HJT Log

920 Views 5 Replies 3 Participants Last post by greyknight17, Oct 1, 2005

Big_L

Discussion Starter · Sep 22, 2005

Hello,

I am having problems when I go to certain websites with Internet Explorer (hotmail, msngaming zone). The browser is constantly "busy" and loading things when the website should be done loading. I eventually get redirected to ad sites or the browser locks up. I also get audio advertisements. I have run Ad-aware, Spybot, Houseclean, and CWShredder. Thank you in advance for your help:

Logfile of HijackThis v1.99.1
Scan saved at 4:59:56 PM, on 9/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edition.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\i1a4bghd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\i1a4bghd.slt\prefs.js)
O1 - Hosts: 216.93.174.28 view.atdmt.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://login.passport.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7646DF1-5ABD-43B1-BEA5-B083B7DD536E}: NameServer = 209.193.4.7,209.193.4.8
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: LiveUpdate - {CCC22A36-B9B6-B70D-DAA0-779552291C58} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

See less See more

Save

Status: Not open for further replies.

1 - 6 of 6 Posts

MicroBell

· #2 · Sep 22, 2005

Before be begin.....

Please visit this website - http://virusscan.jotti.org/
Submit these file(s) for a comprehensive scan & then post the results back here

CTHELPER.EXE <----Make sure you only have one of these files. If you find one in another location...scan both and report your findings.

Save

Big_L

Discussion Starter · #3 · Sep 22, 2005

The text isn't copying neatly, but is says "found nothing" for all items.

Service load:
0% 100%
File: CTHELPER.EXE
Status:
OK
MD5 15f71a562eb274baae347a7a224e3bf9
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

See less See more

Save

MicroBell

· #4 · Sep 24, 2005

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Ad-Aware® SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Run hijackthis and fix these entrys....

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
O1 - Hosts: 216.93.174.28 view.atdmt.com
O21 - SSODL: LiveUpdate - {CCC22A36-B9B6-B70D-DAA0-779552291C58} - (no file)

Please run an online scan at http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Once it has finished save the activescan log. Then post that log in your next post.

Download: StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'Mark All'

UN-Check the 'NT-Services & NT-Kernel...' boxes only:
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread..

See less See more

Save

Big_L

Discussion Starter · #5 · Sep 25, 2005

Panda Active Scan results:

Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0

Stardreck log:

StartDreck (build 2.1.7 public stable) - 2005-09-24 @ 21:44:05 (GMT -07:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Owner at BIG-L-01

»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
*Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
*Steam=
*ATI Launchpad="C:\Program Files\ATI Multimedia\main\launchpd.exe"
*ATI Remote Control=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
*TaskTray="C:\Program Files\Creative\TaskBar\CTLTray.exe"
*TaskBar="C:\Program Files\Creative\TaskBar\CTLTask.exe"
»RunOnce
+CTStartup
*CTStartup="C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
»Default User
»Run
»RunOnce
»Local Machine
»Run
*hpsysdrv=c:\windows\system\hpsysdrv.exe
*PreloadApp=c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
*Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
*IgfxTray=C:\WINDOWS\System32\igfxtray.exe
*HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
*S3apphk=S3apphk.exe
*PS2=C:\WINDOWS\system32\ps2.exe
*WINDVDPatch=CTHELPER.EXE
*UpdReg=C:\WINDOWS\UpdReg.EXE
*CTStartup=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*tgcmd="C:\Program Files\support.com\bin\tgcmd.exe" /server
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*AcctMgr=C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
*ATI DeviceDetect=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
*ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe
*CTHelper=CTHELPER.EXE
*iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" %1
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar2.dll
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.google.com/ie
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://edition.cnn.com/
*Window Title=Microsoft Internet Explorer provided by Comcast
+SearchUrl
*provider=
*=http://www.google.com/keyword/%s
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.comcast.net/
*Window Title=Microsoft Internet Explorer provided by Comcast
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
*UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1}
`InprocServer32=C:\WINDOWS\system32\upnpui.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=C:\WINDOWS\downlo~1\ymsgrins.exe
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 a.tribalfusion.com
`127.0.0.1 media.fastclick.net
`127.0.0.1 media19.fastclick.net
`127.0.0.1 ads.specificpop.com
`127.0.0.1 images.trafficmp.com
`127.0.0.1 webpdp.gator.com
`127.0.0.1 ads.x10.com
`127.0.0.1 images.x10.com
`127.0.0.1 servedby.netadvertising.com
`127.0.0.1 ad.uk.doubleclick.net
`127.0.0.1 ad.ca.doubleclick.net
`127.0.0.1 ads.specificclick.com
`127.0.0.1 ads.popupsponsor.com
`127.0.0.1 adfarm.mediaplex.com
`127.0.0.1 media1.fastclick.net
`127.0.0.1 media19.fastclick.net
`127.0.0.1 media28.fastclick.net
`127.0.0.1 media29.fastclick.net
`127.0.0.1 media39.fastclick.net
`127.0.0.1 adserv.internetfuel.com
`127.0.0.1 www.satellitepop.com
`127.0.0.1 count.exitexchange.com
`127.0.0.1 servedfor.valuead.com
`127.0.0.1 banners.valuead.com
`127.0.0.1 img.mediaplex.com
`127.0.0.1 ln.doubleclick.net
`127.0.0.1 m2.doubleclick.net
`127.0.0.1 m.doubleclick.net
`127.0.0.1 media28.fastclick.net
`127.0.0.1 media39.fastclick.net
`127.0.0.1 popuptraffic.com
`127.0.0.1 leader.linkexchange.com
`127.0.0.1 iv.doubleclick.net
`127.0.0.1 focusin.ads.targetnet.com
`127.0.0.1 ads.fortunecity.com
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\ps2.EXE
*C:\WINDOWS\system32\ps2.bat
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\UNWISE.EXE
*C:\WINDOWS\UNWISE.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+528=\SystemRoot\System32\smss.exe
*C:\WINDOWS\system32\ntdll.dll
+620=\??\C:\WINDOWS\system32\csrss.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\CSRSRV.dll
*C:\WINDOWS\system32\basesrv.dll
*C:\WINDOWS\system32\winsrv.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\KERNEL32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\VERSION.dll
+660=\??\C:\WINDOWS\system32\winlogon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\PROFMAP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\SHSVCS.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\sxs.dll
*C:\WINDOWS\system32\WINSCARD.DLL
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\Ati2evxx.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\cscdll.dll
*C:\WINDOWS\system32\WlNotify.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\cscui.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
+704=C:\WINDOWS\system32\services.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SCESRV.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\umpnpmgr.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\eventlog.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\wtsapi32.dll
+716=C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\LSASRV.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\SAMSRV.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\msprivs.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\netlogon.dll
*C:\WINDOWS\system32\w32time.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\wdigest.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\scecli.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ipsecsvc.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\oakley.DLL
*C:\WINDOWS\system32\WINIPSEC.DLL
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\pstorsvc.dll
*C:\WINDOWS\system32\psbase.dll
*C:\WINDOWS\system32\dssenh.dll
+876=C:\WINDOWS\system32\Ati2evxx.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\Ati2edxx.dll
*C:\WINDOWS\system32\uxtheme.dll
+892=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\Apphelp.dll
*c:\windows\system32\termsrv.dll
*c:\windows\system32\ICAAPI.dll
*c:\windows\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\mstlsapi.dll
*c:\windows\system32\ACTIVEDS.dll
*c:\windows\system32\adsldpc.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
+972=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
+1076=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\shsvcs.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\dhcpcsvc.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*c:\windows\system32\wzcsvc.dll
*c:\windows\system32\rtutils.dll
*c:\windows\system32\WMI.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*c:\windows\system32\WTSAPI32.dll
*c:\windows\system32\ESENT.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\System32\rastls.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\RASAPI32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\SCHANNEL.dll
*C:\WINDOWS\System32\WinSCard.dll
*C:\WINDOWS\System32\raschap.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*c:\windows\system32\schedsvc.dll
*c:\windows\system32\NTDSAPI.dll
*C:\WINDOWS\System32\MSIDLE.DLL
*c:\windows\system32\audiosrv.dll
*c:\windows\system32\wkssvc.dll
*c:\windows\system32\cryptsvc.dll
*c:\windows\system32\certcli.dll
*c:\windows\system32\es.dll
*c:\windows\system32\ersvc.dll
*c:\windows\pchealth\helpctr\binaries\pchsvc.dll
*c:\windows\system32\srvsvc.dll
*c:\windows\system32\netman.dll
*c:\windows\system32\netshell.dll
*c:\windows\system32\credui.dll
*c:\windows\system32\WZCSAPI.DLL
*c:\windows\system32\seclogon.dll
*c:\windows\system32\sens.dll
*c:\windows\system32\srsvc.dll
*c:\windows\system32\POWRPROF.dll
*c:\windows\system32\tapisrv.dll
*c:\windows\system32\PSAPI.DLL
*c:\windows\system32\trkwks.dll
*c:\windows\system32\w32time.dll
*c:\windows\system32\MSVCP60.dll
*c:\windows\system32\wbem\wmisvc.dll
*C:\WINDOWS\system32\VSSAPI.DLL
*c:\windows\system32\wscsvc.dll
*c:\windows\system32\msi.dll
*c:\windows\system32\wuauserv.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*c:\windows\system32\browser.dll
*C:\WINDOWS\system32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*C:\WINDOWS\System32\SXS.DLL
*c:\windows\system32\ipnathlp.dll
*c:\windows\system32\AUTHZ.dll
*C:\WINDOWS\System32\Wbem\wbemcore.dll
*C:\WINDOWS\System32\Wbem\esscli.dll
*C:\WINDOWS\System32\Wbem\FastProx.dll
*C:\WINDOWS\system32\comsvcs.dll
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\System32\CLUSAPI.DLL
*C:\WINDOWS\System32\RESUTILS.DLL
*C:\WINDOWS\System32\wbem\wmiutils.dll
*C:\WINDOWS\System32\wbem\repdrvfs.dll
*C:\WINDOWS\System32\wbem\wmiprvsd.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\System32\wbem\wbemess.dll
*C:\WINDOWS\System32\wbem\ncprov.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\netcfgx.dll
*C:\WINDOWS\System32\upnp.dll
*C:\WINDOWS\System32\SSDPAPI.dll
*C:\WINDOWS\System32\rasmans.dll
*C:\WINDOWS\System32\WINIPSEC.DLL
*C:\WINDOWS\System32\rastapi.dll
*C:\WINDOWS\System32\unimdm.tsp
*C:\WINDOWS\System32\uniplat.dll
*C:\WINDOWS\System32\unimdmat.dll
*C:\WINDOWS\system32\modemui.dll
*C:\WINDOWS\System32\kmddsp.tsp
*C:\WINDOWS\System32\ndptsp.tsp
*C:\WINDOWS\System32\ipconf.tsp
*C:\WINDOWS\System32\h323.tsp
*C:\WINDOWS\System32\hidphone.tsp
*C:\WINDOWS\System32\HID.DLL
*C:\WINDOWS\System32\rasppp.dll
*C:\WINDOWS\System32\ntlsapi.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\System32\cryptdll.dll
*C:\WINDOWS\System32\RASDLG.dll
*C:\WINDOWS\system32\Apphelp.dll
*c:\windows\system32\qmgr.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\MSXML3.DLL
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\dssenh.dll
*C:\WINDOWS\System32\cryptnet.dll
*C:\WINDOWS\System32\SensApi.dll
*C:\WINDOWS\System32\catsrvut.dll
*C:\WINDOWS\System32\MfcSubs.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\catsrv.dll
*C:\WINDOWS\system32\wups.dll
+1132=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\dnsrslvr.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1196=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\lmhsvc.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\webclnt.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\wsock32.dll
*c:\windows\system32\ssdpsrv.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1464=C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SPOOLSS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\localspl.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\winspool.drv
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\cnbjmon.dll
*C:\WINDOWS\system32\FXSMON.DLL
*C:\WINDOWS\system32\FXSEVENT.dll
*C:\WINDOWS\system32\pjlmon.dll
*C:\WINDOWS\system32\tcpmon.dll
*C:\WINDOWS\system32\usbmon.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\win32spl.dll
*C:\WINDOWS\system32\NETRAP.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\inetpp.dll
*C:\WINDOWS\system32\xpsp2res.dll
+2012=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP70.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
+2036=C:\WINDOWS\System32\CTsvcCDA.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
+168=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\psapi.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
+192=C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP70.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT32.DLL
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+380=C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\PROGRA~1\NORTON~2\NORTON~2\NUMISC.dll
*C:\PROGRA~1\NORTON~2\NORTON~2\S32KRNLL.DLL
*C:\PROGRA~1\NORTON~2\NORTON~2\S32UTILL.DLL
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Program Files\Norton SystemWorks\Norton Utilities\NPComSvr.DLL
+488=C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT32.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\Program Files\Common Files\Symantec Shared\ccScan.dll
*C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
*C:\WINDOWS\system32\MSVCP70.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050921.017\ecmsvr32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050921.017\NAVEX32a.DLL
*C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050921.017\NAVENG32.DLL
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVAP32.DLL
*C:\Program Files\Common Files\Symantec Shared\Decomposers\DECSDK.DLL
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2EXE.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
*C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
+356=C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\SDException.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSVCRT.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\SDOptions.dll
*C:\WINDOWS\system32\msi.dll
*C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\VolumeS.dll
*C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\sdntdrv.dll
*C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\SdEng.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\perfproc.dll
+588=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
*C:\WINDOWS\system32\MSVCR70.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
+920=C:\WINDOWS\system32\wdfmgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
+1016=C:\WINDOWS\System32\MsPMSPSv.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSVCRT.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\System32\SAMLIB.dll
+1140=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\MSVCP70.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL
*C:\PROGRA~1\NORTON~2\NORTON~1\NAVEVENT.DLL
+1232=C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\DBGHELP.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\MSVCP70.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\Program Files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll
*C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis7.dll
*C:\Program Files\Common Files\Symantec Shared\Security Center\sscnis56.dll
*C:\Program Files\Common Files\Symantec Shared\Security Center\sscnav.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\wbem\wbemprox.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVAPSCR.dll
*C:\WINDOWS\system32\ATL70.DLL
*C:\WINDOWS\system32\WININET.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT32.DLL
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVError.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\NAVOpts.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\N32Exclu.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\S32NAVO.DLL
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\System32\wbem\fastprox.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\Program Files\Symantec\LiveUpdate\NetDetectController_2_6.DLL
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\System32\mstask.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+1880=C:\WINDOWS\system32\Ati2evxx.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\Ati2edxx.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\MSCTF.dll
+2060=C:\WINDOWS\Explorer.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\BROWSEUI.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\System32\themeui.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\MSIMG32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\System32\urlmon.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\System32\webcheck.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\stobject.dll
*C:\WINDOWS\System32\BatMeter.dll
*C:\WINDOWS\System32\POWRPROF.dll
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\system32\upnpui.dll
*C:\WINDOWS\System32\upnp.dll
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\SSDPAPI.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\ctagent.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\fxsst.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\FXSAPI.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\cryptnet.dll
*C:\WINDOWS\system32\SensApi.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\system32\wmvcore.dll
*C:\WINDOWS\system32\WMASF.DLL
*C:\WINDOWS\System32\mlang.dll
*C:\WINDOWS\system32\shdoclc.dll
*C:\WINDOWS\system32\browselc.dll
*C:\WINDOWS\system32\DUSER.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
*C:\WINDOWS\System32\mydocs.dll
*C:\WINDOWS\system32\mscms.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\qasf.dll
*C:\WINDOWS\System32\quartz.dll
*C:\WINDOWS\system32\msdmo.dll
*C:\WINDOWS\system32\wmvdmod.dll
*C:\Program Files\ATI Multimedia\mlibrary\mlenu.rsc
*C:\WINDOWS\system32\RASAPI32.DLL
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\Program Files\Norton SystemWorks\Password Manager\PPBHO.dll
*C:\WINDOWS\System32\System\msxml4.dll
*C:\WINDOWS\System32\igfxpph.dll
*C:\WINDOWS\System32\hccutils.DLL
*C:\WINDOWS\system32\igfxres.dll
*C:\WINDOWS\System32\igfxsrvc.dll
*C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL
*C:\WINDOWS\System32\zipfldr.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\midimap.dll
*C:\Program Files\msaccrt\Access 97\soa800.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
*C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
*c:\windows\system32\jscript.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
*C:\WINDOWS\system32\MSVCP70.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\Program Files\ATI Multimedia\mlibrary\MLShell.dll
*C:\WINDOWS\system32\MFC42.DLL
*C:\Program Files\ATI Multimedia\atisserv.dll
+2436=C:\WINDOWS\System32\alg.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\MSWSOCK.DLL
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\xpsp2res.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
+2768=C:\windows\system\hpsysdrv.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\MSCTF.dll
+2812=C:\WINDOWS\system32\S3apphk.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\MSCTF.dll
+2820=C:\WINDOWS\system32\ps2.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\MSCTF.dll
+2848=C:\WINDOWS\system32\CTHELPER.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\MFC42.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\COMCTL32.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL
*C:\WINDOWS\SYSTEM32\CTDC0001.DLL
*C:\WINDOWS\SYSTEM32\WINMM.dll
*C:\WINDOWS\SYSTEM32\ctosuser.dll
*C:\WINDOWS\SYSTEM32\CTDPROXY.DLL
*C:\WINDOWS\SYSTEM32\PIAPROXY.DLL
*C:\WINDOWS\system32\ctagent.dll
*C:\WINDOWS\system32\ctspkhlp.dll
*C:\WINDOWS\system32\DSOUND.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\KsUser.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\CTDCRES.DLL
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\mslbui.dll
+3020=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCP70.dll
*C:\WINDOWS\system32\MSVCR70.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\Program Files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\Program Files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WinTrust.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL
*C:\WINDOWS\system32\MSWSOCK.dll
*C:\WINDOWS\system32\SYMREDIR.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\CCIMSCAN.DLL
*C:\WINDOWS\system32\ATL70.DLL
*C:\PROGRA~1\NORTON~2\NORTON~1\DEFALERT.DLL
*C:\WINDOWS\system32\WININET.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\NAVAPW32.DLL
*C:\PROGRA~1\NORTON~2\NORTON~1\apwutil.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\SAVRT32.DLL
*C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVOPTRF.DLL
*C:\Program Files\Norton SystemWorks\Norton Antivirus\apwcmdnt.dll
*C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
*C:\WINDOWS\System32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\ctagent.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NavEmail.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\urlmon.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\NAVOpts.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\N32Exclu.dll
*C:\PROGRA~1\NORTON~2\NORTON~1\S32NAVO.DLL
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVError.dll
*C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVAPSCR.dll
*C:\WINDOWS\system32\mslbui.dll
+3080=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\Apphelp.dll
+3200=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
*C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
*C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
*C:\WINDOWS\system32\DINPUT8.dll
*C:\WINDOWS\system32\HID.DLL
*C:\WINDOWS\system32\SETUPAPI.DLL
*C:\WINDOWS\system32\WINMM.DLL
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
+3276=C:\WINDOWS\system32\ctfmon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\MSUTB.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\ctagent.dll
+3376=C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\MFC42.DLL
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\Program Files\ATI Multimedia\atisserv.dll
*C:\Program Files\ATI Multimedia\RemCtrl\RWEnu.Rsc
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\ctagent.dll
*C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\GEMSTARRMTPGN.DLL
*C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\MLRMTPGN.DLL
*C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\POWERPOINT.DLL
*C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\WINAMP.DLL
*C:\Program Files\ATI Multimedia\RemCtrl\x10net.dll
*C:\WINDOWS\system32\MSIMG32.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\ATIRWRF.DLL
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\WINDOWS\system32\WINSTA.dll
+3648=C:\WINDOWS\system32\rundll32.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\PROGRA~1\ATIMUL~1\RemCtrl\x10net.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSIMG32.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\shfolder.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\msi.dll
+1724=C:\WINDOWS\system32\rundll32.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\appwiz.cpl
*C:\WINDOWS\system32\DUSER.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\OLEACC.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\xpsp1res.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\NETAPI32.DLL
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\ctagent.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\System32\browseui.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\odbcint.dll
+1100=C:\Program Files\iPod\bin\iPodService.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\CFGMGR32.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
*C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\Wtsapi32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+3516=C:\Program Files\iTunes\iTunesHelper.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
*C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
*C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\SXS.DLL
+1492=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SAMLIB.dll
+3300=C:\WINDOWS\system32\NOTEPAD.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\ctagent.dll
*C:\WINDOWS\system32\mslbui.dll
+2324=C:\Stardreck\StartDreck.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Stardreck\VB40032.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\MSVCRT20.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLEPRO32.DLL
*C:\Stardreck\VB4DE32.DLL
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\ctagent.dll
*C:\WINDOWS\system32\mslbui.dll
*C:\Stardreck\PSAPI.DLL
+248=C:\Program Files\Messenger\msmsgs.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\uxtheme.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\S3appdll.dll
*C:\WINDOWS\system32\XPOB2RES.DLL
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\System32\es.dll
*C:\WINDOWS\system32\wtsapi32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\$NtServicePackUninstall$\rtcimsp.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\RASAPI32.dll
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
*C:\WINDOWS\System32\termmgr.dll
*C:\WINDOWS\System32\quartz.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.DxmRtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
*C:\WINDOWS\system32\MSVFW32.dll
*C:\WINDOWS\system32\DSOUND.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\system32\hnetcfg.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\devenum.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\msdmo.dll
*C:\WINDOWS\system32\dpnhupnp.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\USERENV.dll
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

See less See more

Save

greyknight17

· #6 · Oct 1, 2005

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Download Hoster http://www.greyknight17.com/spy/Hoster.exe and run it. Choose the 'Restore Original Hosts' button and press OK.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Restart your computer. Post the logs for HijackThis and Ewido.

See less See more

Save

1 - 6 of 6 Posts

Status: Not open for further replies.

Top Contributors this Month