0

I got this spyware/virus a few days ago and I think I may have more than just that. I've tried so many things to try to remove it. Here is my Hijack This log. Thank you so much!

Logfile of HijackThis v1.99.1
Scan saved at 1:46:54 PM, on 6/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hjharl.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Documents and Settings\mmilligan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nso18A.dll (file missing)
O2 - BHO: (no name) - {D2BB2846-00CB-8CF0-8C1E-E0B4A08AF596} - C:\WINDOWS\FYI\ecxacawryf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pcdlib32] C:\WINDOWS\pcdlib32.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105540045194
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116/view22/View22RTE.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_229/webolr/OCX/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

3
Contributors
22
Replies
23
Views
12 Years
Discussion Span
Last Post by DMR
0

I forgot to mention, this is my PC at work and I'm afraid to perform any of my duties that require me to go online and they are piling up. Again, thanks in advance!

0

Hi Michelle, welcome to DaniWeb :D

First, right-click in an open area of your desktop and select New, Folder; give the new folder a name (something like HJT or HijackThis), and then drag the hijackthis.exe icon that is on your desktop into the new folder.

I don't see the typical entries in your log for Aurora, but maybe you've partially fixed it. Just in case, do this...

Download Nailfix from here:
http://users.pandora.be/bluepatchy/nailfix.zip
Unzip it to your desktop, but do not run it yet.

Reboot into Safe Mode.

Double-click on the Nailfix.bat that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll (file missing)
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nso18A.dll (file missing)
O2 - BHO: (no name) - {D2BB2846-00CB-8CF0-8C1E-E0B4A08AF596} - C:\WINDOWS\FYI\ecxacawryf.dll (file missing)
O4 - HKCU\..\Run: [pcdlib32] C:\WINDOWS\pcdlib32.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1105540045194
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhe...n7/dlhelper.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.116/view22/View22RTE.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/m...OCX/FlashAX.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

If these entries aren't related to your ISP, have HJT fix them as well--
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local

Be sure to close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\WINDOWS\System32\vbrundll.dll
C:\WINDOWS\System32\nso18A.dll
C:\WINDOWS\FYI\ecxacawryf.dll
C:\WINDOWS\pcdlib32.exe
C:\WINDOWS\svcproc.exe

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with hijackthis, and post a new log along with the Ewido log.

0

First off, thank you so much for your help, I really do appreciate it. Here is my Hijack This and Ewido Log.

Logfile of HijackThis v1.99.1
Scan saved at 8:01:59 AM, on 6/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hjharl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mmilligan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.dellnet.com[/url]
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

Ewido Log

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          7:33:20 AM, 6/21/2005
 + Report-Checksum:     58CF6D60

 + Date of database:        6/20/2005
 + Version of scan engine:  v3.0

 + Duration:                24 min
 + Scanned Files:           103894
 + Speed:               71.76 Files/Second
 + Infected files:          2
 + Removed files:           2
 + Files put in quarantine:     2
 + Files that could not be opened:  0
 + Files that could not be cleaned: 0

 + Binder:      Yes
 + Crypter:     Yes
 + Archives:        Yes

 + Scanned items:
    C:\

 + Scan result:
    C:\Documents and Settings\mmilligan\Cookies\mmilligan@www.myaffiliateprogram[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\WINDOWS\SYSTEM32\redit.cpl -> TrojanDownloader.Qoologic.p -> Cleaned with backup


::Report End

I want to mention also, that yesterday I deleted some application files myself that I thought were maybe contributing to this mess. Here are the Application Files I deleted that have the same modified date as the day I picked this thing up on my computer.

File Name                          Location

dist001.exe     C:\WINDOWS\SYSTEM32
L90112201.Stub.exe  C:\WINDOWS\SYSTEM32
PSof1.exe       C:\WINDOWS\SYSTEM32
smsca.exe       C:\WINDOWS\SYSTEM32

I'm sure I've gotten rid of some things, however, I keep getting pop-up's and icons appearing on my desktop and Favorites in IE. Today my virus checker hasn't picked these "pests" up as it was previously doing over and over and over.... (so hopefully these are gone):

wrapperouter.exe
ventura5.exe
Seedcorn4.exe
uci.exe
asms.exe
supdate.dll
Qoologic.p

Again, thanks for your help.

Edited by mike_2000_17: Fixed formatting

0

It looks like you got most of it cleaned up now, but just to make sure...

Download rkfiles.zip from:
http://skads.org/special/rkfiles.zip
Unzip the contents to a permanent folder.

Reboot into Safe Mode.

Double-click rkfiles.bat
It will scan for a while, so please be patient.
Wait for the DOS window to close, and then reboot back to normal mode.

Post the contents of C:\log.txt in your next reply.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Go to Start, Run, and type in cleanmgr, and then click OK. Select the drive XP is on, and check the boxes for Downloaded Program Files (move any files you wish to keep out of this folder first), Temporary Internet Files, Recycle Bin, Temporary Files, Temporary Offline Files, Offline Files, (and Compress old files & Catalog files for the Content Indexer if you wish), and then click OK. Click Yes to confirm you want these files deleted. It may take awhile for this to run, please be patient.

Note: if any of these temporary files cannot be deleted while in normal mode, try Safe Mode.

Run a at least two of these free online anti-virus/anti-spyware scans and have them clean what they can:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with HJT, and post a new log along with the results of the rkfiles scan. And let us know if you're still having problems.

0

Thank you again.

When I tried the step with "rkfiles.bat" it didn't really do anything. It briefly flashed a DOS Mode window, but it flashed so fast, I couldn't read it. I did it a couple of times, with the same result each time. Therefor, I have no rkfiles log.

I did perform the other steps and here is my new Hijack This log. I am still getting icons appearing on my desktop as well as in my internet favorites. I get a pop up every now and then too.

I performed two of the suggested scans with no viruses turning up.

Logfile of HijackThis v1.99.1
Scan saved at 2:08:17 PM, on 6/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hjharl.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mmilligan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

0

Also, I have something running, bogging down my computer. When I check out my task manager processes, there are one of two things running: SVCHOST.exe and/or UPDATE.exe. It's taking quite a bit of CPU Usage. Is this related to the virus??

Thanks

0

1. rkfiles doesn't give you any feedback when it creates its log, it just makes a log file in your main C:\ folder called "log.txt". Open the log.txt file in Notepad and copy the contents into a post here.


2. svchost.exe is a valid Windows system file which manages other groups of Windows components. Because of that, it isn't unusual to see multiple instances of svchost running, or to see one instance of it spike your CPU usage.
Update.exe could be legit, but it's a common filename and could be part of your adware infections.


3. Run HijackThis again and have it fix:

O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"


4. Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Delete the following files:
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\hjharl.exe

- Delete the following folder entirely:
C:\Program Files\Cas

- For every user account listed under C:\Documents and Settings, delete the entire contents of the following folders (but not the folders themselves):

(Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!)

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Empty your Recycle Bin.

- Reboot normally.


5. Run HijackThis again and post a new log. Also let us know what (if any) visible signs of infection may still exist.

0

Thanks again.

Here is the RK Files Log: (there's not much to it) It doesn't take awhile to scan as you previously stated it would. It briefly flashes DOS then it's over.

C:\Documents and Settings\mmilligan\Desktop\RKfiles

Ok, the hjharl.exe file keeps coming back. When I went into Safe mode (after fixing it with Hijack this) and tried to delete it, it denied me access. So I tried running Hijack this in Safe mode to get rid of it. Once I rebooted, it was back. Then I ran Hijack This AGAIN, and it came back AGAIN. Stubborn little critter.

Here' my Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:17:35 AM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\hjharl.exe
C:\Documents and Settings\mmilligan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

It seems as though we're narrowing it down. I only get pop ups once in a great while now, so it must be the hjharl.exe file.

Thanks and I anxiously await your reply.

0

There is an updated fix for Aurora, so I think you should run it.

You will need to be disconnected from the internet during this process, so you may wish to print out these instructions.

Download the updated Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop but do NOT run it yet.

Disconnect your system from the internet and reboot into Safe Mode.

Double-click on Nailfix.cmd; your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run another full scan scan with Ewido and save the log.

Scan with hijackthis and have it fix the following entry:

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run

Go to C:\WINDOWS\System32 and delete hjharl.exe

If you can't delete it, Open HijackThis again.

Click on the Config button, and then click on the Misc Tools button; click on the button labeled Delete a file on reboot...

A new window will open asking you to select the file that you would like to delete on reboot. Navigate to C:\WINDOWS\System32\hjharl.exe, click on it once, and then click on the Open button.

You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button to reboot now.

After you've rebooted (normally), search for hjharl.exe again to make sure it's gone; let us know in your next post.

Reconnect to the net and post a new hijackthis log along with the new Ewido log.

0

I did what you directed me to and the hjharl.exe showed up a couple more times in the Hijack This log, but not in my Windows/System32 folder. I fixed it with Hijack a couple more times and it appears to be gone now. I'm going to reboot and see if it comes back. I think we may have kicked it's rearend. I'll let you know right away.

Here's my Ewido Log:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          10:05:44 AM, 6/22/2005
 + Report-Checksum:     9632C5E2

 + Date of database:        6/22/2005
 + Version of scan engine:  v3.0

 + Duration:                24 min
 + Scanned Files:           104879
 + Speed:               72.70 Files/Second
 + Infected files:          3
 + Removed files:           3
 + Files put in quarantine:     3
 + Files that could not be opened:  0
 + Files that could not be cleaned: 0

 + Binder:      Yes
 + Crypter:     Yes
 + Archives:        Yes

 + Scanned items:
    C:\

 + Scan result:
    C:\Documents and Settings\mmilligan\Cookies\mmilligan@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\mmilligan\Cookies\mmilligan@www.eadexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\mmilligan\Cookies\mmilligan@www.myaffiliateprogram[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End

Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:29:17 AM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rkra.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mmilligan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.dellnet.com[/url]
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab[/url]
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - [url]http://www.ravantivirus.com/scan/ravonline.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

Thanks

Edited by mike_2000_17: Fixed formatting

0

:evil:

IT'S BACK!!

I rebooted and it's back in my Hijack This log, however it's not in my Windows\System32 Folder. I'm at a loss.

Logfile of HijackThis v1.99.1
Scan saved at 11:12:54 AM, on 6/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rkra.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mmilligan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

0

it's back in my Hijack This log, however it's not in my Windows\System32 Folder.

The settings you made in Safe Mode to have Explorer show hidden files and folders don't carry over when you reboot into normal mode. Repeat the steps below and see if hjharl.exe becomes visible. Let us know the result:

Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

Let's try this another way. You will need to print out these instructions or save them into a text file:

1. Download and install CCleaner, but do not run it yet.


2. Download The Pocket Killbox and save it someplace convenient (your desktop is fine). Again, don't run the program yet.


3. Reboot into Safe Mode again and set Explorer's view settings to show hidden files/folders.


4. Run HijackThis again and have it fix:
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run


5. Disable System Restore:

- Right-click on the My Computer icon on your desktop and choose the "Properties" option.

- In the System Properties window, click on the System Restore tab and then put a check in the box next to the "Turn off System Restore" option and hit the "OK" button.

- Click "Yes" in the resulting confirmation box. You may experience a slight delay as your change is applied; the Properties window will close automatically when the operation is complete.


6. Double-click on the Killbox to open it.

- Paste the following in the "Full path of file to delete" box:
C:\WINDOWS\System32\hjharl.exe

- Click the "Delete on reboot" button.

-
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the next prompt (where you are asked if you want to acually reboot now).

- Paste the following in the "Full path of file to delete" box:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rkra.exe

- Again, Click the "Delete on reboot" button. Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the next prompt.

- Close the Killbox.


7. Run CCleaner to clean up loose ends, and then empty your Recycle Bin.


8. Reboot normally, run HJT again, and post a new log.

0

It's not there. I've had the "Show hidden files", etc. checked in normal mode for a couple of days now. I'll try the other steps and let you know what happens.

Thanks,

0

It's not there. I've had the "Show hidden files", etc. checked in normal mode for a couple of days now.

OK; just wanted to double-check.

My guess is that there is a component of the infection which has hidden from our scans so far that is "respawning" the infection. We may need to try a couple of other scans/fixes, but do the above steps first, post a new HJT log, and we'll take it from there.

0

DMR's suggestion will probably work to get rid of it, but if it doesn't, try this --

Boot with your Windows XP installation CD.

When the Setup window opens, press R "To repair a Windows XP installation using Recovery Console"

It will show all the windows installations on your hard drive. Select the number corresponding to Windows XP (probably 1), and press Enter.

Enter any required passwords.

At the command prompt type:
cd \windows\system32

Press Enter

Type:
del hjharl.exe

Press Enter

Type:
exit

The system will reboot and the file should be gone.

0

It seems to be gone. HURRAY!!!

Here's my log...

Logfile of HijackThis v1.99.1
Scan saved at 1:15:54 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mmilligan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

0

IT'S BACK!!

I ran HiJack This again, just to make sure..................and it's back. I took a snapshot of some files that were created in my System32 folder around the same time my computer became infected. They look suspicious to me, but I'm not real familiar with what should actually be there and how often the "good" files are accessed or updated.

http://img184.echo.cx/img184/3860/morefilescreatedinwindowssyste.jpg

Logfile of HijackThis v1.99.1
Scan saved at 1:50:06 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hjharl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PHOTOD~1.0\EZPHOTO\EZPHOTO.EXE
C:\Documents and Settings\mmilligan\Desktop\Virus Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\hjharl.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OUTLOOK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O17 - HKLM\Software\..\Telephony: DomainName = eti-lincoln.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eti-lincoln.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

Thank you for bearing with this.

0

*Groan*

Most (if not all) of the files you gave the screenie of are malicious, but don't go randomly delting things yet.

Time to probe a little deeper; the "KavSvc" entry can be a real bear to remove. Please do the following:

1. Download: "StartDreck", from here:

- Unzip to its own folder and start the program,
- Press 'Config'
- Press 'Unmark All'
- Check the following boxes only:
In this section >System/drivers
[x] Running processes
[x] list modules
[x] NT services
[x] List binaries
[x] NT kernal and FS drivers
- Press 'Ok'
- Press 'Save' and select the location to save the log file
(default is the same folder as the application)
- Close the program.


2. Download DllCompare

Run Dllcompare, click the Run Locate.com, then click the Compare button.

When done, post that log here along with the Startdreck log.

Do not reboot your system until we're done; some of the names of malicious files in those logs can change their names on reboot!!

0

Thank you again.

Here's the DLL Compare Log:

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM32\vfpodbc.dll Tue Dec 7 1999 5:00:00a A.S.. 977,680 954.77 K
________________________________________________

1,360 items found: 1,360 files (1 H/S), 0 directories.
Total of file sizes: 306,936,623 bytes 292.71 M

Administrator Account = True

--------------------End log---------------------


and the Start Dreck Lock (IT'S VERY LONG)

StartDreck (build 2.1.7 public stable) - 2005-06-23 @ 15:43:47 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as MMilligan at NO33

»Registry
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+600=\SystemRoot\System32\smss.exe
*C:\WINDOWS\System32\ntdll.dll
+664=\??\C:\WINDOWS\system32\csrss.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\CSRSRV.dll
*C:\WINDOWS\system32\basesrv.dll
*C:\WINDOWS\system32\winsrv.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\KERNEL32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\sxs.dll
+688=\??\C:\WINDOWS\system32\winlogon.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\NDdeApi.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\PROFMAP.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\REGAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\System32\MSGINA.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\System32\ODBC32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\odbcint.dll
*C:\WINDOWS\System32\SHSVCS.dll
*C:\WINDOWS\system32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\WINSCARD.DLL
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\system32\cscdll.dll
*C:\WINDOWS\system32\WlNotify.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\System32\sxs.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\WINDOWS\System32\wsock32.dll
*C:\WINDOWS\System32\iphlpapi.dll
*C:\WINDOWS\System32\icmp.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\System32\wdmaud.drv
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\msacm32.drv
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\System32\midimap.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\System32\cryptdll.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\NTDSAPI.DLL
*C:\WINDOWS\System32\DNSAPI.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\System32\wbem\wbemprox.dll
*C:\WINDOWS\System32\wbem\wbemcomn.dll
*C:\WINDOWS\System32\wbem\wbemsvc.dll
*C:\WINDOWS\System32\wbem\fastprox.dll
+732=C:\WINDOWS\system32\services.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\SCESRV.dll
*C:\WINDOWS\system32\AUTHZ.dll
*C:\WINDOWS\system32\umpnpmgr.dll
*C:\WINDOWS\system32\WINSTA.dll
*C:\WINDOWS\system32\NCObjAPI.DLL
*C:\WINDOWS\system32\secur32.dll
*C:\WINDOWS\system32\eventlog.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\PSAPI.DLL
*C:\WINDOWS\system32\wtsapi32.dll
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\Apphelp.dll
+744=C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\LSASRV.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\NETAPI32.dll
*C:\WINDOWS\system32\NTDSAPI.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\SAMLIB.dll
*C:\WINDOWS\system32\SAMSRV.dll
*C:\WINDOWS\system32\cryptdll.dll
*C:\WINDOWS\system32\msprivs.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\system32\netlogon.dll
*C:\WINDOWS\system32\w32time.dll
*C:\WINDOWS\system32\MSVCP60.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\schannel.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\wdigest.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\setupapi.dll
*C:\WINDOWS\system32\scecli.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\ipsecsvc.dll
*C:\WINDOWS\system32\oakley.DLL
*C:\WINDOWS\system32\WINIPSEC.DLL
*C:\WINDOWS\system32\pstorsvc.dll
*C:\WINDOWS\system32\psbase.dll
*C:\WINDOWS\System32\dssenh.dll
+916=C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*c:\windows\system32\rpcss.dll
*C:\WINDOWS\system32\msvcrt.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*C:\WINDOWS\system32\userenv.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\msi.dll
*C:\WINDOWS\system32\Apphelp.dll
+1016=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*c:\windows\system32\shsvcs.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\WINSTA.dll
*c:\windows\system32\dhcpcsvc.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\Secur32.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\System32\rsaenh.dll
*c:\windows\system32\wzcsvc.dll
*c:\windows\system32\rtutils.dll
*c:\windows\system32\WMI.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*c:\windows\system32\WTSAPI32.dll
*c:\windows\system32\ESENT.dll
*C:\WINDOWS\system32\WLDAP32.dll
*c:\windows\system32\NETAPI32.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\rastls.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\System32\CRYPTUI.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\System32\MPRAPI.dll
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\RASAPI32.dll
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\SCHANNEL.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\WinSCard.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\raschap.dll
*C:\WINDOWS\system32\msv1_0.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*c:\windows\system32\schedsvc.dll
*c:\windows\system32\NTDSAPI.dll
*C:\WINDOWS\System32\MSIDLE.DLL
*C:\WINDOWS\System32\NTMARTA.DLL
*c:\windows\system32\audiosrv.dll
*c:\windows\system32\wkssvc.dll
*c:\windows\system32\cryptsvc.dll
*c:\windows\system32\certcli.dll
*c:\windows\system32\ersvc.dll
*c:\windows\system32\dmserver.dll
*c:\windows\system32\es.dll
*c:\windows\pchealth\helpctr\binaries\pchsvc.dll
*c:\windows\system32\msgsvc.dll
*c:\windows\system32\srvsvc.dll
*c:\windows\system32\seclogon.dll
*c:\windows\system32\wbem\wmisvc.dll
*c:\windows\system32\wbem\wbemcomn.dll
*C:\WINDOWS\System32\VSSAPI.DLL
*c:\windows\system32\w32time.dll
*c:\windows\system32\MSVCP60.dll
*c:\windows\system32\trkwks.dll
*c:\windows\system32\srsvc.dll
*c:\windows\system32\POWRPROF.dll
*c:\windows\system32\sens.dll
*c:\windows\system32\wuauserv.dll
*C:\WINDOWS\System32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*c:\windows\system32\browser.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\system32\comsvcs.dll
*C:\WINDOWS\system32\MTXCLU.DLL
*C:\WINDOWS\system32\WSOCK32.dll
*C:\WINDOWS\system32\colbact.DLL
*C:\WINDOWS\System32\CLUSAPI.DLL
*C:\WINDOWS\System32\RESUTILS.DLL
*C:\WINDOWS\System32\mtxoci.dll
*c:\windows\system32\termsrv.dll
*c:\windows\system32\ICAAPI.dll
*c:\windows\system32\AUTHZ.dll
*c:\windows\system32\mstlsapi.dll
*C:\WINDOWS\System32\REGAPI.dll
*c:\windows\system32\netman.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\System32\upnp.dll
*C:\WINDOWS\System32\SSDPAPI.dll
*C:\WINDOWS\System32\hnetcfg.dll
*C:\WINDOWS\System32\Wbem\wbemcore.dll
*C:\WINDOWS\System32\Wbem\esscli.dll
*C:\WINDOWS\System32\Wbem\FastProx.dll
*C:\WINDOWS\System32\wbem\wmiutils.dll
*C:\WINDOWS\System32\wbem\repdrvfs.dll
*C:\WINDOWS\System32\wbem\wmiprvsd.dll
*C:\WINDOWS\System32\NCObjAPI.DLL
*C:\WINDOWS\System32\wbem\wbemess.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\msi.dll
*C:\WINDOWS\System32\netcfgx.dll
*C:\WINDOWS\System32\rasmans.dll
*C:\WINDOWS\System32\WINIPSEC.DLL
*c:\windows\system32\tapisrv.dll
*c:\windows\system32\PSAPI.DLL
*C:\WINDOWS\System32\rastapi.dll
*C:\WINDOWS\System32\unimdm.tsp
*C:\WINDOWS\System32\uniplat.dll
*C:\WINDOWS\System32\unimdmat.dll
*C:\WINDOWS\System32\modemui.dll
*C:\WINDOWS\System32\kmddsp.tsp
*C:\WINDOWS\System32\ndptsp.tsp
*C:\WINDOWS\System32\ipconf.tsp
*C:\WINDOWS\System32\h323.tsp
*C:\WINDOWS\System32\hidphone.tsp
*C:\WINDOWS\System32\HID.DLL
*c:\windows\system32\qmgr.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\rasppp.dll
*C:\WINDOWS\System32\ntlsapi.dll
*C:\WINDOWS\System32\qmgrprxy.dll
*C:\WINDOWS\System32\RASDLG.dll
*C:\WINDOWS\System32\wups.dll
*C:\WINDOWS\System32\security.dll
*C:\WINDOWS\system32\kerberos.dll
*C:\WINDOWS\System32\cryptdll.dll
*C:\WINDOWS\System32\wbem\ncprov.dll
*C:\WINDOWS\System32\msxml3.dll
+1120=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*c:\windows\system32\dnsrslvr.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*c:\windows\system32\DNSAPI.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\iphlpapi.dll
*C:\WINDOWS\system32\mswsock.dll
*C:\WINDOWS\System32\wshtcpip.dll
+1132=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*c:\windows\system32\lmhsvc.dll
*C:\WINDOWS\system32\msvcrt.dll
*c:\windows\system32\iphlpapi.dll
*c:\windows\system32\WS2_32.dll
*c:\windows\system32\WS2HELP.dll
*c:\windows\system32\webclnt.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\wsock32.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\DNSAPI.dll
*C:\WINDOWS\System32\rasadhlp.dll
*c:\windows\system32\regsvc.dll
*C:\WINDOWS\System32\RASAPI32.DLL
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\sensapi.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\wshtcpip.dll
*c:\windows\system32\ssdpsrv.dll
*C:\WINDOWS\System32\uxtheme.dll
+1380=C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SPOOLSS.DLL
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\DNSAPI.dll
*C:\WINDOWS\system32\rasadhlp.dll
*C:\WINDOWS\system32\localspl.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\Secur32.dll
*C:\WINDOWS\system32\sfc_os.dll
*C:\WINDOWS\system32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\winspool.drv
*C:\WINDOWS\system32\netapi32.dll
*C:\WINDOWS\system32\cnbjmon.dll
*C:\WINDOWS\system32\pjlmon.dll
*C:\WINDOWS\system32\tcpmon.dll
*C:\WINDOWS\system32\usbmon.dll
*C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\win32spl.dll
*C:\WINDOWS\system32\NETRAP.dll
*C:\WINDOWS\system32\inetpp.dll
*C:\WINDOWS\system32\icmp.dll
*C:\WINDOWS\system32\iphlpapi.DLL
*C:\WINDOWS\system32\CLBCATQ.DLL
*C:\WINDOWS\system32\COMRes.dll
*C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp04.dll
*C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku04.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\SETUPAPI.dll
*C:\WINDOWS\system32\Apphelp.dll
*C:\WINDOWS\system32\winsta.dll
+1528=C:\WINDOWS\Nhksrv.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
+1552=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\System32\MSVCR71.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\SensAPI.DLL
*C:\WINDOWS\System32\Secur32.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
*C:\Program Files\Grisoft\AVG Free\avgamint.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\netapi32.dll
*C:\WINDOWS\System32\Wtsapi32.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\Program Files\Grisoft\AVG Free\avgamsps.dll
*C:\WINDOWS\system32\Apphelp.dll
+1584=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\Secur32.dll
+1596=C:\WINDOWS\System32\CTsvcCDA.EXE
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
+1608=C:\WINDOWS\system32\crypserv.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
+1672=C:\Program Files\ewido\security suite\ewidoctrl.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\Program Files\ewido\security suite\lang.dll
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\System32\MSVCR71.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\System32\SAMLIB.dll
+1732=c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\psapi.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
+1776=C:\WINDOWS\System32\nvsvc32.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\wtsapi32.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\secur32.dll
*C:\WINDOWS\system32\msv1_0.dll
+1856=C:\WINDOWS\System32\MsPMSPSv.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSVCRT.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\System32\SAMLIB.dll
+404=C:\WINDOWS\Explorer.EXE
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\BROWSEUI.dll
*C:\WINDOWS\System32\SHDOCVW.dll
*C:\WINDOWS\System32\UxTheme.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\cscui.dll
*C:\WINDOWS\System32\CSCDLL.dll
*C:\WINDOWS\System32\themeui.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\MSIMG32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\netapi32.dll
*C:\WINDOWS\System32\LINKINFO.dll
*C:\WINDOWS\System32\ntshrui.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\System32\msi.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\system32\NETSHELL.dll
*C:\WINDOWS\system32\credui.dll
*C:\WINDOWS\system32\WS2_32.dll
*C:\WINDOWS\system32\WS2HELP.dll
*C:\WINDOWS\system32\iphlpapi.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\System32\webcheck.dll
*C:\WINDOWS\System32\stobject.dll
*C:\WINDOWS\System32\BatMeter.dll
*C:\WINDOWS\System32\POWRPROF.dll
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\wdmaud.drv
*C:\WINDOWS\System32\msacm32.drv
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\System32\midimap.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\rsaenh.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\printui.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\ACTIVEDS.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\CFGMGR32.dll
*C:\WINDOWS\system32\MPR.dll
*C:\WINDOWS\System32\mslbui.dll
*C:\WINDOWS\System32\drprov.dll
*C:\WINDOWS\System32\ntlanman.dll
*C:\WINDOWS\System32\NETUI0.dll
*C:\WINDOWS\System32\NETUI1.dll
*C:\WINDOWS\System32\NETRAP.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\davclnt.dll
*C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
*C:\WINDOWS\System32\browselc.dll
*C:\WINDOWS\System32\nvwddi.dll
*C:\WINDOWS\System32\shdoclc.dll
*C:\Program Files\Grisoft\AVG Free\avgse.dll
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\System32\MSVCR71.dll
*C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
*C:\Program Files\ewido\security suite\context.dll
*C:\Program Files\ewido\security suite\lang.dll
*C:\WINDOWS\System32\zipfldr.dll
*C:\WINDOWS\System32\sendmail.dll
*C:\WINDOWS\System32\mydocs.dll
*C:\WINDOWS\System32\iwiku.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\System32\wshext.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\Program Files\PhotoDeluxe 2.0\PdxShell.dll
*C:\Program Files\Qualcomm\Eudora\EuShlExt.dll
*C:\Program Files\ewido\security suite\shellhook.dll
*C:\WINDOWS\System32\syncui.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\System32\SYNCENG.DLL
*C:\WINDOWS\System32\msadp32.acm
*C:\WINDOWS\System32\RASAPI32.DLL
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\sensapi.dll
*C:\WINDOWS\System32\jscript.dll
*C:\WINDOWS\System32\wsock32.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\system32\mscoree.dll
*C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll
*C:\Program Files\Common Files\System\MAPI\1033\msmapi32.dll
*C:\WINDOWS\System32\sfc_os.dll
*C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*C:\WINDOWS\System32\olepro32.dll
*C:\Program Files\Microsoft Office\Office10\msohev.dll
+1932=C:\WINDOWS\MMKeybd.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\wdmaud.drv
*C:\WINDOWS\System32\msacm32.drv
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\System32\midimap.dll
*C:\WINDOWS\System32\hid.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\msiosd32.dll
*C:\WINDOWS\System32\netapi32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+1836=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\system32\msvcrt.dll
*C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\oledlg.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\System32\OLEPRO32.DLL
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\LINKINFO.dll
*C:\WINDOWS\System32\ntshrui.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+736=C:\WINDOWS\System32\devldr32.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\DEVCON32.DLL
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\SFMAN32.DLL
*C:\WINDOWS\System32\wdmaud.drv
*C:\WINDOWS\System32\msacm32.drv
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\System32\midimap.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
+196=C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
+336=C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\oledlg.dll
*C:\WINDOWS\System32\OLEPRO32.DLL
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\Program Files\Common Files\Dell\EUSW\DDSM.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\qmgrprxy.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\RASAPI32.DLL
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\sensapi.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\wsock32.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\msxml3.dll
*C:\WINDOWS\System32\mlang.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
+2020=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\spool\drivers\w32x86\3\HPZR3204.DLL
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp04.dll
*C:\WINDOWS\System32\adsldpc.dll
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\setupapi.dll
*C:\WINDOWS\System32\mslbui.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
+432=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EVENTEX.dll
*C:\WINDOWS\System32\COMNCTR.dll
*C:\WINDOWS\System32\LOGILANG.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\MFC42.DLL
*C:\WINDOWS\system32\MSVCRT.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\Program Files\Logitech\MouseWare\SYSTEM\ccresrce.dll
*C:\Program Files\Logitech\MouseWare\SYSTEM\ccustom.dll
*C:\Program Files\Logitech\MouseWare\SYSTEM\ccresglb.dll
*C:\Program Files\Logitech\MouseWare\SYSTEM\ccstmglb.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\Program Files\Logitech\MouseWare\System\devices.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\ccmsghk.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+556=C:\WINDOWS\System32\hphmon03.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\CFGMGR32.dll
*C:\WINDOWS\System32\setupapi.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\HPHipr09.dll
+800=C:\Program Files\QuickTime\qttask.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+932=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\MFC71.DLL
*C:\WINDOWS\System32\MSVCR71.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\MSVFW32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\MPR.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\Program Files\Grisoft\AVG Free\avgcfg.dll
*C:\Program Files\Grisoft\AVG Free\avgklib.dll
*C:\Program Files\Grisoft\AVG Free\avglng.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\Program Files\Grisoft\AVG Free\avgf.dll
*C:\Program Files\Grisoft\AVG Free\AVGRES.DLL
*C:\Program Files\Grisoft\AVG Free\avgcckrn.dll
*C:\Program Files\Grisoft\AVG Free\avgvault.dll
*C:\Program Files\Grisoft\AVG Free\avgscan.dll
*C:\Program Files\Grisoft\AVG Free\avgunarc.dll
*C:\Program Files\Grisoft\AVG Free\avgrep.dll
*C:\PROGRA~1\Qualcomm\Eudora\Plugins\avgeud32.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+652=C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
+984=C:\WINDOWS\System32\rundll32.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\nvwddi.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\nvshell.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+876=C:\WINDOWS\System32\RUNDLL32.EXE
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\NVMCTRAY.DLL
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\mslbui.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
*C:\WINDOWS\System32\netapi32.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+1100=C:\WINDOWS\System32\ctfmon.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\MSUTB.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\system32\ole32.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+440=C:\Program Files\Netropa\OSD.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\wdmaud.drv
*C:\WINDOWS\System32\msacm32.drv
*C:\WINDOWS\System32\MSACM32.dll
*C:\WINDOWS\System32\midimap.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+1520=C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUChannel.dll
*C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\stlport_vc746.dll
*C:\WINDOWS\System32\MSVCP71.dll
*C:\WINDOWS\System32\MSVCR71.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\WININET.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\System32\MFC71.DLL
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\InetClnt.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\oledlg.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\SensAPI.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\SXS.DLL
*C:\WINDOWS\System32\RASAPI32.DLL
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\msi.dll
*C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgRequestMgr.dll
*C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgrps.dll
*C:\WINDOWS\System32\wsock32.dll
*C:\WINDOWS\System32\mswsock.dll
*C:\WINDOWS\System32\rasadhlp.dll
*C:\WINDOWS\System32\DNSAPI.dll
*C:\WINDOWS\System32\winrnr.dll
*C:\WINDOWS\system32\urlmon.dll
*C:\WINDOWS\System32\wshtcpip.dll
*C:\WINDOWS\System32\msxml3.dll
*C:\WINDOWS\System32\npnkrye.dll
+2000=C:\Program Files\WinZip\WZQKPICK.EXE
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\hhctrl.ocx
*C:\WINDOWS\System32\mslbui.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
+2524=C:\WINDOWS\System32\wuauclt.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\ATL.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\COMCTL32.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\wuaucpl.cpl
*C:\WINDOWS\System32\SHFOLDER.dll
*C:\WINDOWS\System32\wuaueng.dll
*C:\WINDOWS\System32\ADVPACK.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\System32\ESENT.dll
*C:\WINDOWS\System32\WTSAPI32.dll
*C:\WINDOWS\System32\WINSTA.dll
*C:\WINDOWS\System32\WINSPOOL.DRV
*C:\WINDOWS\System32\SETUPAPI.dll
*C:\WINDOWS\System32\WINHTTP.dll
*C:\WINDOWS\System32\WINTRUST.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\IMAGEHLP.dll
*C:\WINDOWS\System32\Cabinet.dll
*C:\WINDOWS\System32\mspatcha.dll
*C:\WINDOWS\System32\sfc.dll
*C:\WINDOWS\System32\sfc_os.dll
*C:\WINDOWS\System32\MSIMG32.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\wups.dll
*C:\WINDOWS\System32\wucltui.dll
+3164=C:\WINDOWS\System32\hjharl.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\shlwapi.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\System32\iphlpapi.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\system32\shell32.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\System32\Secur32.dll
*C:\WINDOWS\System32\RASAPI32.DLL
*C:\WINDOWS\System32\rasman.dll
*C:\WINDOWS\System32\NETAPI32.dll
*C:\WINDOWS\System32\TAPI32.dll
*C:\WINDOWS\System32\rtutils.dll
*C:\WINDOWS\System32\sensapi.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\system32\Apphelp.dll
+4020=C:\WINDOWS\System32\svchost.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*c:\windows\system32\wiaservc.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\OLE32.DLL
*C:\WINDOWS\system32\SHLWAPI.dll
*c:\windows\system32\CFGMGR32.dll
*C:\WINDOWS\System32\setupapi.dll
*C:\WINDOWS\system32\USERENV.dll
*c:\windows\system32\mscms.dll
*c:\windows\system32\WINSPOOL.DRV
*c:\windows\system32\WINSTA.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\actxprxy.dll
*C:\WINDOWS\System32\sti.dll
+1328=C:\WINDOWS\System32\HPHipm09.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\System32\WSOCK32.dll
*C:\WINDOWS\System32\WS2_32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\System32\WS2HELP.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\System32\NTMARTA.DLL
*C:\WINDOWS\system32\WLDAP32.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\System32\SAMLIB.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\HPHidr09.dll
+2276=C:\WINDOWS\system32\ntvdm.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\system32\NTVDMD.DLL
*C:\WINDOWS\system32\WOW32.dll
*C:\WINDOWS\system32\appHelp.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\system32\msvcrt.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\comdlg32.dll
*C:\WINDOWS\system32\COMCTL32.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\system32\USERENV.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\tsappcmp.dll
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\SYSTEM32\serwvdrv.dll
*C:\WINDOWS\SYSTEM32\umdmxfrm.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\nvwddi.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\mslbui.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
+3028=C:\Documents and Settings\mmilligan\Desktop\Virus Programs\Start Dreck\StartDreck.exe
*C:\WINDOWS\System32\ntdll.dll
*C:\WINDOWS\system32\kernel32.dll
*C:\Documents and Settings\mmilligan\Desktop\Virus Programs\Start Dreck\VB40032.DLL
*C:\WINDOWS\system32\ADVAPI32.dll
*C:\WINDOWS\system32\RPCRT4.dll
*C:\WINDOWS\system32\GDI32.dll
*C:\WINDOWS\system32\USER32.dll
*C:\WINDOWS\System32\MSVCRT20.dll
*C:\WINDOWS\system32\ole32.dll
*C:\WINDOWS\system32\OLEAUT32.dll
*C:\WINDOWS\system32\MSVCRT.DLL
*C:\WINDOWS\System32\OLEPRO32.DLL
*C:\Documents and Settings\mmilligan\Desktop\Virus Programs\Start Dreck\VB4DE32.DLL
*C:\WINDOWS\System32\uxtheme.dll
*C:\WINDOWS\System32\nView.dll
*C:\WINDOWS\system32\SHLWAPI.dll
*C:\WINDOWS\system32\SHELL32.dll
*C:\WINDOWS\System32\PSAPI.DLL
*C:\WINDOWS\System32\WINMM.dll
*C:\WINDOWS\system32\VERSION.dll
*C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6\comctl32.dll
*C:\WINDOWS\system32\comctl32.dll
*C:\WINDOWS\System32\serwvdrv.dll
*C:\WINDOWS\System32\umdmxfrm.dll
*C:\WINDOWS\System32\MSCTF.dll
*C:\PROGRA~1\PANICW~1\POP-UP~1\DPHOOK32.DLL
*C:\WINDOWS\PANICNT.dll
*C:\WINDOWS\System32\CLBCATQ.DLL
*C:\WINDOWS\System32\COMRes.dll
*C:\WINDOWS\System32\nvwddi.dll
*C:\WINDOWS\System32\npnkrye.dll
*C:\WINDOWS\system32\imagehlp.dll
*C:\WINDOWS\system32\wininet.dll
*C:\WINDOWS\system32\CRYPT32.dll
*C:\WINDOWS\system32\MSASN1.dll
*C:\WINDOWS\System32\mslbui.dll
*C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
»NT Services
*Alerter Alerter - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Application Layer Gateway Service ALG - on demand
`binary: C:\WINDOWS\System32\alg.exe
*Application Management AppMgmt - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*ASP.NET State Service aspnet_state - on demand
`binary: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
*Windows Audio AudioSrv running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*AVG7 Alert Manager Server Avg7Alrt running auto
`binary: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
*AVG7 Update Service Avg7UpdSvc running auto
`binary: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
*Background Intelligent Transfer Service BITS running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Computer Browser Browser running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Indexing Service cisvc - on demand
`binary: C:\WINDOWS\System32\cisvc.exe
*ClipBook ClipSrv - on demand
`binary: C:\WINDOWS\system32\clipsrv.exe
*COM+ System Application COMSysApp - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
*Creative Service for CDROM Access Creative Service for running auto
`binary: C:\WINDOWS\System32\CTsvcCDA.EXE
*Crypkey License Crypkey License running auto
`binary: crypserv.exe
*Cryptographic Services CryptSvc running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*DHCP Client Dhcp running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Logical Disk Manager Administrative Service dmadmin - on demand
`binary: C:\WINDOWS\System32\dmadmin.exe /com
*Logical Disk Manager dmserver running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*DNS Client Dnscache running auto
`binary: C:\WINDOWS\System32\svchost.exe -k NetworkService
*Error Reporting Service ERSvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Event Log Eventlog running auto
`binary: C:\WINDOWS\system32\services.exe
*COM+ Event System EventSystem running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*ewido security suite control ewido security suite running auto
`binary: C:\Program Files\ewido\security suite\ewidoctrl.exe
*ewido security suite guard ewido security suite - auto
`binary: C:\Program Files\ewido\security suite\ewidoguard.exe
*Fast User Switching Compatibility FastUserSwitchingCom - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Help and Support helpsvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Human Interface Device Access HidServ - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*IMAPI CD-Burning COM Service ImapiService - on demand
`binary: C:\WINDOWS\System32\imapi.exe
*Server lanmanserver running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Workstation lanmanworkstation running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*TCP/IP NetBIOS Helper LmHosts running auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Machine Debug Manager MDM running auto
`binary: "c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
*Messenger Messenger running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*NetMeeting Remote Desktop Sharing mnmsrvc - on demand
`binary: C:\WINDOWS\System32\mnmsrvc.exe
*Distributed Transaction Coordinator MSDTC - on demand
`binary: C:\WINDOWS\System32\msdtc.exe
*Windows Installer MSIServer - on demand
`binary: C:\WINDOWS\System32\msiexec.exe /V
*Network DDE NetDDE - on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Network DDE DSDM NetDDEdsdm - on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Net Logon Netlogon running auto
`binary: C:\WINDOWS\System32\lsass.exe
*Network Connections Netman running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Netropa NHK Server Nhksrv running auto
`binary: C:\WINDOWS\Nhksrv.exe
*Network Location Awareness (NLA) Nla running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Intel(R) NMS NMSSvc - on demand
`binary: C:\WINDOWS\System32\NMSSvc.exe
*NT LM Security Support Provider NtLmSsp - on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Removable Storage NtmsSvc - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*NVIDIA Display Driver Service NVSvc running auto
`binary: C:\WINDOWS\System32\nvsvc32.exe
*Plug and Play PlugPlay running auto
`binary: C:\WINDOWS\system32\services.exe
*Pml Driver Pml Driver running on demand
`binary: C:\WINDOWS\System32\HPHipm09.exe
*IPSEC Services PolicyAgent running auto
`binary: C:\WINDOWS\System32\lsass.exe
*Protected Storage ProtectedStorage running auto
`binary: C:\WINDOWS\system32\lsass.exe
*Remote Access Auto Connection Manager RasAuto - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Access Connection Manager RasMan running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Desktop Help Session Manager RDSessMgr - on demand
`binary: C:\WINDOWS\system32\sessmgr.exe
*Routing and Remote Access RemoteAccess - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Registry RemoteRegistry running auto
`binary: C:\WINDOWS\system32\svchost.exe -k LocalService
*Remote Procedure Call (RPC) Locator RpcLocator - on demand
`binary: C:\WINDOWS\System32\locator.exe
*Remote Procedure Call (RPC) RpcSs running auto
`binary: C:\WINDOWS\system32\svchost -k rpcss
*QoS RSVP RSVP - on demand
`binary: C:\WINDOWS\System32\rsvp.exe
*Security Accounts Manager SamSs running auto
`binary: C:\WINDOWS\system32\lsass.exe
*Smart Card Helper SCardDrv - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Smart Card SCardSvr - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Task Scheduler Schedule running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Secondary Logon seclogon running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*System Event Notification SENS running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Internet Connection Firewall (ICF) / Internet C SharedAccess - on demand
`onnection Sharing (ICS)
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Shell Hardware Detection ShellHWDetection running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Print Spooler Spooler running auto
`binary: C:\WINDOWS\system32\spoolsv.exe
*System Restore Service srservice - auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*SSDP Discovery Service SSDPSRV running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows Image Acquisition (WIA) stisvc running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k imgsvc
*MS Software Shadow Copy Provider SwPrv - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{30C7C556-C8D1-46C4-B37C-6C2876E96338}
*Performance Logs and Alerts SysmonLog - on demand
`binary: C:\WINDOWS\system32\smlogsvc.exe
*Telephony TapiSrv running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Terminal Services TermService running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Themes Themes running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Telnet TlntSvr - on demand
`binary: C:\WINDOWS\System32\tlntsvr.exe
*Distributed Link Tracking Client TrkWks running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Upload Manager uploadmgr running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Universal Plug and Play Device Host upnphost - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Uninterruptible Power Supply UPS - on demand
`binary: C:\WINDOWS\System32\ups.exe
*Volume Shadow Copy VSS - on demand
`binary: C:\WINDOWS\System32\vssvc.exe
*Windows Time w32time running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*WebClient WebClient running auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows Management Instrumentation winmgmt running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*WMDM PMSP Service WMDM PMSP Service running auto
`binary: C:\WINDOWS\System32\MsPMSPSv.exe
*Portable Media Serial Number Service WmdmPmSN - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Windows Management Instrumentation Driver Exten Wmi - on demand
`sions
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WMI Performance Adapter WmiApSrv - on demand
`binary: C:\WINDOWS\System32\wbem\wmiapsrv.exe
*Automatic Updates wuauserv running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Wireless Zero Configuration WZCSVC running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
»NT Kernel- and FS-drivers
*Abiosdsk Abiosdsk - disabled
`binary:
*abp480n5 abp480n5 - disabled
`binary: \SystemRoot\System32\DRIVERS\ABP480N5.SYS
*Intel(r) 82801 Audio Driver Install Service (WD ac97intc - on demand
`M)
`binary: system32\drivers\ac97intc.sys
*Microsoft ACPI Driver ACPI running boot
`binary: \SystemRoot\System32\DRIVERS\ACPI.sys
*ACPIEC ACPIEC - disabled
`binary:
*adpu160m adpu160m - disabled
`binary: \SystemRoot\System32\DRIVERS\adpu160m.sys
*Microsoft Kernel Acoustic Echo Canceller aec - on demand
`binary: system32\drivers\aec.sys
*AFD Networking Support Environment AFD running auto
`binary: \SystemRoot\System32\drivers\afd.sys
*Intel AGP Bus Filter agp440 running boot
`binary: \SystemRoot\System32\DRIVERS\agp440.sys
*Compaq AGP Bus Filter agpCPQ - disabled
`binary: \SystemRoot\System32\DRIVERS\agpCPQ.sys
*Aha154x Aha154x - disabled
`binary: \SystemRoot\System32\DRIVERS\aha154x.sys
*aic78u2 aic78u2 - disabled
`binary: \SystemRoot\System32\DRIVERS\aic78u2.sys
*aic78xx aic78xx - disabled
`binary: \SystemRoot\System32\DRIVERS\aic78xx.sys
*AliIde AliIde - disabled
`binary: \SystemRoot\System32\DRIVERS\aliide.sys
*ALI AGP Bus Filter alim1541 - disabled
`binary: \SystemRoot\System32\DRIVERS\alim1541.sys
*AMD AGP Bus Filter Driver amdagp - disabled
`binary: \SystemRoot\System32\DRIVERS\amdagp.sys
*amsint amsint - disabled
`binary: \SystemRoot\System32\DRIVERS\amsint.sys
*asc asc - disabled
`binary: \SystemRoot\System32\DRIVERS\asc.sys
*asc3350p asc3350p - disabled
`binary: \SystemRoot\System32\DRIVERS\asc3350p.sys
*asc3550 asc3550 - disabled
`binary: \SystemRoot\System32\DRIVERS\asc3550.sys
*ASCTRM ASCTRM running auto
`binary:
*RAS Asynchronous Media Driver AsyncMac - on demand
`binary: System32\DRIVERS\asyncmac.sys
*Standard IDE/ESDI Hard Disk Controller atapi running boot
`binary: \SystemRoot\System32\DRIVERS\atapi.sys
*Atdisk Atdisk - disabled
`binary:
*ATM ARP Client Protocol Atmarpc - on demand
`binary: System32\DRIVERS\atmarpc.sys
*Audio Stub Driver audstub running on demand
`binary: System32\DRIVERS\audstub.sys
*AVG7 Kernel Avg7Core running system
`binary: \SystemRoot\System32\Drivers\avg7core.sys
*AVG7 Wrap Driver Avg7RsW running system
`binary: \SystemRoot\System32\Drivers\avg7rsw.sys
*AVG7 Rezident Driver Avg7RsXP running system
`binary: \SystemRoot\System32\Drivers\avg7rsxp.sys
*basic2 basic2 running on demand
`binary: System32\DRIVERS\basic2.sys
*Beep Beep running system
`binary:
*bvrp_pci bvrp_pci - on demand
`binary:
*cbidf cbidf - disabled
`binary: \SystemRoot\System32\DRIVERS\cbidf2k.sys
*cbidf2k cbidf2k - disabled
`binary:
*cd20xrnt cd20xrnt - disabled
`binary: \SystemRoot\System32\DRIVERS\cd20xrnt.sys
*Cdaudio Cdaudio - system
`binary:
*Cdfs Cdfs running disabled
`binary:
*Cdr4_xp Cdr4_xp running system
`binary:
*Cdralw2k Cdralw2k running system
`binary:
*CD-ROM Driver Cdrom running system
`binary: System32\DRIVERS\cdrom.sys
*cdudf_xp cdudf_xp running system
`binary:
*Changer Changer - system
`binary:
*CmdIde CmdIde - disabled
`binary: \SystemRoot\System32\DRIVERS\cmdide.sys
*Cpqarray Cpqarray - disabled
`binary: \SystemRoot\System32\DRIVERS\cpqarray.sys
*Creative SBLive! Gameport ctljystk running on demand
`binary: System32\DRIVERS\ctljystk.sys
*dac2w2k dac2w2k - disabled
`binary: \SystemRoot\System32\DRIVERS\dac2w2k.sys
*dac960nt dac960nt - disabled
`binary: \SystemRoot\System32\DRIVERS\dac960nt.sys
*Disk Driver Disk running boot
`binary: \SystemRoot\System32\DRIVERS\disk.sys
*dmboot dmboot - disabled
`binary: System32\drivers\dmboot.sys
*Logical Disk Manager Driver dmio running boot
`binary: \SystemRoot\System32\drivers\dmio.sys
*dmload dmload running boot
`binary: \SystemRoot\System32\drivers\dmload.sys
*Microsoft Kernel DLS Syntheiszer DMusic - on demand
`binary: system32\drivers\DMusic.sys
*MS IEEE-1284.4 Driver dot4 - on demand
`binary: System32\DRIVERS\Dot4.sys
*Dot4 HPH09 Dot4 HPH09 running on demand
`binary: System32\DRIVERS\hphid409.sys
*Print Class Driver for IEEE-1284.4 Dot4Print - on demand
`binary: System32\DRIVERS\Dot4Prt.sys
*Print Class Driver for IEEE-1284.4 HPH09 Dot4Print HPH09 running on demand
`binary: System32\DRIVERS\hphipr09.sys
*Storage Class Driver for IEEE-1284.4 (HPH09) Dot4Storage HPH09 running on demand
`binary: System32\Drivers\hphs2k09.sys
*Dot4USB Filter Dot4USB Filter dot4usb - on demand
`binary: System32\DRIVERS\dot4usb.sys
*Dot4Usb HPH09 Dot4Usb HPH09 running on demand
`binary: System32\drivers\hphius09.sys
*dpti2o dpti2o - disabled
`binary: \SystemRoot\System32\DRIVERS\dpti2o.sys
*Microsoft Kernel DRM Audio Descrambler drmkaud - on demand
`binary: system32\drivers\drmkaud.sys
*dvd_2K dvd_2K - on demand
`binary:
*Intel(R) PRO Adapter Driver E100B running on demand
`binary: System32\DRIVERS\e100b325.sys
*3Com EtherLink XL 90XB/C Adapter Driver EL90XBC - on demand
`binary: System32\DRIVERS\el90xbc5.sys
*Creative SB Live! (WDM) emu10k running on demand
`binary: system32\drivers\emu10k1m.sys
*Creative Interface Manager Driver (WDM) emu10k1 running on demand
`binary: system32\drivers\ctlfacem.sys
*ewido security suite driver ewido security suite running system
`binary: \??\C:\Program Files\ewido\security suite\guard.sys
*Fallback Fallback running auto
`binary: System32\DRIVERS\fallback.sys
*Fastfat Fastfat running disabled
`binary:
*Floppy Disk Controller Driver Fdc running on demand
`binary: System32\DRIVERS\fdc.sys
*Fips Fips running system
`binary:
*Floppy Disk Driver Flpydisk running on demand
`binary: System32\DRIVERS\flpydisk.sys
*Fsks Fsks running auto
`binary: System32\DRIVERS\fsksnt.sys
*Volume Manager Driver Ftdisk running boot
`binary: \SystemRoot\System32\DRIVERS\ftdisk.sys
*Game Port Enumerator gameenum running on demand
`binary: System32\DRIVERS\gameenum.sys
*Generic Packet Classifier Gpc running on demand
`binary: System32\DRIVERS\msgpc.sys
*Microsoft HID Class Driver HidUsb - on demand
`binary: System32\DRIVERS\hidusb.sys
*hpn hpn - disabled
`binary: \SystemRoot\System32\DRIVERS\hpn.sys
*hpt3xx hpt3xx - disabled
`binary: \SystemRoot\System32\DRIVERS\hpt3xx.sys
*hsf_msft hsf_msft - on demand
`binary: System32\DRIVERS\HSF_MSFT.sys
*i2omgmt i2omgmt running system
`binary:
*i2omp i2omp - disabled
`binary: \SystemRoot\System32\DRIVERS\i2omp.sys
*i8042 Keyboard and PS/2 Mouse Port Driver i8042prt running system
`binary: System32\DRIVERS\i8042prt.sys
*Imapi Imapi running system
`binary:
*ini910u ini910u - disabled
`binary: \SystemRoot\System32\DRIVERS\ini910u.sys
*IntelIde IntelIde running boot
`binary: \SystemRoot\System32\DRIVERS\intelide.sys
*IP Traffic Filter Driver IpFilterDriver - on demand
`binary: System32\DRIVERS\ipfltdrv.sys
*IP in IP Tunnel Driver IpInIp - on demand
`binary: System32\DRIVERS\ipinip.sys
*IP Network Address Translator IpNat - on demand
`binary: System32\DRIVERS\ipnat.sys
*IPSEC driver IPSec running system
`binary: System32\DRIVERS\ipsec.sys
*IR Enumerator Service IRENUM - on demand
`binary: System32\DRIVERS\irenum.sys
*PnP ISA/EISA Bus Driver isapnp running boot
`binary: \SystemRoot\System32\DRIVERS\isapnp.sys
*K56 K56 running auto
`binary: System32\DRIVERS\k56nt.sys
*Keyboard Class Driver Kbdclass running system
`binary: System32\DRIVERS\kbdclass.sys
*Keyboard HID Driver kbdhid - system
`binary: System32\DRIVERS\kbdhid.sys
*Microsoft Kernel Wave Audio Mixer kmixer running on demand
`binary: system32\drivers\kmixer.sys
*KSecDD KSecDD running boot
`binary:
*Logitech PS/2 Mouse Filter Driver l8042pr2 running on demand
`binary: System32\DRIVERS\L8042Pr2.sys
*lbrtfdc lbrtfdc - system
`binary:
*Logitech HID/USB Mouse Filter Driver lhidflt2 - on demand
`binary: System32\DRIVERS\lhidflt2.sys
*Logitech Keyboard Class Filter Driver lkbdflt2 running on demand
`binary: System32\DRIVERS\lkbdflt2.sys
*Logitech Mouse Class Filter Driver lmouflt2 running on demand
`binary: System32\DRIVERS\lmouflt2.sys
*mmc_2K mmc_2K running on demand
`binary:
*mnmdd mnmdd running system
`binary:
*Modem Modem running on demand
`binary:
*Unimodem Streaming Filter Device MODEMCSA running on demand
`binary: system32\drivers\MODEMCSA.sys
*Mouse Class Driver Mouclass running system
`binary: System32\DRIVERS\mouclass.sys
*Mouse HID Driver mouhid - on demand
`binary: System32\DRIVERS\mouhid.sys
*Mount Point Manager MountMgr running boot
`binary:
*mraid35x mraid35x - disabled
`binary: \SystemRoot\System32\DRIVERS\mraid35x.sys
*WebDav Client Redirector MRxDAV running on demand
`binary: System32\DRIVERS\mrxdav.sys
*MRxSmb MRxSmb running system
`binary: System32\DRIVERS\mrxsmb.sys
*Msfs Msfs running system
`binary:
*DellTouch Msikbd2k running on demand
`binary: System32\DRIVERS\msikbd2k.sys
*Microsoft Streaming Service Proxy MSKSSRV - on demand
`binary: system32\drivers\MSKSSRV.sys
*Microsoft Streaming Clock Proxy MSPCLOCK - on demand
`binary: system32\drivers\MSPCLOCK.sys
*Microsoft Streaming Quality Manager Proxy MSPQM - on demand
`binary: system32\drivers\MSPQM.sys
*Mup Mup running boot
`binary:
*NDIS System Driver NDIS running boot
`binary:
*Remote Access NDIS TAPI Driver NdisTapi running on demand
`binary: System32\DRIVERS\ndistapi.sys
*NDIS Usermode I/O Protocol Ndisuio running on demand
`binary: System32\DRIVERS\ndisuio.sys
*Remote Access NDIS WAN Driver NdisWan running on demand
`binary: System32\DRIVERS\ndiswan.sys
*NDIS Proxy NDProxy running on demand
`binary:
*NetBIOS Interface NetBIOS running system
`binary: System32\DRIVERS\netbios.sys
*NetBios over Tcpip NetBT running system
`binary: System32\DRIVERS\netbt.sys
*NetworkX NetworkX running system
`binary: \SystemRoot\system32\ckldrv.sys
*NIC Management Service Configuration Driver NMSCFG - on demand
`binary: \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS
*Npfs Npfs running system
`binary:
*Ntfs Ntfs running disabled
`binary:
*Null Null running system
`binary:
*nv nv running on demand
`binary: System32\DRIVERS\nv4_mini.sys
*nv4 nv4 - on demand
`binary: System32\DRIVERS\nv4.sys
*IPX Traffic Filter Driver NwlnkFlt - on demand
`binary: System32\DRIVERS\nwlnkflt.sys
*IPX Traffic Forwarder Driver NwlnkFwd - on demand
`binary: System32\DRIVERS\nwlnkfwd.sys
*Intel PentiumIII Processor Driver P3 - system
`binary: System32\DRIVERS\p3.sys
*Parallel port driver Parport running on demand
`binary: System32\DRIVERS\parport.sys
*Partition Manager PartMgr running boot
`binary:
*ParVdm ParVdm running auto
`binary:
*PCI Bus Driver PCI running boot
`binary: \SystemRoot\System32\DRIVERS\pci.sys
*PCIDump PCIDump - system
`binary:
*PCIIde PCIIde - disabled
`binary: \SystemRoot\System32\DRIVERS\pciide.sys
*Pcmcia Pcmcia - disabled
`binary:
*PDCOMP PDCOMP - on demand
`binary:
*PDFRAME PDFRAME - on demand
`binary:
*PDRELI PDRELI - on demand
`binary:
*PDRFRAME PDRFRAME - on demand
`binary:
*perc2 perc2 - disabled
`binary: \SystemRoot\System32\DRIVERS\perc2.sys
*perc2hib perc2hib - disabled
`binary: \SystemRoot\System32\DRIVERS\perc2hib.sys
*PfModNT PfModNT running auto
`binary: \??\C:\WINDOWS\System32\PfModNT.sys
*WAN Miniport (PPTP) PptpMiniport running on demand
`binary: System32\DRIVERS\raspptp.sys
*Processor Driver Processor running system
`binary: System32\DRIVERS\processr.sys
*QoS Packet Scheduler PSched running on demand
`binary: System32\DRIVERS\psched.sys
*Direct Parallel Link Driver Ptilink running on demand
`binary: System32\DRIVERS\ptilink.sys
*pwd_2k pwd_2k running system
`binary:
*ql1080 ql1080 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql1080.sys
*Ql10wnt Ql10wnt - disabled
`binary: \SystemRoot\System32\DRIVERS\ql10wnt.sys
*ql12160 ql12160 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql12160.sys
*ql1240 ql1240 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql1240.sys
*ql1280 ql1280 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql1280.sys
*Remote Access Auto Connection Driver RasAcd running system
`binary: System32\DRIVERS\rasacd.sys
*WAN Miniport (L2TP) Rasl2tp running on demand
`binary: System32\DRIVERS\rasl2tp.sys
*Remote Access PPPOE Driver RasPppoe running on demand
`binary: System32\DRIVERS\raspppoe.sys
*Direct Parallel Raspti running on demand
`binary: System32\DRIVERS\raspti.sys
*Rdbss Rdbss running system
`binary: System32\DRIVERS\rdbss.sys
*RDPCDD RDPCDD running system
`binary: System32\DRIVERS\RDPCDD.sys
*Terminal Server Device Redirector Driver rdpdr running on demand
`binary: System32\DRIVERS\rdpdr.sys
*RDPWD RDPWD - on demand
`binary:
*Digital CD Audio Playback Filter Driver redbook running system
`binary: System32\DRIVERS\redbook.sys
*Rksample Rksample running on demand
`binary: System32\DRIVERS\rksample.sys
*Secdrv Secdrv - on demand
`binary: System32\DRIVERS\secdrv.sys
*Serenum Filter Driver serenum running on demand
`binary: System32\DRIVERS\serenum.sys
*Serial port driver Serial running system
`binary: System32\DRIVERS\serial.sys
*Sfloppy Sfloppy - system
`binary:
*Creative SoundFont Manager Driver (WDM) sfman running on demand
`binary: system32\drivers\sfmanm.sys
*Simbad Simbad - disabled
`binary:
*SIS AGP Bus Filter sisagp - disabled
`binary: \SystemRoot\System32\DRIVERS\sisagp.sys
*SoftFax SoftFax running auto
`binary: System32\DRIVERS\faxnt.sys
*Sparrow Sparrow - disabled
`binary: \SystemRoot\System32\DRIVERS\sparrow.sys
*SpeakerPhone SpeakerPhone running auto
`binary: System32\DRIVERS\spkpnt.sys
*Microsoft Kernel Audio Splitter splitter - on demand
`binary: system32\drivers\splitter.sys
*System Restore Filter Driver sr - disabled
`binary: \SystemRoot\System32\DRIVERS\sr.sys
*Srv Srv running on demand
`binary: System32\DRIVERS\srv.sys
*Software Bus Driver swenum running on demand
`binary: System32\DRIVERS\swenum.sys
*Microsoft Kernel GS Wavetable Synthesizer swmidi - on demand
`binary: system32\drivers\swmidi.sys
*symc810 symc810 - disabled
`binary: \SystemRoot\System32\DRIVERS\symc810.sys
*symc8xx symc8xx - disabled
`binary: \SystemRoot\System32\DRIVERS\symc8xx.sys
*sym_hi sym_hi - disabled
`binary: \SystemRoot\System32\DRIVERS\sym_hi.sys
*sym_u3 sym_u3 - disabled
`binary: \SystemRoot\System32\DRIVERS\sym_u3.sys
*Microsoft Kernel System Audio Device sysaudio running on demand
`binary: system32\drivers\sysaudio.sys
*TCP/IP Protocol Driver Tcpip running system
`binary: System32\DRIVERS\tcpip.sys
*TDPIPE TDPIPE - on demand
`binary:
*TDTCP TDTCP - on demand
`binary:
*Terminal Device Driver TermDD running system
`binary: System32\DRIVERS\termdd.sys
*Tones Tones running auto
`binary: System32\DRIVERS\tonesnt.sys
*TosIde TosIde - disabled
`binary: \SystemRoot\System32\DRIVERS\toside.sys
*UdfReadr_xp UdfReadr_xp running system
`binary:
*Udfs Udfs - disabled
`binary:
*ultra ultra - disabled
`binary: \SystemRoot\System32\DRIVERS\ultra.sys
*Microcode Update Driver Update running on demand
`binary: System32\DRIVERS\update.sys
*Microsoft USB Generic Parent Driver usbccgp - on demand
`binary: System32\DRIVERS\usbccgp.sys
*Microsoft USB Standard Hub Driver usbhub running on demand
`binary: System32\DRIVERS\usbhub.sys
*Microsoft USB Universal Host Controller Minipor usbuhci running on demand
`t Driver
`binary: System32\DRIVERS\usbuhci.sys
*V124 V124 running auto
`binary: System32\DRIVERS\v124nt.sys
*VGA Display Controller. VgaSave running system
`binary: \SystemRoot\System32\drivers\vga.sys
*VIA AGP Bus Filter viaagp - disabled
`binary: \SystemRoot\System32\DRIVERS\viaagp.sys
*ViaIde ViaIde - disabled
`binary: \SystemRoot\System32\DRIVERS\viaide.sys
*VolSnap VolSnap running boot
`binary:
*Remote Access IP ARP Driver Wanarp running on demand
`binary: System32\DRIVERS\wanarp.sys
*WDICA WDICA - on demand
`binary:
*Microsoft WINMM WDM Audio Compatibility Driver wdmaud running on demand
`binary: system32\drivers\wdmaud.sys
*winachsf winachsf running on demand
`binary: System32\DRIVERS\HSF_CNXT.sys
*Windows Socket 2.0 Non-IFS Service Provider Sup WS2IFSL - disabled
`port Environment
`binary: \SystemRoot\System32\drivers\ws2ifsl.sys
»Application specific

0

OK- the dllcompare log is clean, but it will take me a bit of time to snuffle through all of those Startdreck entries; please hang in there.

0

I will be leaving work in about 40 minutes. Should I just leave my computer on tonight so as to not give the files a chance to 'transform' into another file? Am I compromising our network here at work in any way?

Thank you.

0

Should I just leave my computer on tonight so as to not give the files a chance to 'transform' into another file?

If possible, yes.

Am I compromising our network here at work in any way?

Possibly; spyware and adware infections do not spread over networks, but viruses/trojans/worms obviously do. However, if your machine is infected by network-spread infected, chances are very good that you're not the only one (or the first one) who's been hit.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.