|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 My Internet Explorer is incredibly slow & often has a “Not Responding” status(Click here to view the original thread with full colors/images)Posted by: mantis My Internet Explorer is incredibly slow & often has a “Not Responding” status My Internet Explorer is very slow & often has a “Not Responding” status. I have to use the Windows Task Manager’s “End Task” feature to stop the browser’s activity. Under the Windows Task Manager’s “Processes” tab, the browser usually consumes 98 to 99% of the CPU when this problem occurs. I noticed that this problem became intolerable when I found two virus programs (MyPCSearch.exe and Second Thought) mysteriously installed on my computer and linked to on the desktop. I tried to remove them based on information I found in different user forums on the internet, but I suspect that my one or two attempts didn’t work. I didn’t make any changes to the registry. Please do not be deterred to find that my HiJackThis log file was created in December. I ran all of this forum’s required virus scans and didn’t use the computer from the time when I ran HiJackThis until January 18th. I look forward to your evaluation and advice. Logfile of HijackThis v1.99.0 Scan saved at 5:13:11 PM, on 12/20/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\Iomega\System32\AppServices.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\NALNTSRV.EXE C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe C:\WINDOWS\System32\dpmw32.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SealedMedia\sealmon.exe C:\Program Files\NavNT\vptray.exe C:\antispyware\counterspy\sunasDTServ.exe C:\antispyware\counterspy\sunasServ.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe C:\Program Files\Handspring\HOTSYNC.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\antispyware\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.dellnet.com/[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://141.161.93.5:8080/proxy.pac O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [sunasDTServ] C:\antispyware\counterspy\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\antispyware\counterspy\sunasServ.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe" O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe" O4 - Startup: HotSync Manager.LNK = C:\Program Files\Handspring\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Backgammon - [url]http://download.games.yahoo.com/games/clients/y/at0_x.cab[/url] O16 - DPF: Yahoo! Gin - [url]http://download.games.yahoo.com/games/clients/y/nt1_x.cab[/url] O16 - DPF: Yahoo! Spades - [url]http://download.games.yahoo.com/games/clients/y/st2_x.cab[/url] O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url]http://support.dell.com/systemprofiler/SysPro.CAB[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url]http://www.installengine.com/engine/isetup.cab[/url] O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - [url]http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab[/url] O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [url]http://www.live365.com/players/play365.cab[/url] O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Novell Application Launcher - Novell, Inc. - C:\WINDOWS\System32\NALNTSRV.EXE O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Posted by: Roshi229 Thank you for your post, i see that you have the current version of HJT and it's not in a temp folder. looks like you're ready to go. as these logs can take some time to work through please be patient and an expert will be with you shortly. thanks, ~KB Posted by: mantis KB, Thank you for your response and attention. I look forward to feedback from the next person / step in the process that you mentioned. Sincerely, M Posted by: southernlady mantis, I still would like you to run a current hijack log if you don't mind. Even minimal usage can affect a log. I know you said you haven't been on line much but even a little bit, even just to post here will affect what we see. Liz Posted by: mantis Hi Liz, Thank you for your response. I apologize for not responding to your message earlier. After checking this site a couple of times a day for a while, I honestly thought I’d been forgotten and assumed my file might be retired by now. I’m very glad to see your message and am happy to post a new HiJackThis report. I really hope you can help me. I can add a few things to my problem description: -my browser - Internet Explorer 6.0 – hangs when I visit certain sites, such as Yahoo! Mail (mail.yahoo.com) and America Online Email (aolmail.aol.com) – and try to log into my accounts. I have allowed the browser to run for as long as 8 minutes before stopping it using the Windows Task Manager’s “End Process” function. In these instances, the Windows Task Manager’s Processes tab shows that “IEXPLORE.EXE” is consuming 99% of the CPU’s activity. Under the Applications tab, it shows that the application is “Not Responding.” -I have more than one user log-in identity on this computer (Windows XP Professional) and the other accounts don’t have this browser problem. Thank you again for your help. I look forward to your suggestions. Most sincerely, mantis Logfile of HijackThis v1.99.0 Scan saved at 10:53:44 PM, on 1/28/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\Iomega\System32\AppServices.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\NALNTSRV.EXE C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\MsgSys.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe C:\WINDOWS\System32\dpmw32.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SealedMedia\sealmon.exe C:\Program Files\NavNT\vptray.exe C:\antispyware\microsoft antispyware\gcasServ.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Handspring\HOTSYNC.EXE C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe C:\WINDOWS\System32\wuauclt.exe C:\antispyware\microsoft antispyware\gcasDtServ.exe C:\WINDOWS\Explorer.exe C:\antispyware\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com/[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://141.161.93.5:8080/proxy.pac O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [gcasServ] "C:\antispyware\microsoft antispyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe" O4 - Startup: HotSync Manager.LNK = C:\Program Files\Handspring\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Backgammon - [url]http://download.games.yahoo.com/games/clients/y/at0_x.cab[/url] O16 - DPF: Yahoo! Gin - [url]http://download.games.yahoo.com/games/clients/y/nt1_x.cab[/url] O16 - DPF: Yahoo! Spades - [url]http://download.games.yahoo.com/games/clients/y/st2_x.cab[/url] O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url]http://support.dell.com/systemprofiler/SysPro.CAB[/url] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url]http://www.installengine.com/engine/isetup.cab[/url] O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - [url]http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab[/url] O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [url]http://www.live365.com/players/play365.cab[/url] O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Novell Application Launcher - Novell, Inc. - C:\WINDOWS\System32\NALNTSRV.EXE O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Posted by: rstones12 mantis, Here are some preliminary items you need to do first. You may want to print out these instructions out for reference. [b]1.[/b] First Download [URL=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/URL] And save it to your desktop. Close all open browser windows and any other open windows. Install CWShredder, then: Open CWS and click [b]"FIX"[/b] [b]2.[/b] Please run [b]each[/b] of these online scans, allow each one to delete anything they find: You may have to select auto-fix prior to scanning, it should be a selection on the screen.[LIST][URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/URL] [URL=http://housecall.trendmicro.com/housecall/start_corp.asp][color=blue]TrendMicro HouseCall[/color][/URL] [URL=http://www3.ca.com/virusinfo/virusscan.aspx][color=blue]eTrust AntiVirus Web Scanner[/color][/URL] [/LIST]Please make a note of anything that wasn't or couldn't be fixed. Reboot your machine when finished. [b]3.[/b] You may have run these programs already, make sure they are up to date and run per provided instructions. Current Versions are: [b]Spybot S&D Ver: 1.3[/b] [URL=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/URL] [b]Ad-Aware SE Build 1.05[/b] [URL=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/URL] Download and install both Spybot S&D and Ad-Aware SE. Instructions: [b]Spybot S&D:[/b] Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D. [b]*[/b]Close [b]ALL [/b]windows except Spybot S&D [b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates. [b]*[/b]Close Spybot then launch it again [b]*[/b]Click the button [b]"Check for Problems" [/b] [b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window [b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color] [b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries. [b]Ad-Aware SE FULL SCAN:[/b] Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal. When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files. From main window: [b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b] [b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries. [b]*[/b]To scan just click the [b]Next[/b] button. When the scan has finished [b]mark everything for removal [/b]and get rid of it. [i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i] The program will ask if you want to fix/delete selected items, choose yes/fix. Empty Your Recycle Bin. Reboot your machine and post a new HJT log, by clicking [b]"Post a Reply"[/b] Posted by: mantis Hello, I've followed the instructions again, & here's the report that HiJackThis created for my computer. Thanks again for your guidance. I really hope someone will be able to help me! Many thanks, m Logfile of HijackThis v1.99.0 Scan saved at 7:10:49 PM, on 1/30/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\PROGRA~1\Iomega\System32\AppServices.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\NALNTSRV.EXE C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\MsgSys.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe C:\WINDOWS\System32\dpmw32.exe C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe C:\WINDOWS\System32\NWTRAY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\SealedMedia\sealmon.exe C:\Program Files\NavNT\vptray.exe C:\antispyware\microsoft antispyware\gcasServ.exe C:\Program Files\Handspring\HOTSYNC.EXE C:\antispyware\microsoft antispyware\gcasDtServ.exe C:\antispyware\hijack this\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com/[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=http://141.161.93.5:8080/proxy.pac O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [gcasServ] "C:\antispyware\microsoft antispyware\gcasServ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe" O4 - Startup: HotSync Manager.LNK = C:\Program Files\Handspring\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Backgammon - [url]http://download.games.yahoo.com/games/clients/y/at0_x.cab[/url] O16 - DPF: Yahoo! Gin - [url]http://download.games.yahoo.com/games/clients/y/nt1_x.cab[/url] O16 - DPF: Yahoo! Spades - [url]http://download.games.yahoo.com/games/clients/y/st2_x.cab[/url] O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [url]http://support.dell.com/systemprofiler/SysPro.CAB[/url] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - [url]http://www.installengine.com/engine/isetup.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url] O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - [url]http://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab[/url] O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - [url]http://www.live365.com/players/play365.cab[/url] O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Novell Application Launcher - Novell, Inc. - C:\WINDOWS\System32\NALNTSRV.EXE O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Posted by: i_h8_IE You can save yourself a lot of trouble by using the Firefox web browser instead. IE is very prone for spyware Posted by: southernlady i_h8_IE, thank you for that but we are helping her get rid of the problem and tightening up her security settings, NOT telling her the IE is the problem. That isn't helpful. Liz Posted by: MicroBell Please consider installing the service packs for both XP and IE6. Your log is clean. Let's look deeper though to make sure. Download: [URL=http://www.greyknight17.com/spy/StartDreck.zip][b]StartDreck[/b][/URL] Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread Posted by: mantis Hi Microbell, Thanks for your help. Below, please see the report you've asked for. I'm very happy to receive help from you and this forum's members, and I look forward to solving my computer's problems. In response to your advice to install the service packs for XP & IE6, I have a question. Is it possible to install the entire ServicePack2 file as it exists after having installed ServicePack 1 and 2 in the past? If so, how should I proceed? I'm apprehensive about installing individual updates because I installed a few Microsoft updates to my Win98 computer a few years ago as a precaution and they created problems where there were none previously. On my computer, I currently have: Q824145 for Internet Explorer ...and the following WindowsXP HotFixes: KB823980 KB835732 KB842773 Thank you very much, m StartDreck (build 2.1.7 public stable) - 2005-01-31 @ 09:31:24 (GMT -05:00) Platform: Windows XP (Win NT 5.1.2600 ) Internet Explorer: 6.0.2600.0000 Logged in as tyriek at TYRIEK »Registry »Run Keys »Current User »Run *ctfmon.exe=C:\WINDOWS\System32\ctfmon.exe *Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized *SureCleanProfessional="C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe" »RunOnce »Default User »Run »RunOnce »Local Machine »Run *NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize *SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe *SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe *TCASUTIEXE=TCAUDIAG -off *DadApp=C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe *MoneyStartUp10.0="C:\Program Files\Microsoft Money\System\Activation.exe" *AdaptecDirectCD="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" *Lexmark X73 Button Monitor=C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe *Lexmark X73 Button Manager=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe *PrinTray=C:\WINDOWS\System32\spool\DRIVERS\W32X86 \3\printray.exe *NDPS=C:\WINDOWS\System32\dpmw32.exe *NWTRAY=NWTRAY.EXE *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *TkBellExe=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot *Synchronization Manager=%SystemRoot%\system32\mobsync.exe /logon *sealmon=C:\Program Files\SealedMedia\sealmon.exe *vptray=C:\Program Files\NavNT\vptray.exe *gcasServ="C:\antispyware\microsoft antispyware\gcasServ.exe" +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\antispyware\spybot search and destroy 1.3\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Windows Messenger/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser +Microsoft Windows Media Player 8/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe +Fax/{8b15971b-5355-4c82-8c07-7e181ea07608} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser +Internet Explorer Access/{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} *StubPath=rundll32 iesetup.dll,IEAccessUserInst »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx *MoneySide.BrowserHelperObject.10/{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} `InprocServer32=C:\Program Files\Microsoft Money\System\mnyviewer.dll »Internet Explorer »Current User *Default_Page_URL=http://www.dellnet.com/ *Local Page=C:\WINDOWS\System32\blank.htm *Search Bar= *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.google.com.br/ +SearchUrl *provider= »Default User *Default_Page_URL=http://www.dellnet.com/ *First Home Page=http://www.dellnet.com/ *Start Page=http://www.dellnet.com/ »Local Machine *Default_Page_URL=http://www.dellnet.com/ *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=C:\WINDOWS\System32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.google.com.br/ *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *C:\Documents and Settings\tyriek\Start Menu\Programs\Startup\DESKTOP.INI *C:\Documents and Settings\tyriek\Start Menu\Programs\Startup\HotSync Manager.LNK »Default User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\DESKTOP.INI »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(2)\WINDO WS `[operating systems] `multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect *C:\msdos.sys *C:\config.sys *C:\WINDOWS\System32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\autoexec.bat *C:\WINDOWS\System32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 `%SystemRoot%\system32\vipx.exe `%SystemRoot%\system32\vlmsup.exe »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\System32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\System32\NOTEPAD.EXE *C:\WINDOWS\NOTEPAD.EXE +C:\WINDOWS\System32\TASKMAN.EXE *C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\System32\WINHLP32.EXE *C:\WINDOWS\WINHLP32.EXE »System/Drivers »Running Processes +0=<idle> +4=<system> +368=\SystemRoot\System32\smss.exe *C:\WINDOWS\System32\ntdll.dll +416=\??\C:\WINDOWS\system32\csrss.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\CSRSRV.dll *C:\WINDOWS\system32\basesrv.dll *C:\WINDOWS\system32\winsrv.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\KERNEL32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\sxs.dll +440=\??\C:\WINDOWS\system32\winlogon.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\NDdeApi.dll *C:\WINDOWS\system32\PROFMAP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\odbcint.dll *C:\WINDOWS\system32\SHSVCS.dll *C:\WINDOWS\system32\sfc.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\NWGINA.DLL *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\CALWIN32.DLL *C:\WINDOWS\system32\CLNWIN32.DLL *C:\WINDOWS\system32\LOCWIN32.DLL *C:\WINDOWS\system32\NCPWIN32.dll *C:\WINDOWS\system32\NETWIN32.DLL *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\CLXWIN32.DLL *C:\WINDOWS\System32\NLS\ENGLISH\NWGINAR.DLL *C:\WINDOWS\system32\WINSCARD.DLL *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\cscdll.dll *C:\WINDOWS\system32\WlNotify.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\sxs.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\wldap32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\RASAPI32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\cscui.dll *C:\WINDOWS\System32\NavLogon.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll +484=C:\WINDOWS\system32\services.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SCESRV.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\umpnpmgr.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\eventlog.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\Apphelp.dll +496=C:\WINDOWS\system32\lsass.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\LSASRV.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\SAMSRV.dll *C:\WINDOWS\system32\cryptdll.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\msprivs.dll *C:\WINDOWS\system32\kerberos.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\netlogon.dll *C:\WINDOWS\system32\w32time.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\netman.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\RASAPI32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\WZCSvc.DLL *C:\WINDOWS\system32\WMI.dll *C:\WINDOWS\system32\DHCPCSVC.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\schannel.dll *C:\WINDOWS\system32\wdigest.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\system32\nwv1_0.dll *C:\WINDOWS\system32\scecli.dll *C:\WINDOWS\system32\ipsecsvc.dll *C:\WINDOWS\system32\oakley.DLL *C:\WINDOWS\system32\WINIPSEC.DLL *C:\WINDOWS\system32\pstorsvc.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\psbase.dll *C:\WINDOWS\System32\dssenh.dll +660=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *c:\windows\system32\rpcss.dll *C:\WINDOWS\system32\msvcrt.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *c:\windows\system32\Secur32.dll *C:\WINDOWS\system32\userenv.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\netman.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\RASAPI32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\WZCSvc.DLL *C:\WINDOWS\system32\WMI.dll *C:\WINDOWS\system32\DHCPCSVC.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\netware\NWWS2NDS.DLL *C:\WINDOWS\system32\NETWIN32.DLL *C:\WINDOWS\system32\CLNWIN32.DLL *C:\WINDOWS\system32\LOCWIN32.DLL *C:\WINDOWS\system32\NCPWIN32.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\netware\NWWS2SLP.DLL *C:\WINDOWS\system32\NWSRVLOC.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\msv1_0.dll +684=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *c:\windows\system32\shsvcs.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\WINSTA.dll *c:\windows\system32\dhcpcsvc.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\netman.dll *c:\windows\system32\MPRAPI.dll *c:\windows\system32\ACTIVEDS.dll *c:\windows\system32\adsldpc.dll *c:\windows\system32\NETAPI32.dll *C:\WINDOWS\system32\WLDAP32.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\system32\OLEAUT32.dll *c:\windows\system32\rtutils.dll *c:\windows\system32\SAMLIB.dll *c:\windows\system32\SETUPAPI.dll *c:\windows\system32\RASAPI32.dll *c:\windows\system32\rasman.dll *c:\windows\system32\TAPI32.dll *c:\windows\system32\WINMM.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WZCSvc.DLL *c:\windows\system32\WMI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *c:\windows\system32\WTSAPI32.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\System32\rsaenh.dll *c:\windows\system32\termsrv.dll *c:\windows\system32\ICAAPI.dll *c:\windows\system32\AUTHZ.dll *c:\windows\system32\mstlsapi.dll *C:\WINDOWS\System32\REGAPI.dll *c:\windows\system32\irmon.dll *C:\WINDOWS\system32\USERENV.dll *c:\windows\system32\MSWSOCK.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\wshirda.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\System32\rastls.dll *C:\WINDOWS\System32\SCHANNEL.dll *C:\WINDOWS\System32\WinSCard.dll *C:\WINDOWS\System32\raschap.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *c:\windows\system32\schedsvc.dll *c:\windows\system32\NTDSAPI.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\MSIDLE.DLL *c:\windows\system32\audiosrv.dll *c:\windows\system32\wkssvc.dll *c:\windows\system32\qmgr.dll *C:\WINDOWS\system32\MPR.dll *c:\windows\system32\SHFOLDER.dll *c:\windows\system32\WINHTTP.dll *c:\windows\system32\cryptsvc.dll *c:\windows\system32\WINTRUST.dll *c:\windows\system32\certcli.dll *c:\windows\system32\CRYPTUI.dll *C:\WINDOWS\system32\WININET.dll *c:\windows\system32\ESENT.dll *c:\windows\system32\srvsvc.dll *c:\windows\pchealth\helpctr\binaries\pchsvc.dll *c:\windows\system32\es.dll *c:\windows\system32\ersvc.dll *c:\windows\system32\dmserver.dll *c:\windows\system32\seclogon.dll *c:\windows\system32\sens.dll *c:\windows\system32\srsvc.dll *c:\windows\system32\POWRPROF.dll *c:\windows\system32\tapisrv.dll *c:\windows\system32\PSAPI.DLL *c:\windows\system32\trkwks.dll *c:\windows\system32\w32time.dll *c:\windows\system32\MSVCP60.dll *C:\WINDOWS\System32\upnp.dll *C:\WINDOWS\System32\SSDPAPI.dll *c:\windows\system32\wbem\wmisvc.dll *c:\windows\system32\wbem\wbemcomn.dll *C:\WINDOWS\system32\VSSAPI.DLL *c:\windows\system32\mspmspsv.dll *c:\windows\system32\wuauserv.dll *c:\windows\system32\browser.dll *C:\WINDOWS\System32\wuaueng.dll *C:\WINDOWS\System32\ADVPACK.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\Cabinet.dll *C:\WINDOWS\System32\mspatcha.dll *C:\WINDOWS\System32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\System32\MSXML3.DLL *c:\windows\system32\rasmans.dll *c:\windows\system32\WINIPSEC.DLL *c:\windows\system32\netcfgx.dll *c:\windows\system32\CLUSAPI.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\rastapi.dll *C:\WINDOWS\system32\comsvcs.dll *C:\WINDOWS\system32\MTXCLU.DLL *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\colbact.DLL *C:\WINDOWS\System32\RESUTILS.DLL *C:\WINDOWS\System32\mtxoci.dll *C:\WINDOWS\System32\unimdm.tsp *C:\WINDOWS\System32\uniplat.dll *C:\WINDOWS\System32\unimdmat.dll *C:\WINDOWS\System32\modemui.dll *C:\WINDOWS\System32\kmddsp.tsp *C:\WINDOWS\System32\ndptsp.tsp *C:\WINDOWS\System32\ipconf.tsp *C:\WINDOWS\System32\h323.tsp *C:\WINDOWS\System32\hidphone.tsp *C:\WINDOWS\System32\HID.DLL *C:\WINDOWS\System32\rasppp.dll *C:\WINDOWS\System32\ntlsapi.dll *c:\windows\system32\ipnathlp.dll *c:\windows\system32\netshell.dll *c:\windows\system32\credui.dll *c:\windows\system32\HNetCfg.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\System32\Wbem\wbemcore.dll *C:\WINDOWS\System32\Wbem\esscli.dll *C:\WINDOWS\System32\Wbem\FastProx.dll *C:\WINDOWS\System32\wbem\wmiutils.dll *C:\WINDOWS\System32\wbem\repdrvfs.dll *C:\WINDOWS\System32\wbem\wmiprvsd.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\System32\wbem\wbemess.dll *c:\windows\system32\rasauto.dll *C:\WINDOWS\System32\icmp.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\RASDLG.dll *C:\WINDOWS\System32\wups.dll *C:\WINDOWS\System32\wbem\ncprov.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\netware\NWWS2NDS.DLL *C:\WINDOWS\System32\NETWIN32.DLL *C:\WINDOWS\System32\CLNWIN32.DLL *C:\WINDOWS\System32\LOCWIN32.DLL *C:\WINDOWS\System32\NCPWIN32.dll *C:\WINDOWS\system32\netware\NWWS2SLP.DLL *C:\WINDOWS\System32\NWSRVLOC.dll +808=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *c:\windows\system32\dnsrslvr.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\netman.dll *c:\windows\system32\MPRAPI.dll *c:\windows\system32\ACTIVEDS.dll *c:\windows\system32\adsldpc.dll *c:\windows\system32\NETAPI32.dll *C:\WINDOWS\system32\WLDAP32.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *c:\windows\system32\rtutils.dll *c:\windows\system32\SAMLIB.dll *c:\windows\system32\SETUPAPI.dll *c:\windows\system32\RASAPI32.dll *c:\windows\system32\rasman.dll *c:\windows\system32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *c:\windows\system32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WZCSvc.DLL *c:\windows\system32\WMI.dll *c:\windows\system32\DHCPCSVC.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *c:\windows\system32\WTSAPI32.dll *c:\windows\system32\WINSTA.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll +832=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *c:\windows\system32\lmhsvc.dll *C:\WINDOWS\system32\msvcrt.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\netman.dll *c:\windows\system32\MPRAPI.dll *c:\windows\system32\ACTIVEDS.dll *c:\windows\system32\adsldpc.dll *c:\windows\system32\NETAPI32.dll *C:\WINDOWS\system32\WLDAP32.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\system32\OLEAUT32.dll *c:\windows\system32\rtutils.dll *c:\windows\system32\SAMLIB.dll *c:\windows\system32\SETUPAPI.dll *c:\windows\system32\RASAPI32.dll *c:\windows\system32\rasman.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *c:\windows\system32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WZCSvc.DLL *c:\windows\system32\WMI.dll *c:\windows\system32\DHCPCSVC.DLL *c:\windows\system32\DNSAPI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *c:\windows\system32\WTSAPI32.dll *c:\windows\system32\WINSTA.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\webclnt.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\System32\wsock32.dll *c:\windows\system32\regsvc.dll *c:\windows\system32\ssdpsrv.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\uxtheme.dll +952=C:\WINDOWS\system32\LEXBCES.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\lex2kusb.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\SETUPAPI.dll +980=C:\WINDOWS\system32\spoolsv.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SPOOLSS.DLL *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\netman.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\RASAPI32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\WZCSvc.DLL *C:\WINDOWS\system32\WMI.dll *C:\WINDOWS\system32\DHCPCSVC.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\localspl.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\winspool.drv *C:\WINDOWS\system32\cnbjmon.dll *C:\WINDOWS\system32\LEXLMPM.DLL *C:\WINDOWS\system32\LexBce.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\FXSMON.DLL *C:\WINDOWS\system32\FXSEVENT.dll *C:\WINDOWS\system32\pjlmon.dll *C:\WINDOWS\system32\tcpmon.dll *C:\WINDOWS\system32\usbmon.dll *C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxarpp.dll *C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmpclnp p.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\netware\NWWS2NDS.DLL *C:\WINDOWS\system32\NETWIN32.DLL *C:\WINDOWS\system32\CLNWIN32.DLL *C:\WINDOWS\system32\LOCWIN32.DLL *C:\WINDOWS\system32\NCPWIN32.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\netware\NWWS2SLP.DLL *C:\WINDOWS\system32\NWSRVLOC.dll *C:\WINDOWS\system32\ndppnt.dll *C:\WINDOWS\system32\CALWIN32.DLL *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\CLXWIN32.DLL *C:\WINDOWS\system32\DPAWIN32.dll *C:\WINDOWS\system32\DPLWIN32.dll *C:\WINDOWS\system32\DPPWIN32.dll *C:\WINDOWS\system32\DPSWIN32.dll *C:\WINDOWS\system32\DPRPCW32.dll *C:\WINDOWS\system32\LZ32.dll *C:\WINDOWS\system32\DPLMW32.DLL *C:\WINDOWS\System32\NLS\ENGLISH\NDPPNTR.DLL *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\nwspool.dll *C:\WINDOWS\System32\NLS\ENGLISH\NWSPOOLR.DLL *C:\WINDOWS\system32\win32spl.dll *C:\WINDOWS\system32\NETRAP.dll *C:\WINDOWS\system32\inetpp.dll *C:\WINDOWS\system32\icmp.dll *C:\WINDOWS\System32\wshtcpip.dll +1084=C:\WINDOWS\System32\alg.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\MSWSOCK.DLL *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\netshell.dll *C:\WINDOWS\System32\credui.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\System32\netman.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\WZCSvc.DLL *C:\WINDOWS\System32\WMI.dll *C:\WINDOWS\System32\DHCPCSVC.DLL *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\wshtcpip.dll +1104=C:\Program Files\NavNT\defwatch.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\MSVCRT.dll +1136=C:\PROGRA~1\Iomega\System32\AppServices.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msvcrt.dll +1156=c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\psapi.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *c:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll +1168=C:\WINDOWS\System32\NALNTSRV.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\System32\LOCWIN32.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\NETWIN32.DLL *C:\WINDOWS\System32\CLNWIN32.DLL *C:\WINDOWS\System32\NCPWIN32.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\NLS\ENGLISH\NALNTRES.DLL *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll +1196=C:\Program Files\NavNT\rtvscan.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\NavNT\Dec2.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\Program Files\NavNT\Dec2ARJ.dll *C:\Program Files\NavNT\Dec2ID.dll *C:\Program Files\NavNT\Dec2LHA.dll *C:\Program Files\NavNT\SymLHA.dll *C:\Program Files\NavNT\Dec2LZ.dll *C:\Program Files\NavNT\Dec2MIME.dll *C:\Program Files\NavNT\Dec2Zip.dll *C:\Program Files\NavNT\Dec2AMG.dll *C:\Program Files\NavNT\SYMAMG32.DLL *C:\Program Files\NavNT\Dec2UUE.dll *C:\Program Files\NavNT\Dec2SS.dll *C:\Program Files\NavNT\Dec2RTF.dll *C:\WINDOWS\system32\CBA.DLL *C:\WINDOWS\system32\MsgSys.dll *C:\WINDOWS\system32\NTS.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\MSWSOCK.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\PDS.DLL *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\CTL3D32.dll *C:\WINDOWS\system32\WINMM.dll *C:\Program Files\NavNT\NAVLU.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\NavNT\NAVNTUTL.DLL *C:\WINDOWS\System32\SFC.DLL *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\System32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\Program Files\NavNT\i2ldvp3.dll *C:\Program Files\NavNT\NAVAPI32.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050119.041\NAVEX32a.DLL *C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050119.041\NAVENG32.DLL *C:\Program Files\NavNT\NAVAP32.DLL *C:\WINDOWS\System32\amslib.dll *C:\WINDOWS\System32\loc32vc0.dll *C:\WINDOWS\system32\VERSION.dll +1240=C:\WINDOWS\System32\nvsvc32.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll +1320=C:\WINDOWS\wanmpsvc.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\netman.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\RASAPI32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\WZCSvc.DLL *C:\WINDOWS\system32\WMI.dll *C:\WINDOWS\system32\DHCPCSVC.DLL *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\SHFOLDER.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll +1404=C:\WINDOWS\system32\fxssvc.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\FXSEVENT.dll *C:\WINDOWS\system32\FXSTIFF.dll *C:\WINDOWS\system32\FXSAPI.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\fxst30.dll *C:\WINDOWS\system32\fxsroute.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\System32\wshtcpip.dll +1972=C:\WINDOWS\System32\MsgSys.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\System32\NTS.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\MSWSOCK.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\CBA.DLL *C:\WINDOWS\System32\MsgSys.dll *C:\WINDOWS\System32\PDS.DLL *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\System32\netman.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\WZCSvc.DLL *C:\WINDOWS\System32\WMI.dll *C:\WINDOWS\System32\DHCPCSVC.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\netware\NWWS2NDS.DLL *C:\WINDOWS\System32\NETWIN32.DLL *C:\WINDOWS\System32\CLNWIN32.DLL *C:\WINDOWS\System32\LOCWIN32.DLL *C:\WINDOWS\System32\NCPWIN32.dll *C:\WINDOWS\system32\netware\NWWS2SLP.DLL *C:\WINDOWS\System32\NWSRVLOC.dll *C:\WINDOWS\System32\rasadhlp.dll +620=C:\WINDOWS\Explorer.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\BROWSEUI.dll *C:\WINDOWS\System32\SHDOCVW.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\System32\themeui.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\MSIMG32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\System32\msutb.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\LINKINFO.dll *C:\WINDOWS\System32\ntshrui.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\mlang.dll *C:\WINDOWS\System32\mshtml.dll *C:\WINDOWS\system32\WININET.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\RASAPI32.DLL *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\sensapi.dll *c:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll *C:\WINDOWS\System32\shdoclc.dll *C:\WINDOWS\System32\SETUPAPI.dll *c:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll *C:\antispyware\microsoft antispyware\shellextension.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\System32\mslbui.dll *C:\WINDOWS\System32\wsock32.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\msimtf.dll *C:\WINDOWS\System32\webcheck.dll *C:\WINDOWS\System32\stobject.dll *C:\WINDOWS\System32\BatMeter.dll *C:\WINDOWS\System32\POWRPROF.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\ime\sptip.dll *c:\Program Files\Common Files\Microsoft Shared\Ink\PENUSA.DLL *C:\WINDOWS\System32\MSLS31.DLL *C:\WINDOWS\System32\wdmaud.drv *C:\WINDOWS\System32\msacm32.drv *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\System32\midimap.dll *C:\WINDOWS\system32\NETSHELL.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\netman.dll *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\WZCSvc.DLL *C:\WINDOWS\system32\WMI.dll *C:\WINDOWS\system32\DHCPCSVC.DLL *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\System32\printui.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\CFGMGR32.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\fxsst.dll *C:\WINDOWS\System32\FXSAPI.dll *C:\WINDOWS\System32\NOVNPNT.DLL *C:\WINDOWS\System32\CALWIN32.DLL *C:\WINDOWS\System32\CLNWIN32.DLL *C:\WINDOWS\System32\LOCWIN32.DLL *C:\WINDOWS\System32\NCPWIN32.dll *C:\WINDOWS\System32\NETWIN32.DLL *C:\WINDOWS\System32\CLXWIN32.DLL *C:\WINDOWS\System32\MAPBASE.dll *C:\WINDOWS\System32\NWSHLXNT.dll *C:\WINDOWS\System32\NLS\ENGLISH\MAPBASER.DLL *C:\WINDOWS\System32\NLS\ENGLISH\NWSHLXNR.DLL *C:\WINDOWS\System32\NLS\ENGLISH\NOVNPNTR.DLL *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\davclnt.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\browselc.dll *C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx *C:\Program Files\Microsoft Money\System\mnyviewer.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\System32\DUSER.dll *C:\WINDOWS\System32\MSGINA.dll *C:\WINDOWS\System32\ODBC32.dll *C:\WINDOWS\System32\odbcint.dll *c:\Program Files\Microsoft Office\Office10\msohev.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\netware\NWWS2NDS.DLL *C:\WINDOWS\system32\netware\NWWS2SLP.DLL *C:\WINDOWS\System32\NWSRVLOC.dll *c:\windows\system32\jscript.dll *C:\WINDOWS\System32\wintrust.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\schannel.dll *C:\WINDOWS\System32\rsaenh.dll *C:\WINDOWS\System32\dssenh.dll *C:\WINDOWS\System32\mshtmled.dll *C:\WINDOWS\System32\macromed\flash\Flash.ocx *C:\WINDOWS\System32\Macromed\Common\SwSupport.dll *c:\windows\system32\vbscript.dll *C:\WINDOWS\SYSTEM32\Drivers\Dadkeyb.dll *C:\WINDOWS\System32\ftpshext.dll *C:\WINDOWS\System32\mydocs.dll *C:\WINDOWS\System32\ddrawex.dll *C:\WINDOWS\System32\DDRAW.dll *C:\WINDOWS\System32\DCIMAN32.dll *C:\WINDOWS\System32\zipfldr.dll +1064=C:\WINDOWS\System32\RUNDLL32.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\NvQTwk.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\System32\nvgfx.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\netapi32.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\COMRes.dll +1192=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\MSCTF.dll +1120=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\SynTPAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\SynTPFcs.dll +1256=C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\SYSTEM32\Drivers\Dadkeyb.dll +1288=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\CDUDFLIB.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\UDFRWLIB.dll *C:\WINDOWS\System32\SHFOLDER.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\oledlg.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\OLEPRO32.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\LINKINFO.dll *C:\WINDOWS\System32\ntshrui.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\mslbui.dll +1188=C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\MSCTF.dll +1304=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\MSCTF.dll +1292=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\p rintray.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PrinTr ay.dll *C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXARIC O.DLL *C:\WINDOWS\System32\SynTPFcs.dll +1500=C:\WINDOWS\System32\dpmw32.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\DPLMW32.DLL *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\DPLWIN32.dll *C:\WINDOWS\System32\DPAWIN32.dll *C:\WINDOWS\System32\NETWIN32.DLL *C:\WINDOWS\System32\CLNWIN32.DLL *C:\WINDOWS\System32\LOCWIN32.DLL *C:\WINDOWS\System32\NCPWIN32.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\DPRPCW32.dll *C:\WINDOWS\System32\DPPWIN32.dll *C:\WINDOWS\System32\DPSWIN32.dll *C:\WINDOWS\system32\LZ32.dll *C:\WINDOWS\System32\CLXWIN32.DLL *C:\WINDOWS\System32\CALWIN32.DLL *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\DNSAPI.dll *C:\WINDOWS\System32\iphlpapi.dll *C:\WINDOWS\System32\netman.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\WZCSvc.DLL *C:\WINDOWS\System32\WMI.dll *C:\WINDOWS\System32\DHCPCSVC.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\netware\NWWS2NDS.DLL *C:\WINDOWS\system32\netware\NWWS2SLP.DLL *C:\WINDOWS\System32\NWSRVLOC.dll *C:\WINDOWS\System32\rasadhlp.dll +1572=C:\WINDOWS\System32\NWTRAY.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\System32\NOVNPNT.DLL *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\System32\CALWIN32.DLL *C:\WINDOWS\System32\CLNWIN32.DLL *C:\WINDOWS\System32\LOCWIN32.DLL *C:\WINDOWS\System32\NCPWIN32.dll *C:\WINDOWS\System32\NETWIN32.DLL *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\CLXWIN32.DLL *C:\WINDOWS\System32\MAPBASE.dll *C:\WINDOWS\System32\NWSHLXNT.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\NLS\ENGLISH\MAPBASER.DLL *C:\WINDOWS\System32\NLS\ENGLISH\NWSHLXNR.DLL *C:\WINDOWS\System32\NLS\ENGLISH\NOVNPNTR.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\System32\MSCTF.dll +1588=C:\Program Files\QuickTime\qttask.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\QuickTime.qts *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WININET.DLL *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\ddraw.dll *C:\WINDOWS\System32\DCIMAN32.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeAuthoring.qtx *C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeEssentials .qtx *C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeInternetEx tras.qtx *C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeMPEG.qtx *C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeMPEG4.qtx *C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeStreaming.qtx *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeStreamingE xtras.qtx *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll +1596=C:\Program Files\Common Files\Real\Update_OB\realsched.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\MSCTF.dll +1612=C:\Program Files\SealedMedia\sealmon.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\wininet.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\OLE32.DLL *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\System32\MSCTF.dll +1620=C:\Program Files\NavNT\vptray.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\Program Files\NavNT\Cliproxy.dll *C:\WINDOWS\System32\CTL3D32.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\Secur32.dll *C:\Program Files\NavNT\NAVNTUTL.DLL *C:\WINDOWS\System32\SXS.DLL *C:\Program Files\NavNT\Cliscan.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\SFC.DLL *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\System32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll +1628=C:\antispyware\microsoft antispyware\gcasServ.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\System32\MSVBVM60.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\antispyware\microsoft antispyware\gcAntiSpywareLibrary.dll *C:\WINDOWS\System32\ShFolder.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\wininet.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\System32\RASAPI32.DLL *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\NETAPI32.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\rtutils.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\sensapi.dll *C:\WINDOWS\system32\USERENV.dll +1636=C:\WINDOWS\System32\ctfmon.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\MSUTB.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll +1776=C:\Program Files\Handspring\HOTSYNC.EXE *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\Handspring\CMDS21.dll *C:\Program Files\Handspring\HSLOG20.dll *C:\Program Files\Handspring\PalmCmn.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\WINDOWS\System32\MSVCIRT.dll *C:\Program Files\Handspring\CONDMGR.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\Program Files\Handspring\SYNC20.dll *C:\Program Files\Handspring\INSTAIDE.dll *C:\Program Files\Handspring\Subs30.dll *C:\WINDOWS\System32\MFC42.DLL *C:\Program Files\Handspring\UserData.dll *C:\Program Files\Handspring\VFSAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll *C:\Program Files\Handspring\USBTransport.dll *C:\Program Files\Handspring\USBPort.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshirda.dll +1672=C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll +2308=C:\antispyware\microsoft antispyware\gcasDtServ.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\MSVBVM60.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\antispyware\microsoft antispyware\gcAntiSpywareLibrary.dll *C:\WINDOWS\System32\GCCollection.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\rasapi32.dll *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\hashlib.dll +2388=C:\WINDOWS\System32\wuauclt.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\COMCTL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\wuaucpl.cpl *C:\WINDOWS\System32\SHFOLDER.dll *C:\WINDOWS\System32\wuaueng.dll *C:\WINDOWS\System32\ADVPACK.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\ESENT.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\WINHTTP.dll *C:\WINDOWS\System32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\System32\Cabinet.dll *C:\WINDOWS\System32\mspatcha.dll *C:\WINDOWS\System32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *C:\WINDOWS\System32\MSIMG32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\wups.dll *C:\WINDOWS\System32\wucltui.dll +3220=C:\antispyware\StartDreck\StartDreck.exe *C:\WINDOWS\System32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\antispyware\StartDreck\VB40032.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\System32\MSVCRT20.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSVCRT.DLL *C:\WINDOWS\System32\OLEPRO32.DLL *C:\antispyware\StartDreck\VB4DE32.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\System32\SynTPFcs.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\antispyware\StartDreck\PSAPI.DLL *C:\WINDOWS\System32\mslbui.dll »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User Posted by: MicroBell TYRIEK: This log is also clean. For your updates just visit MS's update page...and it should ask you to update both XP and IE. Service pack 1 won't need installed as SP2 is a combination of it..and the new firewall and security fixs. Anyway...back to your log...just try a few tools and see what they pick up. Download [b]Silent runners.Vbs[/b] [url]http://www.silentrunners.org/[/url] 1. Make sure you have any script blocking software disabled 2. Run the program. It will take a few minutes to complete. 3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post. Download and unzip [url]http://castlecops.com/zx/Zupe/Find%20It%20NT-2K-XP.zip[/url] Double-click on find.bat inside the folder to run it. It should run for a while, then open a text document. Please copy and paste the contents of that document here. Download[b] Find-qoologic.zip[/b] from my attachment here. [url]http://www.techsupportforum.com/showthread.php?t=31271&page=2[/url] 1. Unzip (It must be unzipped) the files to a folder on your desktop. 2. Open the qoologic folder, run qoologic.bat from there and wait for it to finish. 3. It will take awhile so wait until the dos window disappears and disk activity stops. 4. Then open the text file it created… found here c:\log.txt and paste the contents into your next post. Download [b]DLLCompare[/b] [url]http://www.greyknight17.com/spy/DllCompare.exe[/url] Please put it in a folder on the root drive (C:\) Click the [b]Run locate.com[/b] button When the scan is complete click the [b]Compare[/b] button. It will sort through the files it found and determine which should be flagged as "No access" and display them in the lower box. In a few minutes it will complete. Click the button [b]Make a Log of what was Found[/b] Post that log. [color=red]**Note** Only if you get an error after pressing Run Locate.com: Copy [b]autoexec.nt[/b] from c:\windows\repair\ folder to c:\windows\system32\ folder..[/color] Post ALL those logs. Posted by: mantis Microbell, Thanks for your response. Unfortunately, my browser locks up when I try to open the link you've listed for downloading "Find-qoologic.zip. Can you provide me with a link to the actual file instead of the page? In the meantime, I'll run the other items you've asked for. Thanks, m Posted by: mantis Microbell, Below are the four reports you've asked for. Please disregard my request for help to download Find-Qoologic.zip. I found a way to get the file. I'm looking forward to receiving your instructions about what to do next. Please be aware that I have not yet downloaded the Microsoft updates. Thanks for your help, mantis REPORT FOR: SILENTRUNNERS "Silent Runners.vbs", revision 30 Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "SureCleanProfessional" = ""C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "TCASUTIEXE" = "TCAUDIAG -off" [empty string] "DadApp" = "C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe" [null data] "MoneyStartUp10.0" = ""C:\Program Files\Microsoft Money\System\Activation.exe"" [MS] "AdaptecDirectCD" = ""C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"] "Lexmark X73 Button Monitor" = "C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" ["Silitek Corp."] "Lexmark X73 Button Manager" = "C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" ["Jetsoft Development Company"] "PrinTray" = " C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printra y.exe" ["Lexmark"] "NDPS" = "C:\WINDOWS\System32\dpmw32.exe" [null data] "NWTRAY" = "NWTRAY.EXE" ["Novell, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot" ["RealNetworks, Inc."] "Synchronization Manager" = "C:\WINDOWS\system32\mobsync.exe /logon" [MS] "sealmon" = "C:\Program Files\SealedMedia\sealmon.exe" ["SealedMedia"] "vptray" = "C:\Program Files\NavNT\vptray.exe" ["Symantec Corporation"] "gcasServ" = ""C:\antispyware\microsoft antispyware\gcasServ.exe"" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "6 Months of AOL Included" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll" ["America Online, Inc."] "{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"] "{AF8DE18D-9065-4102-BC40-EB294A95BB07}" = "Novell Connections" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nwshlxnt.dll" ["Novell, Inc."] "{04c23aa0-3d34-11d2-b788-008029605ac7}" = "NDPS Shell Extension" -> {CLSID}\InProcServer32\(Default) = "ndpsprop.dll" [empty string] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshellext.dll" ["RealNetworks"] "{D508094D-53A2-11D7-935D-000AE6309654}" = "Panicware, Inc. SureClean Recycle Bin" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Panicware\SureClean Professional\pwinssd.dll" [file not found] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "GinaDLL" = "NWGINA.DLL" ["Novell, Inc."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! "NavLogon\DLLName" = "C:\WINDOWS\System32\NavLogon.dll" [null data] Startup items in "tyriek" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\tyriek\Start Menu\Programs\Startup "HotSync Manager" -> shortcut to: "C:\Program Files\Handspring\HOTSYNC.EXE" ["Palm, Inc."] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] "{4022C93B-4FB0-43AD-9C75-652FB3D93351}_TYRIEK_tyriek" -> launches: "C:\WINDOWS\system32\MOBSYNC.EXE /Schedule="{4022C93B-4FB0-43AD-9C75-652FB3D93351}_TYRIEK_tyriek"" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ DefWatch, DefWatch, "C:\Program Files\NavNT\defwatch.exe" ["Symantec Corporation"] Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS] Iomega App Services, Iomega App Services, ""C:\PROGRA~1\Iomega\System32\AppServices.exe"" ["Iomega Corporation"] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Machine Debug Manager, MDM, ""c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] Norton AntiVirus Client, Norton AntiVirus Server, "C:\Program Files\NavNT\rtvscan.exe" ["Symantec Corporation"] Novell Application Launcher, NALNTSERVICE, "C:\WINDOWS\System32\NALNTSRV.EXE" ["Novell, Inc."] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- REPORT FOR: FIND IT NT-2K-XP Warning! This utility will find legitimate files in addition to malware. Do not remove anything unless you are sure you know what you're doing. Find.bat is running from: C:\Documents and Settings\tyriek\Desktop\scanspyware\2005-02-01\find it nt-2k-xp ------- System Files in System32 Directory ------- Volume in drive C has no label. Volume Serial Number is 4453-BF83 Directory of C:\WINDOWS\System32 01/28/2005 05:20 PM <DIR> DLLCACHE 05/06/2002 12:16 AM <DIR> Microsoft 0 File(s) 0 bytes 2 Dir(s) 2,653,802,496 bytes free ------- Hidden Files in System32 Directory ------- Volume in drive C has no label. Volume Serial Number is 4453-BF83 Directory of C:\WINDOWS\System32 01/28/2005 05:20 PM <DIR> DLLCACHE 08/30/2001 11:29 PM 488 logonui.exe.manifest 08/30/2001 11:29 PM 488 WindowsLogon.manifest 08/30/2001 11:29 PM 749 nwc.cpl.manifest 08/30/2001 11:29 PM 749 sapi.cpl.manifest 08/30/2001 11:29 PM 749 ncpa.cpl.manifest 08/30/2001 11:29 PM 749 wuaucpl.cpl.manifest 08/30/2001 11:29 PM 749 cdplayer.exe.manifest 7 File(s) 4,721 bytes 1 Dir(s) 2,653,802,496 bytes free ------------ Files Named "Guard" --------------- Volume in drive C has no label. Volume Serial Number is 4453-BF83 Directory of C:\WINDOWS\System32 ------ Temp Files in System32 Directory ------ Volume in drive C has no label. Volume Serial Number is 4453-BF83 Directory of C:\WINDOWS\System32 08/17/2001 06:00 PM 2,577 CONFIG.TMP 1 File(s) 2,577 bytes 0 Dir(s) 2,653,798,400 bytes free ------------------ User Agent ---------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Internet Settings\User Agent\Post Platform] ------------- Keys Under Notify ------------- REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] "DllName"="C:\\WINDOWS\\System32\\NavLogon.dll" "Logoff"="NavLogoffEvent" "StartShell"="NavStartShellEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ------------- Locate.com Results ------------- No matches found. -------- Strings.exe Qoologic Results -------- C:\WINDOWS\SYSTEM32\pav.sig: Qoologic C:\WINDOWS\SYSTEM32\pav.sig: Qoologic --------- Strings.exe Aspack Results --------- C:\WINDOWS\SYSTEM32\pav.sig: AsPack -------------- HKLM Run Key ---------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "TCASUTIEXE"="TCAUDIAG -off" "DadApp"="C:\\WINDOWS\\SYSTEM32\\Drivers\\dadapp.exe" "MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\"" "AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "Lexmark X73 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X73.exe" "Lexmark X73 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X73.exe" "PrinTray"=" C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ printray.exe" "NDPS"="C:\\WINDOWS\\System32\\dpmw32.exe" "NWTRAY"="NWTRAY.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe -osboot" "Synchronization Manager" =hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73, 79,\ 73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78 ,65,20,2f,6c,6f,67,6f,6e,\ 00 "sealmon"="C:\\Program Files\\SealedMedia\\sealmon.exe" "vptray"="C:\\Program Files\\NavNT\\vptray.exe" "gcasServ"="\"C:\\antispyware\\microsoft antispyware\\gcasServ.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run\OptionalComponents\MSFS] "Installed"="1" REPORT FOR: FIND-QOOLOGIC C:\Documents and Settings\tyriek\Desktop\scanspyware\2005-02-01\qoologic PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\SYSTEM32\pav.sig: Qoologic C:\WINDOWS\SYSTEM32\pav.sig: Qoologic C:\WINDOWS\SYSTEM32\pav.sig: AsPack Files Found in all users startup Folder............ ------------------------ REPORT FOR: DLL COMPARE * DLLCompare Log version(1.0.0.125) Files Found that Windows does not See or cannot Access *Not everything listed here means you are infected! ________________________________________________ O^E says: "There were no files found :)" ________________________________________________ 1,426 items found: 1,426 files, 0 directories. Total of file sizes: 242,747,274 bytes 231.50 M Administrator Account = True --------------------End log--------------------- Posted by: MicroBell mantis: Unfortunatly these log's are also clean. I don't think your issue is releated to spyware on the PC. I think at this point we should check for a trojan. Download TDS-3 from here...[url]http://tds.diamondcs.com.au/[/url] Update it's database and run a FULL system scan. Delete any trojans found in the bottom window. I would also put your XP CD in the drive and from the run command type... sfc /scannow. This will check the OS for missing or corrupt windows files. Consider updateing at least IE to Sp2 and see if that helps. You may need to reinstall IE6. Posted by: mantis Hi Microbell, Thanks for your help. Here’s an update. I’ll start with something I’ve observed recently that seems important. When my computer slows down and I check Windows Task Manager and look under the “Processes” tab, sometimes “EXPLORER.EXE” is using 98% or 99% of the CPU. It’s not always “IEXPLORER.EXE” that’s doing this, although it does it too as I reported initially. Maybe this new information adds a useful perspective to the problem. Now, on to the things you told me to do. TDS-3: I ran a full system scan with this program & it found approximately 10 “dual extensions” files. All of these are Microsoft Word documents or other MS Office documents that I transferred to my machine from colleagues. I did not attempt to remove or alter these files because the report didn’t identify them as Trojans. Please tell me if I should alter or delete them. If so, please tell me if this requires me to rerun the scan or if it’s possible to retrieve them through some form of a scan history feature in TDS-3. Here's the program's report: 21:24:25 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 21:24:25 [Init] Started 01-02-05 21:24:25 Eastern Standard Time (UTC: 5), Internet Time @1141.96 21:24:25 [Init] Loading TDS-3 Systems ... 21:24:25 [Init] Token successfully adjusted. 21:24:25 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 21:24:26 [Init] • Plugins : OK. Loaded 13 21:24:26 [Init] • Exec Protection : Not Installed 21:24:26 [Init] WARNING: Your Radius.TD3 database needs to be updated! 21:24:26 [Init] Please download the latest from [url]http://tds.diamondcs.com.au/radius.td3[/url] 21:24:26 [Init] Licensed users can use the Update facility from the TDS menu 21:24:26 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 21:24:43 [Init] Started - verifying 29 files ... 21:25:03 [Init] Test finished. 21:27:30 [Init] Memory scan started, please wait a moment ... 21:27:32 [Init] Memory scan complete. 21:27:32 [Init] Started... 21:27:34 [Init] Finished (no trojan mutexes found). 21:27:34 [Init] Started... 21:27:45 [Init] Finished. 21:27:45 [Init] Scanning for services and drivers ... 21:28:07 [Init] Scanned 326 services and drivers. 21:28:07 [Init] Scanning in A:\ ... 21:28:08 [Init] Scanned 0 files: 0 alarms in 1.046875 seconds (Avg 1. files/sec) 21:28:08 [Init] Scanning in C:\ ... 01:13:23 [Init] Scanned 110044 files: 14 alarms in -72884.42 seconds (Avg -.51 files/sec) 01:13:23 [Init] Scanning in D:\ ... 01:13:23 [Init] Scanned 0 files: 14 alarms in 0 seconds (Avg -1.#IND files/sec) 01:13:23 [Init] Finished. 01:13:25 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 01:13:26 [Init] • Systems Initialised [45726 references - 21681 primaries/11902 traces/12143 variants/other] 01:13:26 [Init] Radius Systems loaded. <Databases updated 01-02-2005> 01:13:26 [Init] TDS-3 Ready. <Tyriek@127.0.0.1 - United States> 01:13:26 [Tip Of The Day] Press F5 to join licensed TDS-3 Operators and DiamondCS staff in the DiamondCS Discussion Forum! 01:13:26 [TDS] Good morning Tyriek. What are you doing up at this time? 01:13:37 [Mutex Memory Scan] Started... 01:13:41 [Mutex Memory Scan] Finished (no trojan mutexes found). 01:13:41 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. sfc /scannow: I ran this command, and it completed the scan without prompting me to do anything during or after the scan. Can I assume this means that it’s fine? I should note that I ran it twice: first without the Windows XP CD and the second time with it. In both cases, it did not refer to the CD, so I assume that it ran a check against some files on the hard drive. But I’m not sure about this. Updating Internet Explorer 6 to Service Pack 2: I checked Microsoft’s online “Windows Updates” and found “Cumulative Security Update for Internet Explorer 6 (KB834707) listed, which appears to be the Service Pack 2 update for the browser. I will download and install this update. Service Pack 2 for Windows XP: My computer appears to have both Service Pack 1 and 2 installed for the operating system but, obviously, they’re out of date. Reinstalling Internet Explorer 6: Can you advise me on this? I assume that I should do this from the installation CD. That seems obvious enough. However, can you tell me what I should back up, if anything? For example, will the installation overwrite my bookmarks and browser settings? Is it possible to use a tool to save these somewhere so I can insert them after the reinstallation, or do I have to do this manually? That covers everything I can think of. Thanks again for your diligent help. I look forward to your reply. Sincerely, m Posted by: MicroBell Did you remove those 14 alarms that TDS-3 detected. The log I was looking for is called scandump.log. This lists the trojans found in the bottom window. I need that log. Posted by: mantis I didn't remove the 14 alarms because the report didn't identify them as trojans. Please take a look at what I wrote below and advise me from there: I ran a full system scan with this program & it found approximately 10 “dual extensions” files. All of these are Microsoft Word documents or other MS Office documents that I transferred to my machine from colleagues. I did not attempt to remove or alter these files because the report didn’t identify them as Trojans. Please tell me if I should alter or delete them. If so, please tell me if this requires me to rerun the scan or if it’s possible to retrieve them through some form of a scan history feature in TDS-3. Thanks again. Posted by: MicroBell Leave the 10 dual extensions files alone. TSD-3 tags these as well as trojans. What were the other 4 files? Here is a link on how to reinstall/repair IE6...[url]http://support.microsoft.com/default.aspx?kbid=318378[/url] Also make sure your winsock layer is not an issue. Download and run this file... Download [url=http://www.greyknight17.com/spy/Winsock2Fix.zip][b]Winsock2Fix[/b][/url] and unzip it. Then double-click on it to run it. Posted by: mantis Microbell, I've run the TDS-3 scan again. All 14 files are listed as "suspicious" because they have "dual extensions". The tool has found no trojans and it has not created a report called "scandump.log" or any other report. If you would like this report, please tell me how to create it. I looked through the help tool and the menu options but didn't see any commands like this. As for Winsock2Fix, I ran it and it asked permission to change two registry keys, which I changed after I saved a backup of the registry with this program. I have not reinstalled / repaired Internet Explorer yet. Please tell me if I should do so at this point. Please tell me if I should go ahead with this before we have isolated everything else. I'm don't know if this information is important, but I will add it as a final note. Some other items seemed to consume all (98% or 99%) of the CPU's resources recently based on the Windows Task Manager view. This is occasional, not something that happens often. These include: RUN32.dll Synchronization Manager Disk Clean-up I Posted by: mantis Hi Microbell, I'm going to try to reinstall / repair Internet Explorer by the end of Wednesday. Unfortunately, I have filled my hard drive, so I have to back-up some things in order to have enough space to do the installation. I'll be back to report results to you by Wednesday. Thanks again. vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |