted site list, but nothing changed.

When I try to check for HP Software Updates it runs the System Checkup, but then will not display any results.

MicroBell · 01-16-2006, 02:16 AM

Running low on ideas....except the ultimate...Reinstall Windows fix. Your logs are bascially clean as they are returning nothing but cookies which is expected.

Let me have a look at what services you have running.

Download GetServices http://www.bleepingcomputer.com/file...etservices.zip

Unzip the files inside and run getservices.bat. It will produce a log. Please post that log. I also need you to run the following tool...

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post the entire contents of the log.txt file in the aproposfix folder.

tinkerbellnhl · 01-16-2006, 08:13 PM

I could not run the getservices.bat program. A command prompt window opened and said that it was not a recognized command, etc.

Here is the apropros log:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\bobbie\Desktop\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:
No folder found!

Deleting files:

Backing up files:
Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

Additionally, Windows Security Center is now not on. When I open it from Control Panel it tells me "The Security Center is currently unavailable because the 'Security Center' service has not started or was stopped. Is there a way to turn it back on? Or does this have something to do with someone creating a group domain and controlling my computer?

MicroBell · 01-16-2006, 08:36 PM

*Sigh*

Send me the hard drive so I can "Beat It" with a stick...lol

I think something still must be lurking on the system. If you keep changeing that firewall setting in the registry and it changes back..something is makeing the change.

As for the BATCH file...lets see if thats disabled as well. Please run this simple batch file and see if it produces a log.

Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

Quote:

dir C:\WINDOWS\system32\svchost.exe /a h > files.txt
notepad files.txt

Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here.

I also need to see if CMD is disabled. CLick...START>>>RUN>>Type in CMD. Let me know if the DOS window opened.

tinkerbellnhl · 01-16-2006, 08:45 PM

haha i agree!! well here's the findfile.bat log:

Volume in drive C has no label.
Volume Serial Number is F473-BD8B

Directory of C:\WINDOWS\system32

08/04/2004 01:56 AM 14,336 svchost.exe
1 File(s) 14,336 bytes

Directory of C:\Documents and Settings\bobbie\Desktop

And yes CMD opened the DOS window.

MicroBell · 01-17-2006, 01:52 AM

Ok... Try shutting down Symantec/Norton in case it's blocking the script and run getservices.bat again. Make sure you extracted that file to this location... C:\Getservices\getservices.bat.Try in safe mode IF it won't work in normal. Since that script is basically what we just ran,,,it should work.

If it still won't run...try this...

Copy autoexec.nt from c:\windows\repair\ folder to c:\windows\system32\ folder. Then try again.

tinkerbellnhl · 01-17-2006, 08:49 AM

Here is the getservices.bat log:

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Event propagation and logging service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Event Manager
DEPENDENCIES : RPCSS
: ccSetMgr
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccProxy
Symantec Proxy Service
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Proxy
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccPwdSvc
User account management service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec Password Validation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Settings storage and management service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Settings Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: clr_optimization_v2.0.50727_32
Microsoft .NET Framework NGEN
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : .NET Runtime Optimization Service v2.0.50727_X86
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 960000 seconds
: Restart DELAY: 15360000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: DefWatch
Monitors and maintains virus definitions.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AntiVirus Definition Watcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ewido security suite control
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\ewido anti-malware\ewidoctrl.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ewido security suite control
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ewido security suite guard
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\ewido anti-malware\ewidoguard.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ewido security suite guard
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: hpqwmi
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\HPQ\SHARED\HPQWMI.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HP WMI Interface
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: iPodService
iPod hardware management services
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\iPod\bin\iPodService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : iPod Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ISSVC
Internet Security Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : IS Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: workService
: Distributed Transaction Coordinator
: tcher
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NVSvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Driver Helper Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SavRoam
Symantec AntiVirus Roaming Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SAVRoam
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SDhelper
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Spyware Doctor\sdhelp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : PC Tools Spyware Doctor
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Drivers Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SoundMAX Agent Service (default)
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SoundMAX Agent Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SPBBCSvc
Symantec SPBBC
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec SPBBCSvc
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: svcWRSSSDK
Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for Spy Sweeper to function.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Webroot Spy Sweeper Engine
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{AB696844-C19C-421E-A543-1B89324DBFFE}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec AntiVirus
Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AntiVirus
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 10000 seconds
: Restart DELAY: 10000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: SymSecurePort
Symantec SecurePort Service
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec SecurePort
DEPENDENCIES : ccEvtMgr
: ccSetMgr
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WMConnectCDS
Shares media with media devices using Universal Plug and Play
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Windows Media Connect 2\wmccds.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Media Connect Service
DEPENDENCIES : upnphost
: http
: HTTPFilter
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 30000 seconds
: Restart DELAY: 30000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

Please tell me this helps

MicroBell · 01-18-2006, 01:00 AM

Negative. Log is clean also....

Download: StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'Mark All'

UN-Check the 'NT-Services & NT-Kernel...' boxes only:
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread

tinkerbellnhl · 01-18-2006, 08:54 AM

Here it is....... and I had to split it up cause the post was too long aapparently.

StartDreck (build 2.1.7 public stable) - 2006-01-18 @ 09:46:20 (GMT -06:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as bobbie at BOBBIE

»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
»RunOnce
»Default User
»Run
*Spyware Doctor=
»RunOnce
»Local Machine
»Run
*Apoint=C:\Program Files\Apoint2K\Apoint.exe
*AGRSMMSG=AGRSMMSG.exe
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
*iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
*UpdateManager="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
*gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
*{0228e555-4f9c-4e35-a3ec-b109a192b4c2}=C:\Program Files\Google\Gmail Notifier\gnotify.exe
*KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
*HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
*DXDllRegExe=dxdllreg.exe
*HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*vptray=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" %*
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar2.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.google.com/ie
*Search Page=http://www.google.com
*Start Page=http://www.sanriotown.com/
*Window Title=bobbie
+SearchUrl
*provider=gogl
*=http://www.google.com/keyword/%s
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://www.google.com/ie
+SearchUrl
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\bobbie\Start Menu\Programs\Startup\desktop.ini
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com
`127.0.0.1 localhost
`127.0.0.1 realarea.biz
`127.0.0.1 archiviosex.net
`127.0.0.1 agava.com
`127.0.0.1 agava.ru
`127.0.0.1 hut1.ru
`127.0.0.1 hu15.ru
`127.0.0.1 winfixer.com
`127.0.0.1 3721.com
`127.0.0.1 easysearchingtips.com
`127.0.0.1 fine-search.net
`127.0.0.1 noproblemsurf.com
`127.0.0.1 search-motor.com
`127.0.0.1 searchwhatuwant.com
`127.0.0.1 ad25.com
`127.0.0.1 ad45.com
`127.0.0.1 ad77.com
`127.0.0.1 ad86.com
`127.0.0.1 full-search.net
`127.0.0.1 go2-search.com
`127.0.0.1 onemoresearch.net
`127.0.0.1 search-777.com
`127.0.0.1 search-to-find.com
`127.0.0.1 search-what.net
`127.0.0.1 winshow.biz
`127.0.0.1 lookfor.cc
`127.0.0.1 looking-for.cc
`127.0.0.1 tgp-4-you.com
`127.0.0.1 veryeasysearch.com
`127.0.0.1 010402.com
`127.0.0.1 20x2p.com
`127.0.0.1 db105.com
`127.0.0.1 ga31.com
`127.0.0.1 mpeg-look.com
`127.0.0.1 n-udd.com
`127.0.0.1 p-uud.com
`127.0.0.1 porn-screen.com
`127.0.0.1 rb37.com
`127.0.0.1 t058.com
`127.0.0.1 u-239.com
`127.0.0.1 v-224.com
`127.0.0.1 trackhits.cc
`127.0.0.1 tracktraff.cc
`127.0.0.1 power-cleaner.com
`127.0.0.1 yoursitebar.com
`127.0.0.1 ysbweb.com
`127.0.0.1 www.ysbweb.com
`127.0.0.1 installcash.com
`127.0.0.1 toolbarcash.com
`127.0.0.1 msnguard.cc
`127.0.0.1 searchclick.cc
`127.0.0.1 havy.biz
`127.0.0.1 ewizard.cc
`127.0.0.1 camup.net
`127.0.0.1 bdsmlibrary.net
`127.0.0.1 n-glx.s-redirect.com
`127.0.0.1 aaasexypics.com
`127.0.0.1 allforadult.com
`127.0.0.1 autoescrowpay.com
`127.0.0.1 awmcash.biz
`127.0.0.1 buldog-stats.com
`127.0.0.1 counter.sexmaniack.com
`127.0.0.1 fregat.drocherway.com
`127.0.0.1 greg-tut.com
`127.0.0.1 iframe.biz
`127.0.0.1 megapornix.com
`127.0.0.1 newiframe.biz
`127.0.0.1 nylonsexy.com
`127.0.0.1 pizdato.biz
`127.0.0.1 sexfiles.nu
`127.0.0.1 slutmania.biz
`127.0.0.1 sp2******.biz
`127.0.0.1 vesbiz.biz
`127.0.0.1 virgin-tgp.net
`127.0.0.1 vparivalka.com
`127.0.0.1 x.full-tgp.net
`127.0.0.1 toolbar.cc
`127.0.0.1 himen.biz
`127.0.0.1 msupdater.net
`127.0.0.1 www.msupdater.net
`127.0.0.1 1800searchonline.com
`127.0.0.1 www.1800searchonline.com
`127.0.0.1 1stsearchportal.com
`127.0.0.1 www.1stsearchportal.com
`127.0.0.1 24-7searching-and-more.com
`127.0.0.1 www.24-7searching-and-more.com
`127.0.0.1 971searchbox.com
`127.0.0.1 aaawebfinder.com
`127.0.0.1 www.aaawebfinder.com
`127.0.0.1 ampmsearch.com
`127.0.0.1 www.ampmsearch.com
`127.0.0.1 clicktomakeasearch.com
`127.0.0.1 www.clicktomakeasearch.com
`127.0.0.1 directsearchzone.com
`127.0.0.1 www.directsearchzone.com
`127.0.0.1 easysearch4you.com
`127.0.0.1 www.easysearch4you.com
`127.0.0.1 enterthesearch.com
`127.0.0.1 www.enterthesearch.com
`127.0.0.1 esearch2005.com
`127.0.0.1 www.esearch2005.com
`127.0.0.1 eza1netsearch.com
`127.0.0.1 www.eza1netsearch.com
`127.0.0.1 ezwebsearching.com
`127.0.0.1 www.ezwebsearching.com
`127.0.0.1 globalefinder.com
`127.0.0.1 www.globalefinder.com
`127.0.0.1 go2realsearch.com
`127.0.0.1 www.go2realsearch.com
`127.0.0.1 myseachexplorer.com
`127.0.0.1 www.myseachexplorer.com
`127.0.0.1 quicksearch360.com
`127.0.0.1 www.quicksearch360.com
`127.0.0.1 s1s1s1search.com
`127.0.0.1 www.s1s1s1search.com
`127.0.0.1 search101online.com
`127.0.0.1 www.search101online.com
`127.0.0.1 search123forme.com
`127.0.0.1 www.search123forme.com
`127.0.0.1 search345quest.com
`127.0.0.1 www.search345quest.com
`127.0.0.1 searchmiracle.com
`127.0.0.1 www.searchmiracle.com
`127.0.0.1 searchtheworld4you.com
`127.0.0.1 www.searchtheworld4you.com
`127.0.0.1 searchwebzone.com
`127.0.0.1 www.searchwebzone.com
`127.0.0.1 seektheglobe.com
`127.0.0.1 www.seektheglobe.com
`127.0.0.1 sitesearchcentral.com
`127.0.0.1 www.sitesearchcentral.com
`127.0.0.1 the818search-co.com
`127.0.0.1 www.the818search-co.com
`127.0.0.1 type2find.com
`127.0.0.1 www.type2find.com
`127.0.0.1 xosearchox.com
`127.0.0.1 www.xosearchox.com
`127.0.0.1 yoursearchspace.com

tinkerbellnhl · 01-18-2006, 09:07 AM

»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+616=\SystemRoot\System32\smss.exe
*C:\WINDOWS\system32\ntdll.dll
+688=\??\C:\WINDOWS\system32\csrss.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\CSRSRV.dll
*C:\WINDOWS\system32\basesrv.dll
*C:\WINDOWS\system32\winsrv.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\KERNEL32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\VERSION.dll
+728=\??\C:\WINDOWS\system32\winlogon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\PROFMAP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\SHSVCS.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\WINSCARD.DLL
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\cscdll.dll
*C:\WINDOWS\system32\WlNotify.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\WRLogonNTF.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\cscui.dll
*C:\WINDOWS\system32\MPRAPI.dll
*C:\WINDOWS\system32\ACTIVEDS.dll
*C:\WINDOWS\system32\adsldpc.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\NavLogon.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
+772=C:\WINDOWS\system32\services.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SCESRV.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\umpnpmgr.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\eventlog.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\wtsapi32.dll
+784=C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\LSASRV.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\SAMSRV.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\msprivs.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\netlogon.dll
*C:\WINDOWS\system32\w32time.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\wdigest.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\scecli.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ipsecsvc.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\oakley.DLL
*C:\WINDOWS\system32\WINIPSEC.DLL
*C:\WINDOWS\system32\pstorsvc.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\psbase.dll
*C:\WINDOWS\system32\dssenh.dll
+936=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*c:\windows\system32\termsrv.dll
*c:\windows\system32\ICAAPI.dll
*c:\windows\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\mstlsapi.dll
*c:\windows\system32\ACTIVEDS.dll
*c:\windows\system32\adsldpc.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
+1012=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
+1052=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\shsvcs.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\dhcpcsvc.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\System32\rsaenh.dll
*c:\windows\system32\wzcsvc.dll
*c:\windows\system32\rtutils.dll
*c:\windows\system32\WMI.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*c:\windows\system32\WTSAPI32.dll
*c:\windows\system32\ESENT.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\System32\rastls.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\RASAPI32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\SCHANNEL.dll
*C:\WINDOWS\System32\WinSCard.dll
*C:\WINDOWS\System32\raschap.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*c:\windows\system32\schedsvc.dll
*c:\windows\system32\NTDSAPI.dll
*C:\WINDOWS\System32\MSIDLE.DLL
*c:\windows\system32\audiosrv.dll
*c:\windows\system32\wkssvc.dll
*c:\windows\system32\cryptsvc.dll
*c:\windows\system32\certcli.dll
*c:\windows\system32\ersvc.dll
*c:\windows\system32\es.dll
*c:\windows\pchealth\helpctr\binaries\pchsvc.dll
*c:\windows\system32\srvsvc.dll
*c:\windows\system32\netman.dll
*c:\windows\system32\netshell.dll
*c:\windows\system32\credui.dll
*c:\windows\system32\WZCSAPI.DLL
*C:\WINDOWS\System32\HNETCFG.DLL
*C:\WINDOWS\System32\MSVCP60.dll
*c:\windows\system32\seclogon.dll
*c:\windows\system32\sens.dll
*c:\windows\system32\srsvc.dll
*c:\windows\system32\POWRPROF.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*c:\windows\system32\trkwks.dll
*c:\windows\system32\w32time.dll
*c:\windows\system32\wbem\wmisvc.dll
*C:\WINDOWS\system32\VSSAPI.DLL
*c:\windows\system32\wuauserv.dll
*C:\WINDOWS\system32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*c:\windows\system32\ipnathlp.dll
*c:\windows\system32\AUTHZ.dll
*C:\WINDOWS\System32\Wbem\wbemcore.dll
*C:\WINDOWS\System32\Wbem\esscli.dll
*C:\WINDOWS\System32\Wbem\wbemcomn.dll
*C:\WINDOWS\System32\Wbem\FastProx.dll
*c:\windows\system32\browser.dll
*C:\WINDOWS\system32\comsvcs.dll
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\System32\CLUSAPI.DLL
*C:\WINDOWS\System32\RESUTILS.DLL
*C:\WINDOWS\System32\wbem\wmiutils.dll
*C:\WINDOWS\System32\wbem\repdrvfs.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\wbem\wmiprvsd.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\System32\wbem\wbemess.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\netcfgx.dll
*C:\WINDOWS\System32\upnp.dll
*C:\WINDOWS\System32\SSDPAPI.dll
*C:\WINDOWS\System32\rasmans.dll
*C:\WINDOWS\System32\WINIPSEC.DLL
*c:\windows\system32\tapisrv.dll
*c:\windows\system32\PSAPI.DLL
*C:\WINDOWS\System32\rastapi.dll
*C:\WINDOWS\System32\unimdm.tsp
*C:\WINDOWS\System32\uniplat.dll
*C:\WINDOWS\System32\msi.dll
*C:\WINDOWS\System32\unimdmat.dll
*C:\WINDOWS\system32\modemui.dll
*C:\WINDOWS\System32\kmddsp.tsp
*C:\WINDOWS\System32\ndptsp.tsp
*C:\WINDOWS\System32\ipconf.tsp
*C:\WINDOWS\System32\h323.tsp
*C:\WINDOWS\System32\hidphone.tsp
*C:\WINDOWS\System32\HID.DLL
*C:\WINDOWS\System32\rasppp.dll
*C:\WINDOWS\System32\ntlsapi.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\System32\cryptdll.dll
*C:\WINDOWS\System32\RASDLG.dll
*C:\WINDOWS\system32\msxml3.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\System32\wbem\ncprov.dll
*C:\WINDOWS\System32\dssenh.dll
*C:\WINDOWS\System32\catsrvut.dll
*C:\WINDOWS\System32\catsrv.dll
*C:\WINDOWS\System32\MfcSubs.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\mlang.dll
*C:\WINDOWS\System32\xmlprovi.dll
*C:\WINDOWS\System32\wups.dll
*C:\WINDOWS\system32\licdll.dll
+1136=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\dnsrslvr.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1248=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\lmhsvc.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\webclnt.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\wsock32.dll
*c:\windows\system32\ssdpsrv.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1392=C:\WINDOWS\Explorer.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\BROWSEUI.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\System32\themeui.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\MSIMG32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\Program Files\Microsoft AntiSpyware\shellextension.dll
*C:\WINDOWS\System32\webcheck.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\stobject.dll
*C:\WINDOWS\System32\BatMeter.dll
*C:\WINDOWS\System32\POWRPROF.dll
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\WZCSAPI.DLL
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\shdoclc.dll
*C:\WINDOWS\system32\wzcdlg.dll
*C:\WINDOWS\system32\WINHTTP.dll
*C:\Program Files\ewido anti-malware\shellhook.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\system32\browselc.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*C:\WINDOWS\system32\DUSER.dll
*C:\WINDOWS\system32\MLANG.dll
*C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
*C:\WINDOWS\System32\mydocs.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\Program Files\ewido anti-malware\context.dll
*C:\Program Files\ewido anti-malware\lang.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
*C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
*C:\WINDOWS\System32\zipfldr.dll
*C:\WINDOWS\System32\sendmail.dll
*C:\Program Files\Sonic\RecordNow!\shlext.dll
*C:\Program Files\Sonic\RecordNow!\MSVCR70.dll
*C:\WINDOWS\System32\shgina.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\Audiodev.dll
*C:\WINDOWS\system32\WMVCore.DLL
*C:\WINDOWS\system32\WMASF.DLL
*C:\WINDOWS\system32\wiashext.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
*C:\WINDOWS\System32\sti.dll
*C:\WINDOWS\System32\CFGMGR32.dll
+1528=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SYMREDIR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Common Files\Symantec Shared\DPHTML.dll
*C:\Program Files\Common Files\Symantec Shared\DPJS.dll
*C:\Program Files\Common Files\Symantec Shared\DPVBS.dll
*C:\Program Files\Common Files\Symantec Shared\PFAdBlk.dll
*C:\Program Files\Common Files\Symantec Shared\PFMisc.dll
*C:\Program Files\Common Files\Symantec Shared\PFPriv.dll
*C:\Program Files\Common Files\Symantec Shared\PFSec.dll
*C:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll
*C:\Program Files\Common Files\Symantec Shared\DPHTTP.dll
*C:\Program Files\Common Files\Symantec Shared\PxyIM.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccLogin.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccCharCv.dll
+1544=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
+1560=C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NISRES.DLL
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\SXS.DLL
+1576=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SymNeti.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+1644=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL
*C:\PROGRA~1\SYMANT~1\SYMANT~1\LOGFWDER.DLL
*C:\WINDOWS\system32\SymNeti.DLL
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll
*C:\WINDOWS\system32\MPR.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL
*c:\program files\common files\symantec shared\ssc\ScsComms.dll
*C:\WINDOWS\system32\nts.dll
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\WINDOWS\system32\cba.dll
*C:\WINDOWS\system32\MsgSys.dll
*C:\WINDOWS\system32\PDS.DLL
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\SNLog.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
+1924=C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SPOOLSS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\localspl.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\winspool.drv
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\cnbjmon.dll
*C:\WINDOWS\system32\hpzsnt09.dll
*C:\WINDOWS\system32\pjlmon.dll
*C:\WINDOWS\system32\tcpmon.dll
*C:\WINDOWS\system32\usbmon.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\win32spl.dll
*C:\WINDOWS\system32\NETRAP.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\inetpp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\xpsp2res.dll
+2028=C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MSVCR71.dll
+140=C:\Program Files\ewido anti-malware\ewidoctrl.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\Program Files\ewido anti-malware\lang.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SAMLIB.dll
+220=C:\WINDOWS\System32\nvsvc32.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Apphelp.dll
+264=C:\Program Files\Spyware Doctor\sdhelp.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\user32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\advapi32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\version.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
+412=C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
+476=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\wiaservc.dll
*c:\windows\system32\CFGMGR32.dll
*c:\windows\system32\setupapi.DLL
*c:\windows\system32\mscms.dll
*c:\windows\system32\WINSPOOL.DRV
*c:\windows\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\System32\xpsp2res.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\System32\sti.dll
+572=C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\user32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\advapi32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\mpr.dll
*C:\WINDOWS\system32\version.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\IMAGEHLP.DLL
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\olepro32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\vdmdbg.dll
*C:\WINDOWS\system32\dnsapi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
+136=C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\CBA.DLL
*C:\WINDOWS\system32\MsgSys.dll
*C:\WINDOWS\system32\NTS.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\PDS.DLL
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\ole32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVLU.dll
*C:\WINDOWS\system32\MFC71.DLL
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MFC71ENU.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\IMM32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL
*C:\WINDOWS\system32\SFC.DLL
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\wbem\wbemprox.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\wbem\fastprox.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\shfolder.dll
*c:\program files\common files\symantec shared\ssc\ScsComms.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\I2ldvp3.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\Program Files\Common Files\Symantec Shared\ccDec.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll
*C:\WINDOWS\system32\WININET.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
*C:\Program Files\Common Files\Symantec Shared\ccScan.dll
*C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\ccEraser.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefUtDCD.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\ecmsvr32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVEX32a.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVENG32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVAP32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\IMail.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NotesExt.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpmsece3.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymProtectStorage.dll
*C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll
*C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliscan.dll
+304=C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\System32\wbem\wbemprox.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\wbem\fastprox.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\WINDOWS\system32\hnetcfg.dll
+352=C:\WINDOWS\system32\wdfmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
+2148=C:\WINDOWS\System32\alg.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\MSWSOCK.DLL
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\xpsp2res.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+2400=C:\Program Files\Apoint2K\Apoint.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\Program Files\Apoint2K\ApResUS.dll
*C:\WINDOWS\system32\VXDIF.DLL
*C:\Program Files\Apoint2K\Apoint.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Program Files\Apoint2K\EzAuto.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Apoint2K\EzLaunch.DLL
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\MSCTF.dll
+2524=C:\WINDOWS\AGRSMMSG.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
+3008=C:\Program Files\Apoint2K\Apntex.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\VXDIF.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MSCTF.dll
+3016=C:\Program Files\iTunes\iTunesHelper.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\MSCTF.dll
+3048=C:\Program Files\iPod\bin\iPodService.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\CFGMGR32.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\Wtsapi32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+3156=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL
*C:\WINDOWS\system32\comdlg32.dll
+3172=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
+3212=C:\Program Files\Google\Gmail Notifier\gnotify.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\riched20.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\wintrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\dssenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\pstorec.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\Apphelp.dll
+3268=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\Program Files\HP\hpcoretech\HPVCR70.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\Cabinet.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\MSXML4.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\mlang.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+3276=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
+3284=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISPROD.DLL
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISRES.DLL
*C:\WINDOWS\system32\SYMREDIR.DLL
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISTRAY.DLL
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISALERT.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\ccEmlflt.dll
*C:\Program Files\Common Files\Symantec Shared\ccLogin.dll
*C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavEmail.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NISLCOM.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymFWAgt.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\SFWAlert.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\ccFWSetg.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\pRSettg.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\TLevel.dll
*C:\Program Files\Common Files\Symantec Shared\ccScan.dll
*C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
*C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\ecmsvr32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVEX32a.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVENG32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVAP32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL
*C:\Program Files\Common Files\Symantec Shared\ccPwd.dll
*C:\WINDOWS\system32\mslbui.dll
+3292=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MPR.dll
*C:\PROGRA~1\SYMANT~1\SYMANT~2\NAVNTUTL.DLL
*C:\WINDOWS\system32\SXS.DLL
*c:\program files\common files\symantec shared\ssc\ScsComms.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\nts.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\cba.dll
*C:\WINDOWS\system32\MsgSys.dll
*C:\WINDOWS\system32\PDS.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\mslbui.dll
+3300=C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\MSVBVM60.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll
*C:\WINDOWS\system32\GCCollection.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\mslbui.dll
+3304=C:\WINDOWS\system32\ctfmon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\MSUTB.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
+964=C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\HPVAUT32.dll
*C:\WINDOWS\system32\HPVCP70.dll
*C:\WINDOWS\system32\HPVCR70.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\HP\hpcoretech\HPCmpMgr.dll
*C:\WINDOWS\system32\MSXML4.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\mlang.dll
+3040=C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\MSVBVM60.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll
*C:\Program Files\Microsoft AntiSpyware\gcASThreatAudit.dll
*C:\WINDOWS\system32\GCCollection.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ShFolder.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msimg32.dll
*C:\WINDOWS\system32\mscomctl.ocx
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\asycfilt.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\psapi.dll
*C:\WINDOWS\system32\hashlib.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+3568=C:\Program Files\Internet Explorer\iexplore.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\BROWSEUI.dll
*C:\WINDOWS\system32\browselc.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*c:\program files\google\googletoolbar2.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\shdoclc.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\MSRATING.dll
*C:\WINDOWS\system32\msratelc.dll
*C:\WINDOWS\system32\mlang.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\mshtml.dll
*C:\WINDOWS\System32\msls31.dll
*C:\WINDOWS\System32\msimtf.dll
*C:\WINDOWS\ime\sptip.dll
*C:\WINDOWS\system32\OLEACC.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\IME\SPGRMR.DLL
*C:\WINDOWS\System32\jscript.dll
*C:\WINDOWS\system32\msxml3.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\System32\mshtmled.dll
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\System32\dispex.dll
*C:\WINDOWS\system32\plugin.ocx
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\System32\wuapi.dll
*C:\WINDOWS\system32\sfc_os.dll
+2952=C:\Documents and Settings\bobbie\Desktop\StartDreck\StartDreck.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Documents and Settings\bobbie\Desktop\StartDreck\VB40032.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\MSVCRT20.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLEPRO32.DLL
*C:\Documents and Settings\bobbie\Desktop\StartDreck\VB4DE32.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\Documents and Settings\bobbie\Desktop\StartDreck\PSAPI.DLL
+3620=C:\WINDOWS\system32\wuauclt.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\wuaucpl.cpl
*C:\WINDOWS\system32\SHFOLDER.dll
*C:\WINDOWS\system32\wuaueng.dll
*C:\WINDOWS\system32\ADVPACK.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ESENT.dll
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINHTTP.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\Cabinet.dll
*C:\WINDOWS\system32\mspatcha.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\wups.dll
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

tinkerbellnhl · 01-18-2006, 09:10 AM

»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+616=\SystemRoot\System32\smss.exe
*C:\WINDOWS\system32\ntdll.dll
+688=\??\C:\WINDOWS\system32\csrss.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\CSRSRV.dll
*C:\WINDOWS\system32\basesrv.dll
*C:\WINDOWS\system32\winsrv.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\KERNEL32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\VERSION.dll
+728=\??\C:\WINDOWS\system32\winlogon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\PROFMAP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\SHSVCS.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\WINSCARD.DLL
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\cscdll.dll
*C:\WINDOWS\system32\WlNotify.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\WRLogonNTF.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\cscui.dll
*C:\WINDOWS\system32\MPRAPI.dll
*C:\WINDOWS\system32\ACTIVEDS.dll
*C:\WINDOWS\system32\adsldpc.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\NavLogon.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
+772=C:\WINDOWS\system32\services.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SCESRV.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\umpnpmgr.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\eventlog.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\wtsapi32.dll
+784=C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\LSASRV.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\SAMSRV.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\msprivs.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\netlogon.dll
*C:\WINDOWS\system32\w32time.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\wdigest.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\scecli.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ipsecsvc.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\oakley.DLL
*C:\WINDOWS\system32\WINIPSEC.DLL
*C:\WINDOWS\system32\pstorsvc.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\psbase.dll
*C:\WINDOWS\system32\dssenh.dll
+936=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*c:\windows\system32\termsrv.dll
*c:\windows\system32\ICAAPI.dll
*c:\windows\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\mstlsapi.dll
*c:\windows\system32\ACTIVEDS.dll
*c:\windows\system32\adsldpc.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
+1012=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
+1052=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\shsvcs.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\dhcpcsvc.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\System32\rsaenh.dll
*c:\windows\system32\wzcsvc.dll
*c:\windows\system32\rtutils.dll
*c:\windows\system32\WMI.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*c:\windows\system32\WTSAPI32.dll
*c:\windows\system32\ESENT.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\System32\rastls.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\RASAPI32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\SCHANNEL.dll
*C:\WINDOWS\System32\WinSCard.dll
*C:\WINDOWS\System32\raschap.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*c:\windows\system32\schedsvc.dll
*c:\windows\system32\NTDSAPI.dll
*C:\WINDOWS\System32\MSIDLE.DLL
*c:\windows\system32\audiosrv.dll
*c:\windows\system32\wkssvc.dll
*c:\windows\system32\cryptsvc.dll
*c:\windows\system32\certcli.dll
*c:\windows\system32\ersvc.dll
*c:\windows\system32\es.dll
*c:\windows\pchealth\helpctr\binaries\pchsvc.dll
*c:\windows\system32\srvsvc.dll
*c:\windows\system32\netman.dll
*c:\windows\system32\netshell.dll
*c:\windows\system32\credui.dll
*c:\windows\system32\WZCSAPI.DLL
*C:\WINDOWS\System32\HNETCFG.DLL
*C:\WINDOWS\System32\MSVCP60.dll
*c:\windows\system32\seclogon.dll
*c:\windows\system32\sens.dll
*c:\windows\system32\srsvc.dll
*c:\windows\system32\POWRPROF.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*c:\windows\system32\trkwks.dll
*c:\windows\system32\w32time.dll
*c:\windows\system32\wbem\wmisvc.dll
*C:\WINDOWS\system32\VSSAPI.DLL
*c:\windows\system32\wuauserv.dll
*C:\WINDOWS\system32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*c:\windows\system32\ipnathlp.dll
*c:\windows\system32\AUTHZ.dll
*C:\WINDOWS\System32\Wbem\wbemcore.dll
*C:\WINDOWS\System32\Wbem\esscli.dll
*C:\WINDOWS\System32\Wbem\wbemcomn.dll
*C:\WINDOWS\System32\Wbem\FastProx.dll
*c:\windows\system32\browser.dll
*C:\WINDOWS\system32\comsvcs.dll
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\System32\CLUSAPI.DLL
*C:\WINDOWS\System32\RESUTILS.DLL
*C:\WINDOWS\System32\wbem\wmiutils.dll
*C:\WINDOWS\System32\wbem\repdrvfs.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\wbem\wmiprvsd.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\System32\wbem\wbemess.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\netcfgx.dll
*C:\WINDOWS\System32\upnp.dll
*C:\WINDOWS\System32\SSDPAPI.dll
*C:\WINDOWS\System32\rasmans.dll
*C:\WINDOWS\System32\WINIPSEC.DLL
*c:\windows\system32\tapisrv.dll
*c:\windows\system32\PSAPI.DLL
*C:\WINDOWS\System32\rastapi.dll
*C:\WINDOWS\System32\unimdm.tsp
*C:\WINDOWS\System32\uniplat.dll
*C:\WINDOWS\System32\msi.dll
*C:\WINDOWS\System32\unimdmat.dll
*C:\WINDOWS\system32\modemui.dll
*C:\WINDOWS\System32\kmddsp.tsp
*C:\WINDOWS\System32\ndptsp.tsp
*C:\WINDOWS\System32\ipconf.tsp
*C:\WINDOWS\System32\h323.tsp
*C:\WINDOWS\System32\hidphone.tsp
*C:\WINDOWS\System32\HID.DLL
*C:\WINDOWS\System32\rasppp.dll
*C:\WINDOWS\System32\ntlsapi.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\System32\cryptdll.dll
*C:\WINDOWS\System32\RASDLG.dll
*C:\WINDOWS\system32\msxml3.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\System32\wbem\ncprov.dll
*C:\WINDOWS\System32\dssenh.dll
*C:\WINDOWS\System32\catsrvut.dll
*C:\WINDOWS\System32\catsrv.dll
*C:\WINDOWS\System32\MfcSubs.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\mlang.dll
*C:\WINDOWS\System32\xmlprovi.dll
*C:\WINDOWS\System32\wups.dll
*C:\WINDOWS\system32\licdll.dll
+1136=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\dnsrslvr.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1248=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\lmhsvc.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\webclnt.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\wsock32.dll
*c:\windows\system32\ssdpsrv.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1392=C:\WINDOWS\Explorer.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\BROWSEUI.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\System32\themeui.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\MSIMG32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\Program Files\Microsoft AntiSpyware\shellextension.dll
*C:\WINDOWS\System32\webcheck.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\stobject.dll
*C:\WINDOWS\System32\BatMeter.dll
*C:\WINDOWS\System32\POWRPROF.dll
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\WZCSAPI.DLL
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\shdoclc.dll
*C:\WINDOWS\system32\wzcdlg.dll
*C:\WINDOWS\system32\WINHTTP.dll
*C:\Program Files\ewido anti-malware\shellhook.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\system32\browselc.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*C:\WINDOWS\system32\DUSER.dll
*C:\WINDOWS\system32\MLANG.dll
*C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
*C:\WINDOWS\System32\mydocs.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\Program Files\ewido anti-malware\context.dll
*C:\Program Files\ewido anti-malware\lang.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
*C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
*C:\WINDOWS\System32\zipfldr.dll
*C:\WINDOWS\System32\sendmail.dll
*C:\Program Files\Sonic\RecordNow!\shlext.dll
*C:\Program Files\Sonic\RecordNow!\MSVCR70.dll
*C:\WINDOWS\System32\shgina.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\Audiodev.dll
*C:\WINDOWS\system32\WMVCore.DLL
*C:\WINDOWS\system32\WMASF.DLL
*C:\WINDOWS\system32\wiashext.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
*C:\WINDOWS\System32\sti.dll
*C:\WINDOWS\System32\CFGMGR32.dll
+1528=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SYMREDIR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Common Files\Symantec Shared\DPHTML.dll
*C:\Program Files\Common Files\Symantec Shared\DPJS.dll
*C:\Program Files\Common Files\Symantec Shared\DPVBS.dll
*C:\Program Files\Common Files\Symantec Shared\PFAdBlk.dll
*C:\Program Files\Common Files\Symantec Shared\PFMisc.dll
*C:\Program Files\Common Files\Symantec Shared\PFPriv.dll
*C:\Program Files\Common Files\Symantec Shared\PFSec.dll
*C:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll
*C:\Program Files\Common Files\Symantec Shared\DPHTTP.dll
*C:\Program Files\Common Files\Symantec Shared\PxyIM.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccLogin.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccCharCv.dll
+1544=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
+1560=C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NISRES.DLL
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\SXS.DLL
+1576=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SymNeti.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+1644=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL
*C:\PROGRA~1\SYMANT~1\SYMANT~1\LOGFWDER.DLL
*C:\WINDOWS\system32\SymNeti.DLL
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll
*C:\WINDOWS\system32\MPR.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL
*c:\program files\common files\symantec shared\ssc\ScsComms.dll
*C:\WINDOWS\system32\nts.dll
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\WINDOWS\system32\cba.dll
*C:\WINDOWS\system32\MsgSys.dll
*C:\WINDOWS\system32\PDS.DLL
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\SNLog.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
+1924=C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SPOOLSS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\localspl.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\winspool.drv
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\cnbjmon.dll
*C:\WINDOWS\system32\hpzsnt09.dll
*C:\WINDOWS\system32\pjlmon.dll
*C:\WINDOWS\system32\tcpmon.dll
*C:\WINDOWS\system32\usbmon.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\win32spl.dll
*C:\WINDOWS\system32\NETRAP.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\inetpp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\xpsp2res.dll
+2028=C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MSVCR71.dll
+140=C:\Program Files\ewido anti-malware\ewidoctrl.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\Program Files\ewido anti-malware\lang.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SAMLIB.dll
+220=C:\WINDOWS\System32\nvsvc32.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Apphelp.dll
+264=C:\Program Files\Spyware Doctor\sdhelp.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\user32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\advapi32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\version.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
+412=C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
+476=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\wiaservc.dll
*c:\windows\system32\CFGMGR32.dll
*c:\windows\system32\setupapi.DLL
*c:\windows\system32\mscms.dll
*c:\windows\system32\WINSPOOL.DRV
*c:\windows\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\System32\xpsp2res.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\System32\sti.dll
+572=C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\user32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\advapi32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\oleaut32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\mpr.dll
*C:\WINDOWS\system32\version.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\IMAGEHLP.DLL
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\olepro32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\vdmdbg.dll
*C:\WINDOWS\system32\dnsapi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
+136=C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\CBA.DLL
*C:\WINDOWS\system32\MsgSys.dll
*C:\WINDOWS\system32\NTS.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\PDS.DLL
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\ole32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVLU.dll
*C:\WINDOWS\system32\MFC71.DLL
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MFC71ENU.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\IMM32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL
*C:\WINDOWS\system32\SFC.DLL
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\wbem\wbemprox.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\wbem\fastprox.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\shfolder.dll
*c:\program files\common files\symantec shared\ssc\ScsComms.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\I2ldvp3.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\Program Files\Common Files\Symantec Shared\ccDec.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll
*C:\WINDOWS\system32\WININET.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
*C:\Program Files\Common Files\Symantec Shared\ccScan.dll
*C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\ccEraser.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefUtDCD.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\ecmsvr32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVEX32a.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVENG32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVAP32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\IMail.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NotesExt.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpmsece3.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymProtectStorage.dll
*C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll
*C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliscan.dll
+304=C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\System32\wbem\wbemprox.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\wbem\fastprox.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\WINDOWS\system32\hnetcfg.dll
+352=C:\WINDOWS\system32\wdfmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
+2148=C:\WINDOWS\System32\alg.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\MSWSOCK.DLL
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\xpsp2res.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+2400=C:\Program Files\Apoint2K\Apoint.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\Program Files\Apoint2K\ApResUS.dll
*C:\WINDOWS\system32\VXDIF.DLL
*C:\Program Files\Apoint2K\Apoint.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Program Files\Apoint2K\EzAuto.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Apoint2K\EzLaunch.DLL
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\MSCTF.dll
+2524=C:\WINDOWS\AGRSMMSG.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
+3008=C:\Program Files\Apoint2K\Apntex.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\VXDIF.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MSCTF.dll
+3016=C:\Program Files\iTunes\iTunesHelper.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\MSCTF.dll
+3048=C:\Program Files\iPod\bin\iPodService.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\CFGMGR32.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\Wtsapi32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+3156=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL
*C:\WINDOWS\system32\comdlg32.dll
+3172=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
+3212=C:\Program Files\Google\Gmail Notifier\gnotify.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\riched20.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\wsock32.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\wintrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\dssenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\pstorec.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\Apphelp.dll
+3268=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\Program Files\HP\hpcoretech\HPVCR70.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\Cabinet.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\MSXML4.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\mlang.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+3276=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
+3284=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\Program Files\Common Files\Symantec Shared\ccL35.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\Crypt32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISPROD.DLL
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISRES.DLL
*C:\WINDOWS\system32\SYMREDIR.DLL
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Common Files\Symantec Shared\ccSet.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISTRAY.DLL
*C:\PROGRA~1\SYMANT~1\SYMANT~1\NISALERT.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\SymNeti.DLL
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\ccEmlflt.dll
*C:\Program Files\Common Files\Symantec Shared\ccLogin.dll
*C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavEmail.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\NISLCOM.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymFWAgt.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\SFWAlert.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\ccFWSetg.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\pRSettg.dll
*C:\Program Files\Symantec Client Security\Symantec Client Firewall\TLevel.dll
*C:\Program Files\Common Files\Symantec Shared\ccScan.dll
*C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
*C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\ecmsvr32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVEX32a.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060114.005\NAVENG32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVAP32.DLL
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL
*C:\Program Files\Common Files\Symantec Shared\ccPwd.dll
*C:\WINDOWS\system32\mslbui.dll
+3292=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCR71.dll
*C:\WINDOWS\system32\MSVCP71.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MPR.dll
*C:\PROGRA~1\SYMANT~1\SYMANT~2\NAVNTUTL.DLL
*C:\WINDOWS\system32\SXS.DLL
*c:\program files\common files\symantec shared\ssc\ScsComms.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\nts.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\cba.dll
*C:\WINDOWS\system32\MsgSys.dll
*C:\WINDOWS\system32\PDS.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\mslbui.dll
+3300=C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\MSVBVM60.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll
*C:\WINDOWS\system32\GCCollection.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\mslbui.dll
+3304=C:\WINDOWS\system32\ctfmon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\MSUTB.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
+964=C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\HPVAUT32.dll
*C:\WINDOWS\system32\HPVCP70.dll
*C:\WINDOWS\system32\HPVCR70.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\HP\hpcoretech\HPCmpMgr.dll
*C:\WINDOWS\system32\MSXML4.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\mlang.dll
+3040=C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\MSVBVM60.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll
*C:\Program Files\Microsoft AntiSpyware\gcASThreatAudit.dll
*C:\WINDOWS\system32\GCCollection.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ShFolder.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msimg32.dll
*C:\WINDOWS\system32\mscomctl.ocx
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\asycfilt.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\psapi.dll
*C:\WINDOWS\system32\hashlib.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+3568=C:\Program Files\Internet Explorer\iexplore.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\BROWSEUI.dll
*C:\WINDOWS\system32\browselc.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*c:\program files\google\googletoolbar2.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\system32\sensapi.dll
*C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\shdoclc.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\MSRATING.dll
*C:\WINDOWS\system32\msratelc.dll
*C:\WINDOWS\system32\mlang.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\mshtml.dll
*C:\WINDOWS\System32\msls31.dll
*C:\WINDOWS\System32\msimtf.dll
*C:\WINDOWS\ime\sptip.dll
*C:\WINDOWS\system32\OLEACC.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\IME\SPGRMR.DLL
*C:\WINDOWS\System32\jscript.dll
*C:\WINDOWS\system32\msxml3.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\System32\mshtmled.dll
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\System32\dispex.dll
*C:\WINDOWS\system32\plugin.ocx
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\System32\wuapi.dll
*C:\WINDOWS\system32\sfc_os.dll
+2952=C:\Documents and Settings\bobbie\Desktop\StartDreck\StartDreck.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Documents and Settings\bobbie\Desktop\StartDreck\VB40032.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\MSVCRT20.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLEPRO32.DLL
*C:\Documents and Settings\bobbie\Desktop\StartDreck\VB4DE32.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\Documents and Settings\bobbie\Desktop\StartDreck\PSAPI.DLL
+3620=C:\WINDOWS\system32\wuauclt.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\wuaucpl.cpl
*C:\WINDOWS\system32\SHFOLDER.dll
*C:\WINDOWS\system32\wuaueng.dll
*C:\WINDOWS\system32\ADVPACK.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ESENT.dll
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINHTTP.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\Cabinet.dll
*C:\WINDOWS\system32\mspatcha.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\SYNCOR11.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\wups.dll
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

MicroBell · 01-18-2006, 01:00 PM

Man o Man. Nothing is showing up. Ok this is my last chance....

Reboot into safe mode again. Run WinPfind again using these settings...

Doubleclick WinPFind.exe
Click "Configure Scan Options"
Select "Run Add ONs" and then select ALL the options in the box below it, Press Apply

*Note* This scan may produce a fairly big log as it will be looking at many registry keys. If it's too big to post...attach it to your next post.

tinkerbellnhl · 01-18-2006, 01:39 PM

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 1/7/2006 11:43:14 AM 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...
qoologic 1/3/2006 8:00:46 PM 532480 C:\Program Files\cwshredder.exe
urllogic 1/3/2006 8:00:46 PM 532480 C:\Program Files\cwshredder.exe

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/31/2003 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 1/4/2006 9:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 9:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 3/31/2003 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 www.ad-w-a-r-e.com
#127.0.0.1 ad-w-a-r-e.com

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
1/18/2006 2:20:24 PM S 2048 C:\WINDOWS\bootstat.dat
1/2/2006 10:41:54 PM RH 749 C:\WINDOWS\WindowsShell.Manifest
1/2/2006 11:37:26 PM RHS 227 C:\WINDOWS\assembly\Desktop.ini
1/3/2006 3:26:30 AM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
1/3/2006 3:26:30 AM RH 0 C:\WINDOWS\assembly\pubpol1.dat
1/3/2006 8:42:58 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
1/3/2006 8:43:06 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
1/2/2006 10:42:00 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
1/2/2006 10:42:42 PM HS 67 C:\WINDOWS\Fonts\desktop.ini
1/3/2006 1:11:10 AM H 0 C:\WINDOWS\inf\oem15.inf
1/3/2006 1:12:30 AM H 0 C:\WINDOWS\inf\oem16.inf
1/3/2006 7:33:54 AM H 0 C:\WINDOWS\inf\oem20.inf
1/2/2006 10:42:00 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
1/2/2006 10:42:22 PM RHS 727 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1.cab
1/2/2006 11:39:46 PM RHS 24031 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_10.cab
1/2/2006 11:39:56 PM RHS 5854 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_11.cab
1/2/2006 11:39:58 PM RHS 694451 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_12.cab
1/2/2006 11:40:00 PM RHS 88321 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_13.cab
1/2/2006 11:40:00 PM RHS 24370 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_14.cab
1/3/2006 2:28:12 AM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_15.cab
1/2/2006 10:42:22 PM RHS 19854 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2.cab
1/2/2006 10:42:22 PM RHS 243124 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3.cab
1/2/2006 11:39:32 PM RHS 70111 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_5.cab
1/2/2006 11:39:34 PM RHS 7079 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_6.cab
1/2/2006 11:39:34 PM RHS 72694 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_7.cab
1/2/2006 11:39:36 PM RHS 7876 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_8.cab
1/2/2006 11:39:36 PM RHS 15732 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_9.cab
1/2/2006 10:43:14 PM H 229376 C:\WINDOWS\repair\ntuser.dat
1/2/2006 10:41:54 PM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
1/2/2006 10:42:00 PM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
1/2/2006 10:41:54 PM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
1/2/2006 10:41:54 PM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
1/2/2006 10:41:54 PM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
1/2/2006 10:42:00 PM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
1/2/2006 10:41:54 PM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
11/30/2005 10:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
12/1/2005 6:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
1/2/2006 5:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
11/23/2005 6:35:40 AM S 9948 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.CAT
1/18/2006 2:20:14 PM H 8192 C:\WINDOWS\system32\config\default.LOG
1/18/2006 2:20:36 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
1/18/2006 2:20:30 PM H 20480 C:\WINDOWS\system32\config\SECURITY.LOG
1/18/2006 2:20:36 PM H 61440 C:\WINDOWS\system32\config\software.LOG
1/18/2006 2:20:30 PM H 1019904 C:\WINDOWS\system32\config\system.LOG
1/2/2006 4:29:12 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
1/2/2006 4:29:12 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
1/16/2006 8:32:02 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
1/2/2006 4:30:42 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
1/8/2006 8:51:20 PM S 18 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
1/8/2006 8:50:50 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
1/15/2006 12:31:42 PM S 569 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217
1/8/2006 8:51:02 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
1/8/2006 8:50:54 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
1/8/2006 8:51:16 PM S 19359 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
1/8/2006 8:51:06 PM S 23963 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
1/3/2006 2:28:12 AM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
1/8/2006 8:51:20 PM S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
1/8/2006 8:50:50 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
1/15/2006 12:31:42 PM S 142 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217
1/8/2006 8:51:02 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
1/8/2006 8:50:54 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
1/8/2006 8:51:16 PM S 216 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
1/8/2006 8:51:06 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
1/3/2006 2:28:12 AM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
1/2/2006 4:30:42 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
1/2/2006 10:42:24 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
1/2/2006 10:42:24 PM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
1/2/2006 10:42:24 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
1/2/2006 10:42:24 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
1/2/2006 10:42:24 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CWQM0XJH\desktop.ini
1/2/2006

01-12-2006, 02:39 PM	#22 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Lets try this.... Download/Install the tool on this page..http://www.dougknox.com/xp/utils/xp_securityconsole.htm Lauch the tool and check the "System Security" tab and see if you can take control of the firewall. Spybot detecting this entry...HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0 is fine. Set it up to ignore the entry as it's an issue with spybot and the entry is correct. My concern is the windows popup... I also need a log from the following tool... Please download Rootkit Revealer (link is at the very bottom of the page) Unzip it to your desktop. Open the rootkitrevealer folder and double-click rootkitrevealer.exe Click the Scan button (bottom right) It may take a while to scan (don't do anything while it's running) When it's done, go up to File > Save. Choose to save it to your desktop. Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

01-14-2006, 01:53 AM	#24 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	I have not messed with that program yet....so I don't know what options it has but my understanding was you can take "Control" of XP's security features from within that program. You also mentiond that "Group" that was created. When you tryed to delete the group were you logged on under the Administrator account?? Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp 1. Open the program and the "Cleaner" button should be active. 2. Click on "Run Cleaner" 3. Once thats done it will clean out the TEMP folder. 4. Now click on "Issues" and then "Scan for Issues" 5. Once it's done checkmark ALL it finds and click "Fix Selected Issues" 6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back. Close the program. Perform an online scan with Internet Explorer with Kaspersky WebScanner Next Click on Launch Kaspersky Anti-Virus Web Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Standard Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

01-15-2006, 07:50 PM	#27 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Can you post a SpySweeper log then? Configure it as followed: From the left pane, click Options Select the Sweep Options tab & ensure the following are ticked: Sweep Memory Sweep Registry Sweep Cookies Sweep All Users accounts Do Not Sweep System Restore Folder Enable Direct Disk Sweeping Sweep For Rootkits After that's done, select Sweep from the left pane & click on the Start button Allow Spysweeper to reboot your machine to remove the infected files. After rebooting, launch SpySweeper & select Results from the left pane Click the 'Session Log' tab & choose Save to File to create a log. Post that in your next reply along with an Ewido log. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

01-16-2006, 02:16 AM	#29 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Running low on ideas....except the ultimate...Reinstall Windows fix. Your logs are bascially clean as they are returning nothing but cookies which is expected. Let me have a look at what services you have running. Download GetServices http://www.bleepingcomputer.com/file...etservices.zip Unzip the files inside and run getservices.bat. It will produce a log. Please post that log. I also need you to run the following tool... You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download AproposFix from here: http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop but do NOT run it yet. Then please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. When the tool is finished, please reboot back into normal mode, and post the entire contents of the log.txt file in the aproposfix folder. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

01-17-2006, 01:52 AM	#33 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Ok... Try shutting down Symantec/Norton in case it's blocking the script and run getservices.bat again. Make sure you extracted that file to this location... C:\Getservices\getservices.bat.Try in safe mode IF it won't work in normal. Since that script is basically what we just ran,,,it should work. If it still won't run...try this... Copy autoexec.nt from c:\windows\repair\ folder to c:\windows\system32\ folder. Then try again. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

01-11-2006, 12:02 PM	#21 (permalink)
tinkerbellnhl Registered User Join Date: Jan 2006 Posts: 25 OS: Windows XP	Bump!

01-15-2006, 07:21 AM	#25 (permalink)
tinkerbellnhl Registered User Join Date: Jan 2006 Posts: 25 OS: Windows XP	I ran CCleaner fine, but I cannot get Kaspersky to work no matter what I do. I disabled all security monitoring on my computer, enabled pop-ups and Active X, but nothing. It just sits there saying it's downloading the Active X and initializing the update, etc., but it's not.

01-15-2006, 10:21 AM	#26 (permalink)
tinkerbellnhl Registered User Join Date: Jan 2006 Posts: 25 OS: Windows XP	Just thought I'd send a new HijackThis log... Logfile of HijackThis v1.99.1 Scan saved at 11:18:36 AM, on 1/15/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe C:\Program Files\HijackThis!\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sanriotown.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = bobbie O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Cu...ataManager.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase3401.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1136279193156 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

01-15-2006, 10:04 PM	#28 (permalink)
tinkerbellnhl Registered User Join Date: Jan 2006 Posts: 25 OS: Windows XP	I scanned for what you suggested. I am not subscribed to Spy Sweeper, so I could not remove the infected files, but here is what they were: 247realmedia cookie 2o7.net cookie about cookie adrevolver cookie banner cookie customer cookie dealtime cookie pointroll cookie statcounter cookie tribalfusion cookie yieldmanager cookie This is the ewido log: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 10:52:44 PM, 1/15/2006 + Report-Checksum: A2605C3A + Scan result: C:\Documents and Settings\bobbie\Cookies\bobbie@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup C:\Documents and Settings\bobbie\Cookies\bobbie@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\bobbie\Cookies\bobbie@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\bobbie\Cookies\bobbie@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wflicjcpocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\bobbie\Cookies\bobbie@e-2dj6wfmyomcpokp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\bobbie\Cookies\bobbie@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\bobbie\Cookies\bobbie@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup ::Report End Also, I cannot run Microsoft Windows Update. This is the screen I get: [Error number: 0x800A1391] The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. For self-help options: Frequently Asked Questions Find Solutions Windows Update Newsgroup For assisted support options: Microsoft Online Assisted Support (no-cost for Windows Update issues) Read more about steps you can take to resolve this problem yourself. I completed the self-help instructions of adding the MS sites to my trusted site list, but nothing changed. When I try to check for HP Software Updates it runs the System Checkup, but then will not display any results.

01-16-2006, 08:13 PM	#30 (permalink)
tinkerbellnhl Registered User Join Date: Jan 2006 Posts: 25 OS: Windows XP	I could not run the getservices.bat program. A command prompt window opened and said that it was not a recognized command, etc. Here is the apropros log: Log of AproposFix v1 ********** Running from directory: C:\Documents and Settings\bobbie\Desktop\aproposfix ******** Registry entries found: ********** No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished! Additionally, Windows Security Center is now not on. When I open it from Control Panel it tells me "The Security Center is currently unavailable because the 'Security Center' service has not started or was stopped. Is there a way to turn it back on? Or does this have something to do with someone creating a group domain and controlling my computer?

01-16-2006, 08:45 PM	#32 (permalink)
tinkerbellnhl Registered User Join Date: Jan 2006 Posts: 25 OS: Windows XP	haha i agree!! well here's the findfile.bat log: Volume in drive C has no label. Volume Serial Number is F473-BD8B Directory of C:\WINDOWS\system32 08/04/2004 01:56 AM 14,336 svchost.exe 1 File(s) 14,336 bytes Directory of C:\Documents and Settings\bobbie\Desktop And yes CMD opened the DOS window.

01-18-2006, 01:00 AM	#35 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Negative. Log is clean also.... Download: StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder

01-18-2006, 01:00 PM	#39 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Man o Man. Nothing is showing up. Ok this is my last chance.... Reboot into safe mode again. Run WinPfind again using these settings... Doubleclick WinPFind.exe Click "Configure Scan Options" Select "Run Add ONs" and then select ALL the options in the box below it, Press Apply Note This scan may produce a fairly big log as it will be looking at many registry keys. If it's too big to post...attach it to your next post. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder