Tech Support banner
Status
Not open for further replies.
1 - 16 of 16 Posts

·
Registered
Joined
·
13 Posts
Discussion Starter · #1 ·
I have been looking at a friends computer for a couple of days now but I am still receiving problems with certain services not starting and strange .t files appearing.
I have chgecked other threads and tried to follow the instructions for adirss.exe, _MZU_stonedrv8.exe and ibm00009.exe which were all found but there still seems to be a problem :upset: . I have run AVG Anti Spyware and it found over 300 objects which I have removed

OS = XP Home ed
AV = currently doesn't have any running as I needed to un-install their recent purchase of Tesco internet security as it seemed to grind everything to a halt.

Below is the HJT log any help would be greatly appreciated

Logfile of HijackThis v1.99.1
Scan saved at 14:44:34, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
I:\Spyware Removers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: Domain Helper - {B8A5DE1C-BC13-4DD2-BF00-7BE3C603F9F2} - C:\WINDOWS\system32\DomainHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Onfolio Server.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?278ba740d48d402d8770cee51c779e71
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?278ba740d48d402d8770cee51c779e71
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#8 in chain of 22 missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/s.../pages/scanner/ErrorSafeNewReleaseInstall.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{287CCA34-F79F-4923-AD08-ECE618BD200C}: NameServer = 141.122.173.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9E8354C-7315-4595-B963-A74914BD6610}: NameServer = 141.122.173.26
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: DCOM Server 2240 - {2C1CD3D7-86AC-4068-93BC-A02304BB2240} - C:\WINDOWS\system32\uaeer.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 

·
Registered
Joined
·
2,009 Posts
Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".


regards
alba
 

·
Registered
Joined
·
2,009 Posts
Hello again Tava


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

Here is a list of free anti-virus applications that you can use instead of Tesco's

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================

Download to your desktop NetOptimiser removal tool
Double click on the icon to run the tool

=================

Please download ATF Cleaner- Here

=================

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

=================

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

=================


Download combofix from here.

**Save it directly to your desktop**


=================

Download LSPFix.exe
Unzip the file to a folder on your desktop.
Double-click to run
Then click the FINISH button. Restart your computer.

=================

Go to <<Start>> then <<Run>> then paste in the single line command then click OK

"%userprofile%\desktop\combofix.exe" /v DomainHelper uaeer



When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===========================================

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

===============================================


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: Domain Helper - {B8A5DE1C-BC13-4DD2-BF00-7BE3C603F9F2} - C:\WINDOWS\system32\DomainHelper.dll
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/si...aseInstall.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll


Please remember to close all other windows, including browsers then click Fix checked.

===============================================

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following files:
[*]C:\WINDOWS\system32\wservice.exe
[/list]
=================

ATF Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

=================

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

===============================================

Open the extracted SDFix folder and double click RunThis.bat to start the script. [*] Type Y to begin the cleanup process.[*] It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. [*] Press any Key and it will restart the PC. [*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.[*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).[*] Finally paste the contents of the Report.txt here[/list]

===============================================


REBOOT TO NORMAL MODE

=================

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


=================

Please run combofix again and save the log

=================

Please Run a scan with HiJackThis and save the log

===============================================

In your next post, please include fresh logs from:
  1. ComboFix2.txt
  2. AVG Anti-Spyware's Log
  3. SDfix Report.txt
  4. Online scan
  5. combofix.txt
  6. HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #4 ·
Thanks very much i have not had time to go through it all yet but have printed off the list of instructions and will go through them tonight

Once again thanks
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #5 ·
Ok here are the reports
One problem that still persists is that some of my services are not starting up
System Event Notifiction
DHCP
This is preventing me from going online with the machine when I check the services they are just starting and seem to be stuck. This also prevents me from installing the free edition of AVG as this service can not be started either :4-dontkno

Reports

ComboFIX

((((((((((((((((((((((((((((((( Files Created from 2006-12-02 to 2007-01-02 ))))))))))))))))))))))))))))))))))


2007-01-02 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-01-02 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-01-02 17:42 <DIR> d-------- C:\SDFix
2007-01-02 17:33 5,707 --a------ C:\DOCUME~1\KAYLEI~1\KhsLeI4.exe
2006-12-31 14:06 5,707 --a------ C:\DOCUME~1\KAYLEI~1\DqVKQee.exe
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2006-12-31 12:44 <DIR> d-------- C:\!KillBox
2006-12-30 13:49 5,707 --a------ C:\DOCUME~1\LARRAI~1\iviVB0s.exe
2006-12-30 07:58 5,707 --a------ C:\DOCUME~1\LARRAI~1\t0tTxT6.exe
2006-12-30 06:21 5,707 --a------ C:\DOCUME~1\STEVEN~1\BQ2dti0.exe
2006-12-30 06:19 5,707 --a------ C:\DOCUME~1\STEVEN~1\h2GLRra.exe
2006-12-29 14:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-29 14:52 <DIR> d-------- C:\Program Files\Grisoft
2006-12-28 23:34 5,707 --a------ C:\DOCUME~1\LARRAI~1\k40mt6v.exe
2006-12-27 15:42 5,707 --a------ C:\DOCUME~1\LARRAI~1\jV3I02g.exe
2006-12-26 12:43 5,707 --a------ C:\DOCUME~1\STEVEN~1\O47IvÐ5.exe
2006-12-26 10:10 5,707 --a------ C:\DOCUME~1\STEVEN~1\x2fX351.exe
2006-12-20 08:39 5,707 --a------ C:\DOCUME~1\LARRAI~1\mbboD8V.exe
2006-12-19 21:27 5,707 --a------ C:\DOCUME~1\LARRAI~1\p3Dn2Lx.exe
2006-12-19 21:09 5,707 --a------ C:\DOCUME~1\STEVEN~1\[email protected]
2006-12-19 20:30 5,707 --a------ C:\DOCUME~1\STEVEN~1\tIPv4kc.exe
2006-12-19 20:19 5,707 --a------ C:\DOCUME~1\STEVEN~1\NHiVBJ2.exe
2006-12-19 20:05 <DIR> d-------- C:\Program Files\Tesco Software
2006-12-19 20:04 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2006-12-19 19:59 5,707 --a------ C:\DOCUME~1\STEVEN~1\woKH60H.exe
2006-12-19 19:33 5,707 --a------ C:\DOCUME~1\STEVEN~1\d868447.exe
2006-12-18 18:16 5,707 --a------ C:\DOCUME~1\STEVEN~1\uKBLgCV.exe
2006-12-18 16:02 5,707 --a------ C:\DOCUME~1\STEVEN~1\hkO6lIK.exe
2006-12-18 15:05 5,707 --a------ C:\DOCUME~1\STEVEN~1\pF8uSb2.exe
2006-12-17 14:55 5,707 --a------ C:\DOCUME~1\STEVEN~1\HBbOTB4.exe
2006-12-17 13:43 5,707 --a------ C:\DOCUME~1\STEVEN~1\W05A34F.exe
2006-12-17 12:57 5,707 --a------ C:\DOCUME~1\STEVEN~1\u5PtD70.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-30 20:49 -------- d--h----- C:\Program Files\installshield installation information
2006-12-29 16:01 -------- d-------- C:\Program Files\lexmark x1100 series
2006-12-29 16:01 -------- d-------- C:\Program Files\avrack
2006-12-19 20:06 -------- d-------- C:\Program Files\onfolio
2006-12-19 20:06 -------- d-------- C:\Program Files\messenger
2006-12-19 19:43 -------- d-------- C:\Program Files\ca
2006-12-18 15:38 -------- d-------- C:\Program Files\samsung
2006-11-24 20:26 1329 --a------ C:\WINDOWS\system32\rss1c9d3.sys
2006-11-14 18:24 -------- d-------- C:\Program Files\windows live toolbar
2006-11-14 18:24 -------- d-------- C:\Program Files\windows live favorites
2006-11-12 19:37 62976 --a------ C:\WINDOWS\system32\rss1c9d3.dll
2006-11-12 19:37 106496 --a------ C:\WINDOWS\system32\domainhelper.dll
2006-11-09 17:23 5705 --a------ C:\WINDOWS\system32\uibhs38.exe
2006-11-06 19:33 161280 --a------ C:\WINDOWS\system32\uaeer.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-01 14:44 5707 --a------ C:\WINDOWS\system32\jtix01h.exe
2006-10-23 21:50 237194 -r--s---- C:\WINDOWS\system32\l44q0eh5eh4.dll
2006-10-23 21:50 236650 -r--s---- C:\WINDOWS\system32\uhrsvpia.dll
2006-10-23 15:09 160256 --a------ C:\WINDOWS\system32\vmpy.dll
2006-10-23 15:02 53835 --a------ C:\WINDOWS\system32\image1.gif.exe
2006-10-23 14:52 5840 --a------ C:\WINDOWS\system32\520932ld.exe
2006-10-23 09:23 235078 -r--s---- C:\WINDOWS\system32\beowsewm.dll
2006-10-23 09:21 235561 -r--s---- C:\WINDOWS\system32\jr4025hmg.dll
2006-10-23 09:20 235230 -r--s---- C:\WINDOWS\system32\i2nm0c51ef.dll
2006-10-23 09:20 235078 -r--s---- C:\WINDOWS\system32\ngtplwiz.dll
2006-10-22 13:12 235078 -r--s---- C:\WINDOWS\system32\ge400ehmeh4a0.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"UpdateService"="C:\\WINDOWS\\system32\\wservice.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SoundMan"="SOUNDMAN.EXE"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"lxbymon.exe"="\"C:\\Program Files\\Lexmark P910 Series\\lxbymon.exe\""
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"EzPrint"="\"C:\\Program Files\\Lexmark P910 Series\\ezprint.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adir]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adirss"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\adirss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Enc Spam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="knob army"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\KAYLEI~1\\APPLIC~1\\COOLPO~1\\knob army.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00009"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00009.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Defender"
"hkey"="HKLM"
"command"="C:\\Program Files\\SpySpotter3\\Defender.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_mzu_stonedrv8]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="_mzu_stonedrv8"
"hkey"="HKLM"
"command"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


Completion time: 07-01-02 20:14:16.46
C:\ComboFix2.txt ... 07-01-02 17:52





AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:52:15 02/01/2007

+ Scan result:



C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183125.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183124.dll -> Adware.Chiem : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183126.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183098.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183099.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183100.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183101.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183102.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183103.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183104.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183105.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183106.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183107.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183108.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183109.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183110.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183111.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183112.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183113.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183114.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183115.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183116.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183117.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183118.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183119.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183120.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183121.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183122.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183123.dll -> Adware.SideFind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183127.exe -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183091.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183094.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183092.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183096.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183089.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183090.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183093.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9AD51B9A-18ED-4476-AF99-D565CEC6CE2E}\RP81\A0183095.dll -> Worm.Banwarum.f : Cleaned with backup (quarantined).


::Report end




SDFix: Version 1.53
****************

02/01/2007 - 19:55:27.54

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\DOCUME~1\ADMINI~1\DESKTOP\AAAAAENX.T
C:\DOCUME~1\ADMINI~1\DESKTOP\SLTCHTYL.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAAFK.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAAFP.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAAGK.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAAJP.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAAQF.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAAVA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAIKA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAMCX.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAMSM.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAMVD.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAATDM.T
C:\DOCUME~1\CHRISM~1\DESKTOP\AAAAAYGQ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWEHA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWEIQ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWEOG.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWEOQ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWERW.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWMKP.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWQAA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWQDY.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWQJM.T
C:\DOCUME~1\CHRISM~1\DESKTOP\DGYRWQVX.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTIEX.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTIJD.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTILK.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTLPM.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTQJS.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTQTJ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTQTL.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTUXX.T
C:\DOCUME~1\CHRISM~1\DESKTOP\GMXJTYXE.T
C:\DOCUME~1\CHRISM~1\DESKTOP\JSWBQLDJ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\JSWBQMCK.T
C:\DOCUME~1\CHRISM~1\DESKTOP\JSWBQMDE.T
C:\DOCUME~1\CHRISM~1\DESKTOP\JSWBQMOQ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\JSWBQMRY.T
C:\DOCUME~1\CHRISM~1\DESKTOP\JSWBQTDL.T
C:\DOCUME~1\CHRISM~1\DESKTOP\JSWBQYLX.T
C:\DOCUME~1\CHRISM~1\DESKTOP\MYVSNDRF.T
C:\DOCUME~1\CHRISM~1\DESKTOP\MYVSNDRK.T
C:\DOCUME~1\CHRISM~1\DESKTOP\MYVSNDSA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\MYVSNLPQ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\MYVSNQDR.T
C:\DOCUME~1\CHRISM~1\DESKTOP\MYVSNQNG.T
C:\DOCUME~1\CHRISM~1\DESKTOP\MYVSNQXR.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKHHA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUDD.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUGS.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUHJ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUOW.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUOY.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUPL.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUSS.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUTA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUUP.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKUXQ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKYPX.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKYTF.T
C:\DOCUME~1\CHRISM~1\DESKTOP\PFUKKYTP.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHHNG.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHLNA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHYDA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHYEA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHYED.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHYJA.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHYQE.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHYQL.T
C:\DOCUME~1\CHRISM~1\DESKTOP\SLTCHYUW.T
C:\DOCUME~1\CHRISM~1\DESKTOP\VRSTEDBJ.T
C:\DOCUME~1\CHRISM~1\DESKTOP\VRSTEDPG.T
C:\DOCUME~1\CHRISM~1\DESKTOP\VRSTEDTD.T
C:\DOCUME~1\CHRISM~1\DESKTOP\VRSTEDTL.T
C:\DOCUME~1\CHRISM~1\DESKTOP\VRSTEPAP.T
C:\DOCUME~1\CHRISM~1\DESKTOP\VRSTEPRX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAAX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAABD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAEQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAER.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAIE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAIY.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAML.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAMS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAPX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAQR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAQW.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAARS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAVA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAAWS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAHMW.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAIHD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\AAAAAQDD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWDIL.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWEGE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWEKE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWEOS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWEPX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWESL.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWEVR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWEWW.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMIP.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMIQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMIY.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMJA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMJD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMJE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMMA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMML.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMNQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWMNX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\DGYRWQJX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTICR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIDD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIEA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIEM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIHG.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIMA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIMK.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIUJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIUS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIYD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTIYS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTQBM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTQOF.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTQSS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\GMXJTQWA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMBX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMCA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMCQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMGJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMGR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMIX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMJX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMNS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMSF.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMVX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMWK.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMXD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQMYY.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQUAK.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQURS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQURY.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQUYG.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\JSWBQYVK.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQDJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQHF.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQHK.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQHY.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQLP.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQTF.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQTJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQYP.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNQYX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNXLK.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNYBM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNYFM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNYSE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\MYVSNYXM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKTDA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUAD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUBE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUBW.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUFW.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUIR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUJF.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUJG.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKULD.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUND.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUNQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUNX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKURE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKURJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKURL.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUSR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUVS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUVY.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\PFUKKUWS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHHAJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHHFQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHHKW.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHHOX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHHSJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHHWM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHPOY.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYBS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYCK.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYHE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYHG.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYHQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYLM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYTA.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYTJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYTL.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYTP.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYTS.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYXJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\SLTCHYXQ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTECXL.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTEDIE.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTEDIM.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTEDMX.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTEDNR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTEDUL.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTEDWR.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTELCG.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTELGJ.T
C:\DOCUME~1\ALLUSE~1\APPLIC~1\COMPAR~1\VRSTELPL.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\AAAAAAJX.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\AAAAAAUJ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\AAAAAIGM.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\AAAAAMAM.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWECA.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWECG.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWETY.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWEUK.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWIUJ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWMRW.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWQCD.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWQDL.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWQEW.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\DGYRWQVK.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTHWD.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTIAR.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTIOM.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTIRQ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTIVP.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTLXP.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTMSJ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTQQM.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTUKY.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTUOJ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTUSM.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTUXR.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\GMXJTYXK.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQLYE.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQMGE.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQMHA.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQMPL.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQQHX.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQYJK.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQYPD.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\JSWBQYVP.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNDRF.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNKCQ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNQBF.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNQBX.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNQCP.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNQCY.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNQMR.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNQVR.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\MYVSNQWE.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKDCR.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKHCF.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKHLS.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKULK.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKURJ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKUUK.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKUUL.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\PFUKKUVK.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHDAX.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHDRF.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHGAW.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHHWR.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHTCQ.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYEP.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYFD.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYHM.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYID.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYIW.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYRL.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYUP.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\SLTCHYYM.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\VRSTEDWX.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\VRSTELCW.T
C:\DOCUME~1\CHRISM~1\LOCALS~1\TEMP\VRSTEPOA.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAER.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAKM.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAALL.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAMD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAMS.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAQE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAQS.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAUF.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAVE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAAWD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAIYR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAMSG.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\AAAAAYXE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWEFK.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWEFQ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWEGE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWEOD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWEOE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWMRD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWQAY.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWQTD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\DGYRWQYK.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTHWL.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIEA.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIEP.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIGE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIGF.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIPD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIQR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIUA.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTIUR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTPHY.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTQGM.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTQTD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTUKM.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTUTE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\GMXJTYTR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQMJE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQMKK.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQMNW.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQMRD.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQMRS.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQMVA.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQUHS.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\JSWBQYIQ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\MYVSNQLW.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\MYVSNQTR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\MYVSNQXR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\MYVSNUQE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\MYVSNYKW.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKDUF.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKHGA.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKHHX.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKPFP.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKUEM.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKUMM.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKURR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKUUQ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKUVK.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\PFUKKXFJ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\SLTCHLRJ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\SLTCHSVQ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\SLTCHYCR.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\SLTCHYIX.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\SLTCHYOE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\SLTCHYSL.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\SLTCHYXJ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEDIX.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEDNK.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEDPG.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEDRY.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEDVE.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEDVX.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTELCY.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTELPJ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTELSS.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEPFJ.T
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\IDEUTIL\VRSTEPXR.T
C:\WINDOWS\system32\mini8tone.ini
C:\WINDOWS\system32\_mzu_stonedrv8.exe
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\system32\MZU_DRV.sys
C:\WINDOWS\system32\winsub.xml

Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
:lzx32.sys 69500
Total size: 69500 bytes.

Removing ADS

system32: deleted 69500 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\lxbycoms.exe"="C:\\WINDOWS\\system32\\lxbycoms.exe:*:Disabled:p910 Series Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"="C:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe:*:Enabled:MSN"
"%windir%\\system32\\ccapp.exe"="%windir%\\system32\\ccapp.exe:*:Enabled:System Process"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msrg.exe"="C:\\Program Files\\MSN Messenger\\msrg.exe:*:Enabled:Messenger"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\WINDOWS\\system32\\taskdir~.exe"="C:\\WINDOWS\\system32\\taskdir~.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\system32\\adirss.exe:*:Enabled:enable"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Claire Metcalf\Local Settings\Temp\$b17a2e8.tmp
C:\Documents and Settings\Larraine Metcalf\Local Settings\Temp\$b17a2e8.tmp
C:\Documents and Settings\Steven Metcalf\Local Settings\Temp\$b17a2e8.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0838e3ca46c974d22be0ec664b800381\BIT56.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2337f75b6cfb9c1756b2d48701476ee3\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2f8972f47c1980a533dc0f726730f789\BIT5.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\321ca12b9fa3a6e84c5208a19d84f4b9\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3a84255fa53bf624e6efd81d8d5d3ebf\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4507315e795e4b1a19374ad387e506fb\BIT8.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\BIT4.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c38f81748688325a9df6ee13850c72ae\BITB.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ecfce25a95ce63c5f2916759afdade7f\BITC.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa6a8b6ef758224c8bfe859aa426f0c7\BIT6.tmp

FINISHED!



Logfile of HijackThis v1.99.1
Scan saved at 20:15:01, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lexmark P910 Series\lxbymon.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Onfolio\onfserv.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\lxbycoms.exe
C:\Documents and Settings\Kayleigh Metcalf\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iqon.ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UpdateService] C:\WINDOWS\system32\wservice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Onfolio Server.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?278ba740d48d402d8770cee51c779e71
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?278ba740d48d402d8770cee51c779e71
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O17 - HKLM\System\CCS\Services\Tcpip\..\{287CCA34-F79F-4923-AD08-ECE618BD200C}: NameServer = 141.122.173.26
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9E8354C-7315-4595-B963-A74914BD6610}: NameServer = 141.122.173.26
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe



Hope this helps as I say I can not do a Panda Active Online scan as the machine will not obtain an IP address. I have tried setting a static but it doesn't want to know?

Many Thanks with the help
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #6 ·
Another Quick question

The machine I am looking at has multiple user profiles. Will I have to perform this in everyones profile or will logging into one do the trick?
 

·
Registered
Joined
·
2,009 Posts
Hi Tava

Can you post the other combofix log - combofix2.txt please


regards

alba
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #8 ·
Opps sorry I think I may have saved over the the first combofix log and this is the second one.

I checked both my combofix.txt and comobofix2.txt and the date and time of the scans are identical.

I will double check though
 

·
Registered
Joined
·
2,009 Posts
Hello Tava

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.


=================

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


Please run combofix again and post the log here with the DrWeb log
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #10 ·
07-01-04 19:14:44.14 Service Pack 2
ComboFix 06-12-29W-BetaE2 - Running from: "C:\Documents and Settings\*******\Desktop"
Command switches used :: /v domainhelper uaeer

((((((((((((((((((((((((((((((( Files Created from 2006-12-04 to 2007-01-04 ))))))))))))))))))))))))))))))))))


2007-01-04 18:21 <DIR> d-------- C:\DOCUME~1\KAYLEI~1\DoctorWeb
2007-01-02 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-01-02 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-01-02 17:42 <DIR> d-------- C:\SDFix
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2006-12-31 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2006-12-31 12:44 <DIR> d-------- C:\!KillBox
2006-12-29 14:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-29 14:52 <DIR> d-------- C:\Program Files\Grisoft
2006-12-19 20:05 <DIR> d-------- C:\Program Files\Tesco Software
2006-12-19 20:04 <DIR> d-------- C:\Program Files\Common Files\Panda Software


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-04 18:29 -------- d-------- C:\DOCUME~1\KAYLEI~1\Application Data\sect live more
2007-01-04 18:20 -------- d-------- C:\Program Files\Common Files\sony shared
2006-12-30 20:49 -------- d--h----- C:\Program Files\installshield installation information
2006-12-29 16:01 -------- d-------- C:\Program Files\lexmark x1100 series
2006-12-29 16:01 -------- d-------- C:\Program Files\avrack
2006-12-19 20:06 -------- d-------- C:\Program Files\onfolio
2006-12-19 20:06 -------- d-------- C:\Program Files\messenger
2006-12-19 19:43 -------- d-------- C:\Program Files\ca
2006-12-18 15:38 -------- d-------- C:\Program Files\samsung
2006-11-24 20:26 1329 --a------ C:\WINDOWS\system32\rss1c9d3.sys
2006-11-14 18:24 -------- d-------- C:\Program Files\windows live toolbar
2006-11-14 18:24 -------- d-------- C:\Program Files\windows live favorites
2006-11-12 19:37 62976 --a------ C:\WINDOWS\system32\rss1c9d3.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-23 21:50 237194 -r--s---- C:\WINDOWS\system32\l44q0eh5eh4.dll
2006-10-23 21:50 236650 -r--s---- C:\WINDOWS\system32\uhrsvpia.dll
2006-10-23 09:23 235078 -r--s---- C:\WINDOWS\system32\beowsewm.dll
2006-10-23 09:21 235561 -r--s---- C:\WINDOWS\system32\jr4025hmg.dll
2006-10-23 09:20 235230 -r--s---- C:\WINDOWS\system32\i2nm0c51ef.dll
2006-10-23 09:20 235078 -r--s---- C:\WINDOWS\system32\ngtplwiz.dll
2006-10-22 13:12 235078 -r--s---- C:\WINDOWS\system32\ge400ehmeh4a0.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"SoundMan"="SOUNDMAN.EXE"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"lxbymon.exe"="\"C:\\Program Files\\Lexmark P910 Series\\lxbymon.exe\""
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"EzPrint"="\"C:\\Program Files\\Lexmark P910 Series\\ezprint.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Power2GoExpress"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\""
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


Completion time: 07-01-04 19:16:20.76

DR Webb report

eTrustAntivirusInstaller.exe;C:\Documents and Settings\Administrator\Desktop;Win32.Dref;Cured.;
installdrivecleanerstart[1].exe;C:\Documents and Settings\Chris Metcalf\Local Settings\Temporary Internet Files\Content.IE5\FVXFNPKW;Trojan.Fakealert;Deleted.;
aFcI66ý.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
DWk3RUN.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
owL3Xb2.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
pT0ashT.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
u7TkiUs.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
ugSP7uo.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
uSP5bDQ.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
VdRxT5g.exe;C:\Documents and Settings\Claire Metcalf;Trojan.DownLoader.6811;Deleted.;
drv.exe;C:\Documents and Settings\Claire Metcalf\Desktop;Adware.DollarRevenue;Incurable.Moved.;


When I log into this profile it seems to take quite a while to boot up. I usually have to kill the explorer process and start a new one?
 

·
Registered
Joined
·
2,009 Posts
Hello Tava


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


===============================================


Let's have a look at Windows Event Viewer. It might give us a clue as to what is causing these issues

Go to Start > Run - type in eventvwr <Press Enter>




This is a picture of what the event viewer looks like.
You will see Application, Security & System listed in the left pane.
  1. In the left pane click on Application.
  2. Click the gray title “Type” at the top of the source name column in the right pane to sort by type name
    Look for “Error” & double-click on the most recent 10, and evaluate the event description for any indication of the cause of the problem.
  3. Make note of the Description, EventID and Source of these Event Properties.
  4. From the right pane, doubleclick on the line where it says error & you should get a window like the example below





  5. In the upper right corner of this picture, you should see 2 arrows. One is pointing up & the other, pointing down.
    There is another button below the 2 arrows. Click once on it. (this will copy some information to clipboard)
  6. Open notepad & paste the info in there. This will copy the event information to the clipboard. Paste the information for each event here

Repeat steps 1-6 for System


=================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================

Download: Startdreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'Mark All'

UN-Check the 'NT-Services & NT-Kernel...' boxes only:
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

=================
Please download this tool > http://www.kztechs.com/sreng/sreng2.zip

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it


If you scroll down when replying click on the Manage attachments button.
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #14 ·
Thank you sUBs

Here are all the logs
Application Events (Only three existed but they repeated a number of times)

Date: 05/01/2007
Time: 16:37:49
User: N/A
Computer: METSTPT
Description:
The description for Event ID ( 0 ) in Source ( SENS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Event System Win32 Error: No service is operating at the destination network endpoint on the remote system.

, ServiceStart(): SensInitialize() failed.



Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 02/01/2007
Time: 17:34:05
User: N/A
Computer: METSTPT
Description:
Faulting application wservice.exe, version 0.0.0.0, faulting module wservice.exe, version 0.0.0.0, fault address 0x000017bc.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 77 73 65 ure wse
0018: 72 76 69 63 65 2e 65 78 rvice.ex
0020: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0028: 30 20 69 6e 20 77 73 65 0 in wse
0030: 72 76 69 63 65 2e 65 78 rvice.ex
0038: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 30 30 set 0000
0050: 31 37 62 63 0d 0a 17bc..


Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 30/12/2006
Time: 20:32:10
User: N/A
Computer: METSTPT
Description:
Faulting application winlogon.exe, version 0.0.0.0, faulting module sfc_os.dll, version 5.1.2600.2180, fault address 0x0000c676.

Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 77 69 6e ure win
0018: 6c 6f 67 6f 6e 2e 65 78 logon.ex
0020: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0028: 30 20 69 6e 20 73 66 63 0 in sfc
0030: 5f 6f 73 2e 64 6c 6c 20 _os.dll
0038: 35 2e 31 2e 32 36 30 30 5.1.2600
0040: 2e 32 31 38 30 20 61 74 .2180 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 30 63 36 37 36 0000c676



Service Events (Again there was only 8 but they occur many times)

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 05/01/2007
Time: 16:42:50
User: N/A
Computer: METSTPT
Description:
The Computer Browser service terminated with the following error:
This operation returned because the timeout period expired.


Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5737
Date: 05/01/2007
Time: 16:41:53
User: N/A
Computer: METSTPT
Description:
The system returned the following unexpected error code:
Either the application has not called WSAStartup, or WSAStartup failed.

Data:
0000: 6d 27 00 00 m'..



Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 05/01/2007
Time: 16:41:43
User: N/A
Computer: METSTPT
Description:
The __SvcAccountCheck service failed to start due to the following error:
The service did not start due to a logon failure.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7038
Date: 05/01/2007
Time: 16:41:43
User: N/A
Computer: METSTPT
Description:
The __SvcAccountCheck service was unable to log on as .\Kayleigh Metcalf with the currently configured password due to the following error:
Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 05/01/2007
Time: 16:39:17
User: N/A
Computer: METSTPT
Description:
The Remote Access Connection Manager service terminated with service-specific error 3221356592 (0xC0020030).


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 05/01/2007
Time: 16:39:14
User: N/A
Computer: METSTPT
Description:
The System Event Notification service hung on starting.


Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 21
Date: 05/01/2007
Time: 16:37:46
User: N/A
Computer: METSTPT
Description:
The time service is configured to use one or more input providers, however, none of the input providers are available. The time service has no source of accurate time.


Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 4
Date: 05/01/2007
Time: 16:37:46
User: N/A
Computer: METSTPT
Description:
The time provider 'NtpServer' failed to start due to the following error: A system call that should never fail has failed. (0x8007277B)



StartDreck (build 2.1.7 public stable) - 2007-01-05 @ 17:30:33 (GMT +00:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Kayleigh Metcalf at METSTPT

»Registry
»Run Keys
»Current User
»Run
*ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
*msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE
*Power2GoExpress="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe"
*_mzu_stonedrv8=c:\windows\system32\_mzu_stonedrv8.exe
»RunOnce
»Local Machine
»Run
*RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
*SiSUSBRG=C:\WINDOWS\SiSUSBrg.exe
*SoundMan=SOUNDMAN.EXE
*SpeedTouch USB Diagnostics="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
*Lexmark X1100 Series="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
*LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
*LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
*LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
*Ulead AutoDetector=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
*KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
*!AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
*lxbymon.exe="C:\Program Files\Lexmark P910 Series\lxbymon.exe"
*iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
*EzPrint="C:\Program Files\Lexmark P910 Series\ezprint.exe"
*Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
*BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*Windows Live Toolbar Helper/{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
`InprocServer32=C:\Program Files\Windows Live Toolbar\msntb.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
+SearchUrl
*provider=MSN
*=http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
»Default User
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
»Local Machine
*Default_Page_URL=http://www.iqon.ie
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Kayleigh Metcalf\Start Menu\Programs\Startup\desktop.ini
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Onfolio Server.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+432=\SystemRoot\System32\smss.exe
*C:\WINDOWS\system32\ntdll.dll
+488=<unkown>
+512=\??\C:\WINDOWS\SYSTEM32\winlogon.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\PROFMAP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\SYSTEM32\LPK.DLL
*C:\WINDOWS\SYSTEM32\USP10.dll
*C:\WINDOWS\SYSTEM32\MSGINA.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\SYSTEM32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\SYSTEM32\odbcint.dll
*C:\WINDOWS\SYSTEM32\SHSVCS.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\SYSTEM32\sfc_os.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\msctfime.ime
*C:\WINDOWS\SYSTEM32\WINSCARD.DLL
*C:\WINDOWS\SYSTEM32\WTSAPI32.dll
*C:\WINDOWS\SYSTEM32\sxs.dll
*C:\WINDOWS\SYSTEM32\uxtheme.dll
*C:\WINDOWS\SYSTEM32\WINMM.dll
*C:\WINDOWS\SYSTEM32\serwvdrv.dll
*C:\WINDOWS\SYSTEM32\umdmxfrm.dll
*C:\WINDOWS\SYSTEM32\rsaenh.dll
*C:\WINDOWS\SYSTEM32\SAMLIB.dll
*C:\WINDOWS\system32\mpr.dll
*C:\WINDOWS\SYSTEM32\xpsp2res.dll
*C:\WINDOWS\SYSTEM32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\SYSTEM32\wdmaud.drv
*C:\WINDOWS\SYSTEM32\msacm32.drv
*C:\WINDOWS\SYSTEM32\MSACM32.dll
*C:\WINDOWS\SYSTEM32\midimap.dll
+556=C:\WINDOWS\system32\services.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SCESRV.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\umpnpmgr.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\eventlog.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\wtsapi32.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\Cabinet.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\rsaenh.dll
+568=C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\LSASRV.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\SAMSRV.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\msprivs.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\netlogon.dll
*C:\WINDOWS\system32\w32time.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\wdigest.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\scecli.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\pstorsvc.dll
*C:\WINDOWS\system32\psbase.dll
+712=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*c:\windows\system32\rpcss.dll
*c:\windows\system32\Secur32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*c:\windows\system32\termsrv.dll
*c:\windows\system32\ICAAPI.dll
*c:\windows\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\mstlsapi.dll
*c:\windows\system32\ACTIVEDS.dll
*c:\windows\system32\adsldpc.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\iphlpapi.dll
+772=<unkown>
+804=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\System32\LPK.DLL
*C:\WINDOWS\System32\USP10.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\xpsp2res.dll
*c:\windows\system32\shsvcs.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*c:\windows\system32\dhcpcsvc.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\System32\rsaenh.dll
*c:\windows\system32\wzcsvc.dll
*c:\windows\system32\rtutils.dll
*c:\windows\system32\WMI.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*c:\windows\system32\WTSAPI32.dll
*c:\windows\system32\ESENT.dll
*c:\windows\system32\ATL.DLL
*C:\WINDOWS\System32\rastls.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\RASAPI32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\SCHANNEL.dll
*C:\WINDOWS\System32\WinSCard.dll
*C:\WINDOWS\System32\raschap.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*c:\windows\system32\schedsvc.dll
*c:\windows\system32\NTDSAPI.dll
*C:\WINDOWS\System32\MSIDLE.DLL
*c:\windows\system32\audiosrv.dll
*c:\windows\system32\wkssvc.dll
*c:\windows\system32\qmgr.dll
*C:\WINDOWS\system32\MPR.dll
*c:\windows\system32\SHFOLDER.dll
*c:\windows\system32\WINHTTP.dll
*c:\windows\system32\cryptsvc.dll
*c:\windows\system32\certcli.dll
*c:\windows\system32\wuauserv.dll
*c:\windows\system32\wbem\wmisvc.dll
*C:\WINDOWS\system32\VSSAPI.DLL
*C:\WINDOWS\System32\sfc_os.dll
*c:\windows\system32\w32time.dll
*c:\windows\system32\MSVCP60.dll
*c:\windows\system32\trkwks.dll
*c:\windows\system32\srsvc.dll
*c:\windows\system32\POWRPROF.dll
*c:\windows\system32\seclogon.dll
*C:\WINDOWS\system32\es.dll
*c:\windows\system32\netman.dll
*c:\windows\system32\netshell.dll
*c:\windows\system32\credui.dll
*c:\windows\system32\WZCSAPI.DLL
*c:\windows\system32\srvsvc.dll
*c:\windows\system32\hidserv.dll
*c:\windows\system32\HID.DLL
*c:\windows\pchealth\helpctr\binaries\pchsvc.dll
*c:\windows\system32\ersvc.dll
*c:\windows\system32\wscsvc.dll
*c:\windows\system32\msi.dll
*c:\windows\system32\HNetCfg.dll
*c:\windows\system32\ipnathlp.dll
*c:\windows\system32\MSWSOCK.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\sens.dll
*C:\WINDOWS\system32\wbem\wbemcomn.dll
*c:\windows\system32\browser.dll
*C:\WINDOWS\SYSTEM32\WBEM\wbemcore.dll
*C:\WINDOWS\SYSTEM32\WBEM\esscli.dll
*C:\WINDOWS\SYSTEM32\WBEM\FastProx.dll
*C:\WINDOWS\system32\wbem\wmiutils.dll
*C:\WINDOWS\system32\wbem\repdrvfs.dll
*C:\WINDOWS\system32\wbem\wmiprvsd.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\wbem\wbemess.dll
*C:\WINDOWS\system32\wbem\ncprov.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\system32\comsvcs.dll
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\System32\CLUSAPI.DLL
*C:\WINDOWS\System32\RESUTILS.DLL
*C:\WINDOWS\system32\netcfgx.dll
*C:\WINDOWS\System32\rasmans.dll
*C:\WINDOWS\System32\WINIPSEC.DLL
*c:\windows\system32\tapisrv.dll
*c:\windows\system32\PSAPI.DLL
*C:\WINDOWS\System32\RASDLG.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\wbem\wbemsvc.dll
*C:\WINDOWS\system32\wbem\wbemcons.dll
+856=<unkown>
+928=<unkown>
+1204=C:\WINDOWS\system32\LEXBCES.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\lexp2p32.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\lex2kusb.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
+1240=C:\WINDOWS\system32\LEXPPS.EXE
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\WINSPOOL.DRV
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\SYSTEM32\uxtheme.dll
*C:\WINDOWS\system32\msctfime.ime
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\LEXBCE.DLL
+1248=C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SPOOLSS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\localspl.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\winspool.drv
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\cnbjmon.dll
*C:\WINDOWS\system32\bthcrp.dll
*C:\WINDOWS\system32\WidcommSdk.dll
*C:\WINDOWS\system32\wbtapi.dll
*C:\WINDOWS\system32\CFGMGR32.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\MFC42.DLL
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\LEXLMPM.DLL
*C:\WINDOWS\system32\LexBce.dll
*C:\WINDOWS\system32\msctfime.ime
*C:\WINDOWS\system32\lxbylmpm.DLL
*C:\WINDOWS\system32\pjlmon.dll
*C:\WINDOWS\system32\usbmon.dll
*C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxbyPP5C.dll
*C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBKPP5C.dll
*C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBCPP5C.dll
*C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\win32spl.dll
*C:\WINDOWS\system32\NETRAP.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\LXBCpwr.dll
*C:\WINDOWS\system32\LXBKpwr.dll
+1344=C:\WINDOWS\system32\netdde.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NDDENB32.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\msctfime.ime
+1384=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
*C:\WINDOWS\system32\SHFOLDER.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\SAMLIB.dll
+1400=<unkown>
+1428=C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\SYSTEM32\uxtheme.dll
*C:\WINDOWS\system32\xpsp2res.dll
+1448=C:\WINDOWS\system32\dllhost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\COMSVCS.DLL
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\CLUSAPI.DLL
*C:\WINDOWS\system32\RESUTILS.DLL
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\txflog.dll
*C:\WINDOWS\system32\ES.DLL
*C:\WINDOWS\system32\wtsapi32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\SXS.DLL
+1524=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*c:\windows\system32\wiaservc.dll
*c:\windows\system32\CFGMGR32.dll
*c:\windows\system32\setupapi.DLL
*c:\windows\system32\mscms.dll
*c:\windows\system32\WINSPOOL.DRV
*c:\windows\system32\WINSTA.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\actxprxy.dll
*C:\WINDOWS\system32\sti.dll
+1552=<unkown>
+1952=C:\WINDOWS\explorer.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\BROWSEUI.dll
*C:\WINDOWS\system32\SHDOCVW.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\CRYPTUI.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\UxTheme.dll
*C:\WINDOWS\system32\ShimEng.dll
*C:\WINDOWS\AppPatch\AcGenral.DLL
*C:\WINDOWS\system32\WINMM.dll
*C:\WINDOWS\system32\MSACM32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\serwvdrv.dll
*C:\WINDOWS\system32\umdmxfrm.dll
*C:\WINDOWS\system32\msctfime.ime
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\system32\themeui.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\MSIMG32.dll
*C:\WINDOWS\system32\xpsp2res.dll
*C:\WINDOWS\system32\actxprxy.dll
*C:\WINDOWS\system32\msutb.dll
*C:\WINDOWS\system32\MSCTF.dll
*C:\WINDOWS\system32\ntshrui.dll
*C:\WINDOWS\system32\ATL.DLL
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\rtutils.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\webcheck.dll
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\stobject.dll
*C:\WINDOWS\system32\BatMeter.dll
*C:\WINDOWS\system32\POWRPROF.dll
*C:\WINDOWS\system32\WTSAPI32.dll
*C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
*C:\WINDOWS\system32\browselc.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\system32\DSOUND.dll
*C:\WINDOWS\system32\wdmaud.drv
*C:\WINDOWS\system32\msacm32.drv
*C:\WINDOWS\system32\midimap.dll
*C:\WINDOWS\system32\RASAPI32.dll
*C:\WINDOWS\system32\rasman.dll
*C:\WINDOWS\system32\TAPI32.dll
*C:\WINDOWS\system32\DUSER.dll
*C:\WINDOWS\system32\MLANG.dll
*C:\WINDOWS\system32\LQCUI2.dll
*C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
*C:\WINDOWS\system32\LINKINFO.dll
*C:\WINDOWS\system32\rsaenh.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\system32\MSGINA.dll
*C:\WINDOWS\system32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\odbcint.dll
*C:\WINDOWS\system32\zipfldr.dll
*C:\WINDOWS\system32\btncopy.dll
*C:\WINDOWS\system32\mydocs.dll
*C:\WINDOWS\system32\SXS.DLL
*C:\WINDOWS\system32\shdoclc.dll
*C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
*C:\WINDOWS\system32\sti.dll
*C:\WINDOWS\system32\CFGMGR32.dll
+636=c:\Startdreck\StartDreck.exe
*C:\WINDOWS\system32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*c:\Startdreck\VB40032.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\MSVCRT20.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLEPRO32.DLL
*C:\WINDOWS\system32\IMM32.DLL
*C:\WINDOWS\system32\LPK.DLL
*C:\WINDOWS\system32\USP10.dll
*c:\Startdreck\VB4DE32.DLL
*C:\WINDOWS\SYSTEM32\uxtheme.dll
*C:\WINDOWS\system32\msctfime.ime
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*c:\Startdreck\PSAPI.DLL
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User


Attached should be the SREngLOG.txt

I cant help but think that _mzu_stonedrv8.exe should not be there but I thought I had already deleted it?

Once again thanks for all the help
 

Attachments

·
Registered
Joined
·
2,009 Posts
Hi Tava

What we are attempting with the last two scans and the following instructions is fix the Internet connection on that PC, as we would like to upload the infected files so that we can look at them before we delete them. So please be patient :grin:


Go to the Run box on the Start Menu and type in:- sfc /scannow

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

The following should appear to give an indication of how long the process is taking.



Please tell us how the pc is now and if the DHPC is working and you can connect to the internet

regards

alba
 

·
Registered
Joined
·
13 Posts
Discussion Starter · #16 ·
Thanks for all the help alba

I dont think there is any more viruses or spyware on this machine but there is still a problem probably a corrupt system file. I tried re-installing the network settings and noticed that simple tcp/ip was not installed. When i did try to install it it popped up a complaint about simtcpip.dl_ which I had in the I386 directory but it did not like it. I mananged to find an MSDN disk with XP Home edition on it but it did not like copying the file from here either.

I then tried to run a repair install of Windows XP only for it to tell me it was an upgrade and now it wants to be activated. I then also found a 3rd party system recovery software that came built with the machine and would leave user data intact but restore machine to factory defaults. After all this it still wants to be activated. I am going to try and re-activate the copy of Windows tonight and if that doesn't work. I have backed up all users data and will install a fresh copy of XP Pro

Once again thanks for all the help
 
1 - 16 of 16 Posts
Status
Not open for further replies.
Top