|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 IE problem - HiJackThis logfile(Click here to view the original thread with full colors/images)Posted by: amiskyy I have a problem described in topic: [url]http://www.tech-forums.net/showthread.php?threadid=46381[/url] and I was advised to run HiJackThis. Here is the logfile: Logfile of HijackThis v1.99.1 Scan saved at 10:47:34, on 13.3.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\Rar$EX01.405\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yle.fi/[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = (DO NOT OBSERVE THIS - CHANGED) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = (DO NOT OBSERVE THIS) R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SSH Accession.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE919EC-F4D0-457E-A0B3-1A1DD4A981AE}: NameServer = (DO NOT OBSERVE THIS - CHANGED) O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ("DO NOT OBSERVE THIS - CHANGED") O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = (DO NOT OBSERVE THIS - CHANGED) O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Thank you! -amiskyy Posted by: MicroBell [color=blue][b]Before attacking an adware/spyware problem with hijackthis make sure you have already run[color=red] ad-aware SE[/color] with [color=red]VX2[/color] add-on cleaner, [color=red]Spybot Search & Destroy[/color] (with updated database) and [color=red]CWShredder[/color] as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..[/color][/b] Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) [b]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yle.fi/[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = (DO NOT OBSERVE THIS - CHANGED) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = (DO NOT OBSERVE THIS) R3 - Default URLSearchHook is missing O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE919EC-F4D0-457E-A0B3-1A1DD4A981AE}: NameServer = (DO NOT OBSERVE THIS - CHANGED) O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ("DO NOT OBSERVE THIS - CHANGED") O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = (DO NOT OBSERVE THIS - CHANGED[/b] Reboot back to normal mode and post another log. Posted by: amiskyy Thank you for helping me! I used all those suggested programs and no spywares etc. were found. Like I thought. And I'm really sorry about those "do not observe this" signs if they caused any misunderstandings. I wrote them due to privacy :o Those should be 100% ok otherwise I could not be able to use my network. So they are set ups from my network administration. Here is the new logfile: Logfile of HijackThis v1.99.1 Scan saved at 18:07:42, on 13.3.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\Rar$EX00.452\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yle.fi/[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = (DO NOT OBSERVE THIS) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = (DO NOT OBSERVE THIS) R3 - Default URLSearchHook is missing ( I DELETED THIS REGISTERY KEY by accident) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SSH Accession.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FBE919EC-F4D0-457E-A0B3-1A1DD4A981AE}: NameServer = ( DO NOT OBSERVE THIS) O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ( DO NOT OBSERVE THIS) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ( DO NOT OBSERVE THIS) O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Posted by: MicroBell Never modify a log that an analyst requests please. If the information is that critical.....then this issue should be addressed with your network admin. Lets look deeper.. DO NOT modify this log! Download: [URL=http://www.niksoft.at/php/dl.php?f=startdreck.zip ][b]StartDreck[/b][/URL] Unzip to its own folder and start the program: Press 'Config' Press 'Mark All' UN-Check the 'NT-Services & NT-Kernel...' boxes only: Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread.. Posted by: amiskyy Here is the StartDreck logfile: (I hope this is what you mean) StartDreck (build 2.1.7 public stable) - 2005-03-14 @ 15:43:29 (GMT +02:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as MYCOMPUTER at NAMELESS »Registry »Run Keys »Current User »Run *CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe *MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit »RunOnce »Default User »Run *CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE »RunOnce »Local Machine »Run *F-Secure Manager="C:\Program Files\F-Secure\Common\FSM32.EXE" /splash *F-Secure TNB="C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW *DAEMON Tools-1033="C:\Program Files\D-Tools\daemon.exe" -lang 1033 *NeroCheck=C:\WINDOWS\system32\NeroCheck.exe *SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe *NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup *nwiz=nwiz.exe /install *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit *anvshell=anvshell.exe *LiveNote=livenote.exe *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot *gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} *StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe »Browser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll »Internet Explorer »Current User *Local Page=C:\WINDOWS\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.yle.fi/ +SearchUrl *provider= »Default User »Local Machine *Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=%SystemRoot%\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *C:\Documents and Settings\MYCOMPUTER\Start Menu\Programs\Startup\desktop.ini »Default User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini »Local Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SSH Accession.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(1)\WINDO WS `[operating systems] `multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 *C:\autoexec.bat *C:\WINDOWS\system32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 *C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *C:\WINDOWS\system32\win.com *C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\notepad.exe *C:\WINDOWS\notepad.exe +C:\WINDOWS\system32\slrundll.exe *C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\taskman.exe *C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\winhlp32.exe *C:\WINDOWS\winhlp32.exe »System/Drivers »Running Processes +0=<idle> +4=<system> +480=\SystemRoot\System32\smss.exe *C:\WINDOWS\system32\ntdll.dll +536=\??\C:\WINDOWS\system32\csrss.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\CSRSRV.dll *C:\WINDOWS\system32\basesrv.dll *C:\WINDOWS\system32\winsrv.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\KERNEL32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\sxs.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\VERSION.dll +560=\??\C:\WINDOWS\system32\winlogon.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\NDdeApi.dll *C:\WINDOWS\system32\PROFMAP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\odbcint.dll *C:\WINDOWS\system32\SHSVCS.dll *C:\WINDOWS\system32\sfc.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\WINSCARD.DLL *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\sxs.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\cscdll.dll *C:\WINDOWS\system32\WlNotify.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\wldap32.dll *C:\WINDOWS\system32\cscui.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll +604=C:\WINDOWS\system32\services.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SCESRV.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\umpnpmgr.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\system32\eventlog.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\wtsapi32.dll +616=C:\WINDOWS\system32\lsass.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\LSASRV.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SAMSRV.dll *C:\WINDOWS\system32\cryptdll.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\msprivs.dll *C:\WINDOWS\system32\kerberos.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\netlogon.dll *C:\WINDOWS\system32\w32time.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\schannel.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\wdigest.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\setupapi.dll *C:\WINDOWS\system32\scecli.dll *C:\WINDOWS\system32\ipsecsvc.dll *C:\WINDOWS\system32\AUTHZ.dll *C:\WINDOWS\system32\oakley.DLL *C:\WINDOWS\system32\WINIPSEC.DLL *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\pstorsvc.dll *C:\WINDOWS\system32\psbase.dll *C:\WINDOWS\system32\dssenh.dll +768=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\SAMLIB.dll *c:\windows\system32\rpcss.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\xpsp2res.dll *c:\windows\system32\termsrv.dll *c:\windows\system32\ICAAPI.dll *c:\windows\system32\SETUPAPI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *c:\windows\system32\AUTHZ.dll *c:\windows\system32\mstlsapi.dll *c:\windows\system32\ACTIVEDS.dll *c:\windows\system32\adsldpc.dll *C:\WINDOWS\system32\NETAPI32.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\system32\REGAPI.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\WTSAPI32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll +844=C:\WINDOWS\system32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\rpcss.dll *c:\windows\system32\Secur32.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll +904=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\xpsp2res.dll *c:\windows\system32\shsvcs.dll *C:\WINDOWS\System32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *c:\windows\system32\dhcpcsvc.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\Secur32.dll *C:\WINDOWS\System32\rsaenh.dll *c:\windows\system32\wzcsvc.dll *c:\windows\system32\rtutils.dll *c:\windows\system32\WMI.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *c:\windows\system32\WTSAPI32.dll *c:\windows\system32\ESENT.dll *c:\windows\system32\ATL.DLL *C:\WINDOWS\System32\rastls.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\System32\MPRAPI.dll *C:\WINDOWS\System32\ACTIVEDS.dll *C:\WINDOWS\System32\adsldpc.dll *C:\WINDOWS\System32\SETUPAPI.dll *C:\WINDOWS\System32\RASAPI32.dll *C:\WINDOWS\System32\rasman.dll *C:\WINDOWS\System32\TAPI32.dll *C:\WINDOWS\System32\SCHANNEL.dll *C:\WINDOWS\System32\WinSCard.dll *C:\WINDOWS\System32\raschap.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *c:\windows\system32\schedsvc.dll *c:\windows\system32\NTDSAPI.dll *C:\WINDOWS\System32\MSIDLE.DLL *c:\windows\system32\audiosrv.dll *c:\windows\system32\wkssvc.dll *c:\windows\system32\cryptsvc.dll *c:\windows\system32\certcli.dll *c:\windows\system32\dmserver.dll *c:\windows\system32\ersvc.dll *c:\windows\system32\es.dll *c:\windows\pchealth\helpctr\binaries\pchsvc.dll *c:\windows\system32\srvsvc.dll *C:\WINDOWS\System32\HNETCFG.DLL *c:\windows\system32\netman.dll *c:\windows\system32\netshell.dll *c:\windows\system32\credui.dll *c:\windows\system32\WZCSAPI.DLL *c:\windows\system32\seclogon.dll *c:\windows\system32\sens.dll *c:\windows\system32\srsvc.dll *c:\windows\system32\POWRPROF.dll *c:\windows\system32\trkwks.dll *c:\windows\system32\w32time.dll *c:\windows\system32\MSVCP60.dll *c:\windows\system32\wbem\wmisvc.dll *C:\WINDOWS\system32\VSSAPI.DLL *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll *c:\windows\system32\wuauserv.dll *C:\WINDOWS\system32\wuaueng.dll *C:\WINDOWS\System32\ADVPACK.dll *C:\WINDOWS\System32\SHFOLDER.dll *C:\WINDOWS\System32\WINSPOOL.DRV *C:\WINDOWS\System32\WINHTTP.dll *C:\WINDOWS\System32\Cabinet.dll *C:\WINDOWS\System32\mspatcha.dll *C:\WINDOWS\System32\sfc.dll *C:\WINDOWS\System32\sfc_os.dll *c:\windows\system32\browser.dll *c:\windows\system32\ipnathlp.dll *c:\windows\system32\AUTHZ.dll *c:\windows\system32\wscsvc.dll *c:\windows\system32\msi.dll *C:\WINDOWS\System32\SXS.DLL *C:\WINDOWS\System32\msxml3.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *C:\WINDOWS\system32\comsvcs.dll *C:\WINDOWS\system32\MTXCLU.DLL *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\colbact.DLL *C:\WINDOWS\System32\CLUSAPI.DLL *C:\WINDOWS\System32\RESUTILS.DLL *C:\WINDOWS\System32\Wbem\wbemcore.dll *C:\WINDOWS\System32\Wbem\esscli.dll *C:\WINDOWS\System32\Wbem\FastProx.dll *C:\WINDOWS\System32\wbem\wmiutils.dll *C:\WINDOWS\System32\wbem\repdrvfs.dll *C:\WINDOWS\System32\wbem\wmiprvsd.dll *C:\WINDOWS\system32\NCObjAPI.DLL *C:\WINDOWS\System32\wbem\wbemess.dll *C:\WINDOWS\system32\Apphelp.dll *C:\WINDOWS\System32\wbem\ncprov.dll *C:\WINDOWS\System32\rasadhlp.dll *C:\WINDOWS\system32\wups.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\System32\upnp.dll *C:\WINDOWS\System32\SSDPAPI.dll *C:\WINDOWS\System32\RASDLG.dll *C:\WINDOWS\System32\netcfgx.dll +952=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\windows\system32\dnsrslvr.dll *c:\windows\system32\DNSAPI.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\iphlpapi.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll +1008=C:\WINDOWS\System32\svchost.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\xpsp2res.dll *c:\windows\system32\lmhsvc.dll *c:\windows\system32\iphlpapi.dll *c:\windows\system32\WS2_32.dll *c:\windows\system32\WS2HELP.dll *c:\windows\system32\webclnt.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\wsock32.dll *c:\windows\system32\regsvc.dll *c:\windows\system32\ssdpsrv.dll *C:\WINDOWS\System32\hnetcfg.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\System32\wshtcpip.dll +1192=C:\WINDOWS\system32\spoolsv.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\SPOOLSS.DLL *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\localspl.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\sfc_os.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\winspool.drv *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\cnbjmon.dll *C:\WINDOWS\system32\mdimon.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\pjlmon.dll *C:\WINDOWS\system32\tcpmon.dll *C:\WINDOWS\system32\usbmon.dll *C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\win32spl.dll *C:\WINDOWS\system32\NETRAP.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\inetpp.dll *C:\WINDOWS\system32\xpsp2res.dll +1308=C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\BackWeb\7681197\6.3.2.62-7681197L\Program\ServiceWrapper.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\secur32.dll *C:\WINDOWS\system32\msv1_0.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\iphlpapi.dll +1348=C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll +1372=C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\F-Secure\Common\fsexc.dll *C:\WINDOWS\system32\Secur32.dll *c:\program files\f-secure\common\fsma32.dll *c:\program files\f-secure\common\FSPMAPI.dll *C:\WINDOWS\system32\MSVCP60.dll +1384=C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *c:\program files\f-secure\common\fspmapi.dll *c:\program files\f-secure\common\fsma32s.dll *C:\Program Files\F-Secure\Anti-Virus\FSGKIAPI.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll +1400=C:\Program Files\F-Secure\Common\FSMA32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\F-Secure\Common\FSPMAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\Common\FSMA32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\Program Files\F-Secure\Common\fsexc.dll *C:\WINDOWS\system32\psapi.dll +1432=C:\Program Files\F-Secure\Anti-Virus\fssm32.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\Anti-Virus\FM4AV.dll *C:\Program Files\F-Secure\Anti-Virus\avpproxy.dll *C:\Program Files\F-Secure\Anti-Virus\avpfpi0.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\Program Files\F-Secure\Anti-Virus\avp_iont.dll *C:\Program Files\F-Secure\Anti-Virus\fslfpi.dll *C:\Program Files\F-Secure\Anti-Virus\dffpi.dll *C:\WINDOWS\system32\PSAPI.DLL *C:\Program Files\F-Secure\Anti-Virus\avpfpi1.dll +1528=C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\psapi.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll +1544=C:\Program Files\F-Secure\Common\FSMB32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSVCIRT.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\F-Secure\Common\fsexc.dll +1636=C:\WINDOWS\system32\nvsvc32.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll +1788=C:\Program Files\F-Secure\Common\FCH32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\F-Secure\Common\FSPMAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\Common\FSMA32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\Program Files\F-Secure\Common\fsexc.dll *C:\Program Files\F-Secure\Common\FSPMENG.DLL *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll +1952=C:\WINDOWS\system32\wdfmgr.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll +204=C:\Program Files\F-Secure\Common\FAMEH32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\F-Secure\Common\FSPMAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\Common\FSLD32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\Program Files\F-Secure\Common\FSMA32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\F-Secure\Common\fsexc.dll *C:\Program Files\F-Secure\Common\AMEHEVN.DLL *C:\Program Files\F-Secure\Common\AMEHLOG.DLL *C:\Program Files\F-Secure\Common\AMEHSMT.DLL *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\Program Files\F-Secure\Common\AMEHTVL.DLL +316=C:\Program Files\F-Secure\Common\FNRB32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\F-Secure\Common\FSPMAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\Common\NrbApi.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\Program Files\F-Secure\Common\signck.dll *C:\Program Files\F-Secure\Common\NaCoL.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\F-Secure\Common\FSMSCl.dll *C:\Program Files\F-Secure\Common\FSMA32.dll *C:\Program Files\F-Secure\Common\fsexc.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\rasadhlp.dll +440=C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\Program Files\F-Secure\Common\fsexc.dll *c:\program files\f-secure\common\fsma32.dll *c:\program files\f-secure\common\FSPMAPI.dll *C:\WINDOWS\system32\MSVCP60.dll *c:\program files\f-secure\tnb\fstnb.dll *c:\program files\f-secure\common\fsld32.dll *c:\program files\f-secure\common\fswscs.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\F-Secure\FWES\Program\fsmirror.dll *c:\program files\f-secure\anti-virus\fsgkiapi.dll *C:\PROGRA~1\F-Secure\Common\fsdfwres.FIN *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\System32\wbem\wbemprox.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\System32\wbem\wbemsvc.dll *C:\WINDOWS\System32\wbem\fastprox.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\Secur32.dll +512=C:\Program Files\F-Secure\Common\FIH32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\Program Files\F-Secure\Common\FSPMAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\Common\FSMA32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\Program Files\F-Secure\Common\fsexc.dll +740=C:\WINDOWS\System32\alg.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\System32\ATL.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\WS2_32.dll *C:\WINDOWS\System32\WS2HELP.dll *C:\WINDOWS\System32\MSWSOCK.DLL *C:\WINDOWS\System32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\System32\WINMM.dll *C:\WINDOWS\System32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\System32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\System32\CLBCATQ.DLL *C:\WINDOWS\System32\COMRes.dll *C:\WINDOWS\System32\xpsp2res.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll +1564=C:\Program Files\F-Secure\Anti-Virus\fsav32.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\Program Files\F-Secure\Anti-Virus\fsched.dll *C:\WINDOWS\system32\ole32.dll *C:\Program Files\F-Secure\Anti-Virus\FSTSM.DLL *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *c:\program files\f-secure\common\fsma32.dll *c:\program files\f-secure\common\FSPMAPI.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\Program Files\F-Secure\Common\fswscs.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\F-Secure\TNB\fstnb.dll *c:\program files\f-secure\common\fsld32.dll *C:\Program Files\F-Secure\Anti-Virus\FSAVHRES.FIN *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\wbem\wbemprox.dll *C:\WINDOWS\System32\wbem\wbemcomn.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\System32\wbem\wbemsvc.dll *C:\WINDOWS\System32\wbem\fastprox.dll *C:\WINDOWS\system32\NTDSAPI.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\Secur32.dll +2792=C:\WINDOWS\Explorer.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\BROWSEUI.dll *C:\WINDOWS\system32\SHDOCVW.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\System32\themeui.dll *C:\WINDOWS\System32\Secur32.dll *C:\WINDOWS\System32\MSIMG32.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\System32\msutb.dll *C:\WINDOWS\System32\MSCTF.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\ntshrui.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\SETUPAPI.dll *C:\Program Files\Microsoft AntiSpyware\shellextension.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\NETSHELL.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\credui.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\LINKINFO.dll *C:\WINDOWS\system32\rsaenh.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\System32\webcheck.dll *C:\WINDOWS\System32\WSOCK32.dll *C:\WINDOWS\System32\stobject.dll *C:\WINDOWS\System32\BatMeter.dll *C:\WINDOWS\System32\POWRPROF.dll *C:\WINDOWS\System32\WTSAPI32.dll *C:\WINDOWS\system32\mslbui.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\shdoclc.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\IadHide5.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\davclnt.dll *C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll *C:\WINDOWS\system32\nvcpl.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\nvshell.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\WINDOWS\system32\NVWRSFI.DLL *C:\WINDOWS\system32\browselc.dll *C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll *C:\WINDOWS\system32\MSVCR71.dll *C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *C:\WINDOWS\system32\DUSER.dll *C:\Program Files\Microsoft Office\OFFICE11\msohev.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll *C:\WINDOWS\system32\wmpshell.dll *C:\WINDOWS\system32\mscms.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\odbcint.dll *C:\WINDOWS\system32\MLANG.dll *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\midimap.dll *C:\Program Files\F-Secure\Common\fpshx.dll *C:\Program Files\F-Secure\Common\FSMA32.dll *C:\Program Files\F-Secure\Common\FSPMAPI.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\MFC42.DLL *C:\Program Files\WinRAR\rarext.dll *C:\WINDOWS\System32\mydocs.dll *c:\windows\srchasst\srchui.dll *C:\WINDOWS\system32\OLEACC.dll *c:\windows\srchasst\srchctls.dll *C:\WINDOWS\System32\msxml3.dll *C:\WINDOWS\system32\WINHTTP.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\System32\jscript.dll *C:\WINDOWS\system32\sensapi.dll *C:\WINDOWS\System32\mswsock.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\System32\zipfldr.dll *C:\WINDOWS\system32\msadp32.acm +2876=C:\Program Files\F-Secure\Common\FSM32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\Program Files\F-Secure\Common\FSPMAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\Common\FSMA32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\msvcrt.dll *C:\Program Files\F-Secure\Common\FSLD32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\Program Files\F-Secure\Common\fsexc.dll *C:\Program Files\F-Secure\FSGUI\av550about.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\Program Files\F-Secure\Common\fsmres.FIN *C:\Program Files\F-Secure\Common\fsmres.ENG *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\Secur32.dll *C:\Program Files\F-Secure\FWES\Program\fsdfwpi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\Program Files\F-Secure\Anti-Virus\fsmuiav.dll *C:\WINDOWS\system32\MFC42.DLL *C:\Program Files\F-Secure\Anti-Virus\FSAVURES.ENG *C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwui.dll *C:\Program Files\F-Secure\Common\FSMA32S.dll *C:\Program Files\F-Secure\TNB\fstnb.dll *C:\Program Files\F-Secure\FSGUI\guilaunc.dll *C:\Program Files\F-Secure\Anti-Virus\FSAVURES.FIN *C:\WINDOWS\system32\MSCTF.dll *C:\Program Files\F-Secure\Common\fsmaui32.dll *C:\WINDOWS\system32\MPR.dll *C:\Program Files\F-Secure\Common\fsmaures.FIN *C:\WINDOWS\system32\RICHED32.DLL *C:\WINDOWS\system32\RICHED20.dll *C:\Program Files\F-Secure\FSGUI\avabtres.FIN *C:\Program Files\F-Secure\Anti-Virus\FSAVDW.DLL *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\Program Files\F-Secure\Common\fsdfwpi.FIN *C:\Program Files\F-Secure\Common\fsdfwpi2.eng *C:\Program Files\F-Secure\FSGUI\gres.dll +2972=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\TEMP\IadHide5.dll +3008=C:\WINDOWS\system32\RUNDLL32.EXE *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\NvMcTray.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMCTL32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\MSCTF.dll +3068=C:\Program Files\Common Files\Real\Update_OB\realsched.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\NTMARTA.DLL *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\SAMLIB.dll +3076=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\MSVBVM60.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\SXS.DLL *C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll *C:\WINDOWS\system32\ShFolder.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\wininet.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\sensapi.dll +3084=C:\WINDOWS\system32\ctfmon.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\MSUTB.dll *C:\WINDOWS\system32\ShimEng.dll *C:\WINDOWS\AppPatch\AcGenral.DLL *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\UxTheme.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll +3184=C:\Program Files\Internet Explorer\iexplore.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\SHDOCVW.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\CRYPTUI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\BROWSEUI.dll *C:\WINDOWS\system32\browselc.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\urlmon.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll *C:\WINDOWS\system32\MSVCR71.dll *C:\Program Files\Spybot - Search & Destroy\SDHelper.dll *C:\WINDOWS\system32\olepro32.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\shdoclc.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\mlang.dll *C:\WINDOWS\system32\wsock32.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\RASAPI32.DLL *C:\WINDOWS\system32\rasman.dll *C:\WINDOWS\system32\TAPI32.dll *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\sensapi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\system32\rasadhlp.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\System32\mshtml.dll *C:\WINDOWS\System32\msls31.dll *C:\WINDOWS\System32\msimtf.dll *C:\WINDOWS\system32\mslbui.dll *C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL *C:\Program Files\Microsoft Office\OFFICE11\msohev.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\IadHide5.dll *C:\WINDOWS\system32\inetcpl.cpl *C:\WINDOWS\system32\inetcplc.dll *C:\WINDOWS\system32\OCCache.DLL *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll *C:\WINDOWS\System32\jscript.dll *C:\WINDOWS\System32\mshtmled.dll *C:\WINDOWS\System32\actxprxy.dll *C:\WINDOWS\system32\plugin.ocx *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\ntshrui.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\LINKINFO.dll *C:\WINDOWS\system32\wuapi.dll *C:\WINDOWS\system32\sfc_os.dll +3304=C:\Program Files\F-Secure\FSGUI\fsguiexe.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\Program Files\F-Secure\Common\fsexc.dll *c:\program files\f-secure\common\fsld32.dll *C:\Program Files\F-Secure\FSGUI\guiplugin.dll *C:\WINDOWS\system32\MSCTF.dll *c:\program files\f-secure\common\fsma32.dll *c:\program files\f-secure\common\FSPMAPI.dll *C:\WINDOWS\system32\MSVCP60.dll *c:\program files\f-secure\tnb\fstnb.dll *C:\Program Files\F-Secure\FSGUI\fsavesui.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\Program Files\F-Secure\FSGUI\gres.dll *C:\Program Files\F-Secure\FSGUI\fsavesres.FIN +3508=C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\Program Files\F-Secure\BackWeb\7681197\6.3.2.62-7681197L\Program\backWeb.dll *C:\Program Files\F-Secure\BackWeb\7681197\6.3.2.62-7681197L\Program\bwsec.dll *C:\WINDOWS\system32\MSVCRT.dll *C:\Program Files\F-Secure\BackWeb\7681197\6.3.2.62-7681197L\Program\clntutil.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\snmpapi.dll *C:\WINDOWS\system32\WS2_32.dll *C:\WINDOWS\system32\WS2HELP.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\WININET.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\WINMM.dll *C:\WINDOWS\system32\MFC42.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\MSVCP60.dll *C:\WINDOWS\system32\WSOCK32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\PROGRA~1\F-Secure\BackWeb\7681197\632~1.62-\program\EN\ClientRC.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\wtsapi32.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\NETAPI32.dll *C:\WINDOWS\system32\feclient.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\Program Files\F-Secure\BackWeb\7681197\Program\BWfiles-7681197.dll *C:\Program Files\F-Secure\BackWeb\7681197\6.3.2.62-7681197L\Program\BWfiles.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\IadHide5.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwce.dll *C:\WINDOWS\system32\comdlg32.dll *C:\WINDOWS\system32\WINSPOOL.DRV *C:\WINDOWS\system32\RICHED32.DLL *C:\WINDOWS\system32\RICHED20.dll *C:\Program Files\F-Secure\Common\fsexc.dll *C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwres.FIN *c:\program files\f-secure\common\fsld32.dll *C:\Program Files\F-Secure\BackWeb\7681197\6.3.2.62-7681197L\Program\ncast.dll *C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwres.dll *C:\WINDOWS\system32\inetmib1.dll *C:\WINDOWS\system32\iphlpapi.dll *C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwres.eng *C:\WINDOWS\system32\MPRAPI.dll *C:\WINDOWS\system32\ACTIVEDS.dll *C:\WINDOWS\system32\adsldpc.dll *C:\WINDOWS\system32\WLDAP32.dll *C:\WINDOWS\system32\ATL.DLL *C:\WINDOWS\system32\rtutils.dll *C:\WINDOWS\system32\SAMLIB.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\mswsock.dll *C:\WINDOWS\system32\hnetcfg.dll *C:\WINDOWS\System32\wshtcpip.dll *C:\WINDOWS\system32\DNSAPI.dll *C:\WINDOWS\System32\winrnr.dll *C:\WINDOWS\system32\rasadhlp.dll *c:\program files\f-secure\common\fsma32.dll *c:\program files\f-secure\common\FSPMAPI.dll *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\wdmaud.drv *C:\WINDOWS\system32\msacm32.drv *C:\WINDOWS\system32\MSACM32.dll *C:\WINDOWS\system32\midimap.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\SXS.DLL +3536=C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\MSVBVM60.DLL *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\uxtheme.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\Program Files\Microsoft AntiSpyware\gcAntiSpywareLibrary.dll *C:\WINDOWS\system32\GCCollection.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\SXS.DLL *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\shell32.dll *C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll *C:\WINDOWS\system32\comctl32.dll *C:\WINDOWS\system32\mslbui.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\IadHide5.dll *C:\WINDOWS\system32\hashlib.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll +2208=C:\Program Files\WinRAR\WinRAR.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\WINDOWS\system32\ADVAPI32.DLL *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.DLL *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\SHLWAPI.dll *C:\WINDOWS\system32\COMDLG32.DLL *C:\WINDOWS\system32\SHELL32.dll *C:\WINDOWS\system32\OLE32.DLL *C:\WINDOWS\system32\riched32.dll *C:\WINDOWS\system32\RICHED20.dll *C:\WINDOWS\system32\uxtheme.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\IadHide5.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\appHelp.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\WINDOWS\System32\cscui.dll *C:\WINDOWS\System32\CSCDLL.dll *C:\WINDOWS\system32\SETUPAPI.dll *C:\WINDOWS\system32\netapi32.dll *C:\WINDOWS\system32\MPR.dll *C:\WINDOWS\System32\drprov.dll *C:\WINDOWS\System32\ntlanman.dll *C:\WINDOWS\System32\NETUI0.dll *C:\WINDOWS\System32\NETUI1.dll *C:\WINDOWS\System32\NETRAP.dll *C:\WINDOWS\System32\SAMLIB.dll *C:\WINDOWS\System32\davclnt.dll *C:\WINDOWS\System32\shgina.dll *C:\WINDOWS\system32\MSGINA.dll *C:\WINDOWS\system32\USERENV.dll *C:\WINDOWS\system32\WINSTA.dll *C:\WINDOWS\system32\ODBC32.dll *C:\WINDOWS\system32\odbcint.dll *C:\WINDOWS\system32\Secur32.dll *C:\WINDOWS\system32\Audiodev.dll *C:\WINDOWS\system32\WMVCore.DLL *C:\WINDOWS\system32\WMASF.DLL *C:\WINDOWS\system32\WINTRUST.dll *C:\WINDOWS\system32\CRYPT32.dll *C:\WINDOWS\system32\MSASN1.dll *C:\WINDOWS\system32\IMAGEHLP.dll *C:\WINDOWS\system32\mslbui.dll *C:\Program Files\Microsoft AntiSpyware\shellextension.dll *C:\WINDOWS\system32\xpsp2res.dll *C:\WINDOWS\system32\msi.dll *C:\WINDOWS\system32\urlmon.dll +2604=C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\Rar$EX0 0.648\StartDreck.exe *C:\WINDOWS\system32\ntdll.dll *C:\WINDOWS\system32\kernel32.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\Rar$EX00.648\VB40032.DLL *C:\WINDOWS\system32\ADVAPI32.dll *C:\WINDOWS\system32\RPCRT4.dll *C:\WINDOWS\system32\GDI32.dll *C:\WINDOWS\system32\USER32.dll *C:\WINDOWS\system32\MSVCRT20.dll *C:\WINDOWS\system32\ole32.dll *C:\WINDOWS\system32\msvcrt.dll *C:\WINDOWS\system32\OLEAUT32.dll *C:\WINDOWS\system32\OLEPRO32.DLL *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\Rar$EX00.648\VB4DE32.DLL *C:\WINDOWS\system32\uxtheme.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\IadHide5.dll *C:\WINDOWS\system32\MSCTF.dll *C:\WINDOWS\system32\CLBCATQ.DLL *C:\WINDOWS\system32\COMRes.dll *C:\WINDOWS\system32\VERSION.dll *C:\DOCUME~1\MYCOMPUTER\LOCALS~1\Temp\Rar$EX00.648\PSAPI.DLL *C:\WINDOWS\system32\mslbui.dll »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User Posted by: MicroBell Your logs appear clean. Lets try to address your issue. Try each of these... Clear Recent Docs list.. Right click"Start", Left click "properities", Left click "customize", Left click "advanced", Left click "clear list" near bottom of window, Left click"ok" the two times it appears Registry edit... Click on Start, then Run....type in regedit. Navigate to the following key.. [b]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Typed URLs[/b] In the right pane if that site is listed...highlight it.....delete it. Posted by: amiskyy Done! Thanks buddy! I really appreciate your help in this mysterious case but no hits even this time. The problem is still there. -amiskyy vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |