davidjenglander

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About davidjenglander

  • Rank
    Member
  • Birthday 04/01/1909

Contact Methods

  • AIM
    Not a fan of AOL
  • MSN
    None
  • Website URL
    http://None at this time
  • ICQ
    0
  • Yahoo
    None

Profile Information

  • Location
    Central Florida
  • Interests
    My family, and our pets.<br /><br />I've recently been tinkering w/ motion graphics (Adobe After Effects)
  1. ComboFix 08-02-19.2 - Customer 2008-02-19 12:30:47.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.500 [GMT -5:00] Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Customer\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dzrfpqzd.dll C:\WINDOWS\system32\dzrfpqzd.dllbox . ((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))) . 2008-02-18 09:03 . 2008-02-18 09:03 <DIR> d-------- C:\Program Files\Sorenson Media 2008-02-18 09:03 . 2006-11-14 21:26 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2008-02-18 09:03 . 2006-11-14 21:26 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2008-02-18 08:40 . 2008-02-18 08:40 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-02-16 11:39 . 2008-02-16 11:39 36,868 --a------ C:\Program Files\uninst-SoundKeys.exe 2008-02-16 11:16 . 2008-02-16 11:16 36,868 --a------ C:\Program Files\uninst-Lux.exe 2008-02-14 17:28 . 2008-02-18 09:10 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\SorensonMedia 2008-02-14 14:00 . 2008-02-14 14:00 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Digital Anarchy 2008-02-13 12:29 . 2008-02-18 09:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-13 12:29 . 2008-02-18 09:10 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-11 12:03 . 2008-02-11 12:03 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Sony 2008-02-11 12:03 . 2008-02-11 12:03 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Publish Providers 2008-02-11 12:03 . 2008-02-11 12:08 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-11 12:03 . 2008-02-11 12:08 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-02-11 12:03 . 2008-02-11 12:08 2 --a------ C:\WINDOWS\Twain001.Mtx 2008-02-11 12:03 . 2008-02-11 12:03 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-02-11 11:08 . 2008-02-11 11:08 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-02-11 10:47 . 2008-02-11 10:47 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-02-11 10:45 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2008-02-11 10:38 . 2008-02-11 10:38 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Sony Setup 2008-02-11 10:33 . 2008-02-11 12:13 <DIR> d-------- C:\Program Files\Sony 2008-02-08 07:53 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-06 13:41 . 2008-02-06 13:51 <DIR> d-------- C:\Documents and Settings\Customer\.SunDownloadManager 2008-02-06 13:27 . 2008-02-06 13:27 <DIR> d-------- C:\Program Files\Secunia 2008-02-06 10:15 . 2008-02-06 10:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-05 11:27 . 2007-11-01 06:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-05 11:27 . 2008-02-13 09:16 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-05 11:18 . 2008-02-05 11:18 68,089,416 --a------ C:\Program Files\Embarq_RTM_703-106.exe 2008-02-05 10:25 . 2008-02-05 10:44 <DIR> d-------- C:\Program Files\EMBARQ 2008-02-04 11:08 . 2008-02-04 11:08 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\com.adobe.kuler.Kuler.419D633A757E8B26DD2BDB301927BA7BA7490F38.1 2008-02-04 01:50 . 2008-02-04 01:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 23:55 . 2008-02-06 10:13 <DIR> d----c--- C:\HJT 2008-02-03 22:59 . 2008-02-03 22:59 <DIR> d-------- C:\Program Files\Windows Defender 2008-02-03 16:58 . 2008-02-03 16:58 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Grisoft 2008-02-03 16:57 . 2008-02-03 16:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-03 16:43 . 2008-02-03 16:45 3,134 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-02 20:03 . 2008-02-02 20:03 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-02 20:03 . 2008-02-04 01:51 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-02 09:27 . 2008-02-02 09:27 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-01 11:52 . 2008-02-01 14:29 <DIR> d-------- C:\Program Files\SourceTec 2008-02-01 11:44 . 2008-02-01 14:08 367 --a------ C:\WINDOWS\SWFConverter.INI 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iTunes 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iPod 2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-22 04:18 . 2008-01-22 04:18 7,808 --a------ C:\WINDOWS\system32\drivers\psi_mf.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 15:02 --------- d-----w C:\Documents and Settings\Customer\Application Data\uTorrent 2008-02-18 14:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 14:34 7,591 ----a-w C:\Program Files\mbsuite21.log 2008-02-14 01:32 --------- d-----w C:\Program Files\QuickTime 2008-02-13 17:26 --------- d-----w C:\Program Files\Macromedia 2008-02-13 17:21 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-02-13 14:25 --------- d-----w C:\Program Files\EMBARQ Online Security 2008-02-10 22:13 --------- d-----w C:\Program Files\LimeWire 2008-02-06 19:04 --------- d-----w C:\Program Files\Java 2008-02-06 18:57 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-05 16:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 15:28 --------- d-----w C:\Program Files\Common Files\Motive 2008-02-04 16:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-02-01 19:29 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-26 18:11 6,832 ----a-w C:\Program Files\KLF2.5GPU.log 2008-01-25 14:50 --------- d-----w C:\Program Files\Bonjour 2008-01-19 15:09 --------- d-----w C:\Program Files\DivX 2008-01-19 14:15 --------- d-----w C:\Documents and Settings\Customer\Application Data\DivX 2008-01-15 23:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\fssg 2008-01-06 15:35 36,868 ----a-w C:\Program Files\uninst-Particular.exe 2008-01-06 15:35 36,868 ----a-w C:\Program Files\uninst-3DStroke.exe 2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-12-16 15:58 81,920 ----a-w C:\Documents and Settings\Customer\Application Data\ezpinst.exe 2007-12-16 15:58 47,360 ----a-w C:\Documents and Settings\Customer\Application Data\pcouffin.sys 2007-06-24 12:48 9,216 --sha-w C:\Program Files\Thumbs.db 2003-11-03 22:07 499,712 ----a-w C:\Program Files\msvcp71.dll 2003-11-03 22:07 348,160 ----a-w C:\Program Files\msvcr71.dll 2003-05-30 14:22 344,064 ----a-r C:\Program Files\msvcr70.dll 2002-01-05 08:40 487,424 ----a-w C:\Program Files\msvcp70.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SprintModemUpdate"="javaw.exe" [2007-12-14 00:57 135168 C:\WINDOWS\system32\javaw.exe] "F-Secure Manager"="C:\Program Files\EMBARQ Online Security\Common\FSM32.exe" [2007-11-01 06:42 182936] "F-Secure TNB"="C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2007-11-01 06:42 739936] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] C:\Documents and Settings\Customer\Start Menu\Programs\Startup\ Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-05 05:36:24 610304] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Virtual Assistant.lnk backup=C:\WINDOWS\pss\Virtual Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Customer\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --------- 2005-02-15 15:10 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2007-11-01 06:42 182936 C:\Program Files\EMBARQ Online Security\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2007-11-01 06:42 739936 C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2005-01-27 12:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 14:41 438359 C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] -ra------ 2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2005-03-07 14:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] -ra------ 2005-01-10 18:33 143360 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 06:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\EMBARQ Online Security\HIPS\fshs.sys [2008-02-13 09:16] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 06:42] R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-01-22 04:18] S1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [] S3 ADSFilter;ADSFilter - (EarthLink Filter Driver);C:\WINDOWS\system32\drivers\ADSFilter.sys [2006-11-20 08:44] S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);C:\WINDOWS\system32\drivers\ADSMonitor.sys [2006-11-20 08:44] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 06:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 06:42] . Contents of the 'Scheduled Tasks' folder "2008-02-14 13:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-19 17:37:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-02-19 13:56:16 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\EMBARQ~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\EMBARQ~1\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-19 12:36:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe . ************************************************************************** . Completion time: 2008-02-19 12:40:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-19 17:40:32 ComboFix2.txt 2008-02-19 17:27:12 ComboFix3.txt 2008-02-06 17:04:59 . 2008-02-16 00:32:09 --- E O F ---
  2. hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:39, on 2008-02-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\Program Files\Secunia\PSI (RC1)\psi.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O4 - HKLM\..\Run: [sprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [c0f359d9] rundll32.exe "C:\WINDOWS\system32\biaqbscj.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/cabs/MSDcode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150585256359 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7737 bytes
  3. So far so good. By the way my youngest Katie called from school on her lunch break. She wanted me to say Bedankt. From all the Englander family we say, Bedankt !
  4. sorry, for the mix-up, hope this is the right procedure: ComboFix 08-02.05.3 - Customer 2008-02-06 11:59:57.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.584 [GMT -5:00] Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Customer\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\Fonts\fff_harmony.zip C:\WINDOWS\Fonts\ohio_script.zip C:\WINDOWS\Fonts\OldeEuropeanES.zip C:\WINDOWS\Fonts\VehicleDecalsFlamesArt.zip C:\WINDOWS\Fonts\Versal.zip C:\WINDOWS\system32\awdiiyek.dll C:\WINDOWS\system32\drivers\oreans32.sys C:\WINDOWS\system32\novxaxjn.dll C:\WINDOWS\system32\sfgsffcg.dll C:\WINDOWS\system32\sfgsffcg.dllbox . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\sfgsffcg.dll C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Customer\Desktop\Live Safety Center.lnk C:\Documents and Settings\Customer\Desktop\Online Security Guide.lnk C:\Documents and Settings\Customer\Favorites\Online Security Guide.lnk C:\WINDOWS\Fonts\fff_harmony.zip C:\WINDOWS\Fonts\ohio_script.zip C:\WINDOWS\Fonts\OldeEuropeanES.zip C:\WINDOWS\Fonts\VehicleDecalsFlamesArt.zip C:\WINDOWS\Fonts\Versal.zip C:\WINDOWS\system32\awdiiyek.dll C:\WINDOWS\system32\drivers\oreans32.sys C:\WINDOWS\system32\keyiidwa.ini C:\WINDOWS\system32\novxaxjn.dll C:\WINDOWS\system32\sfgsffcg.dll C:\WINDOWS\system32\sfgsffcg.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_OREANS32 -------\oreans32 ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))) . 2008-02-06 10:15 . 2008-02-06 10:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-06 09:25 . 2004-08-03 23:00 260,272 --a--c--- C:\cmldr 2008-02-06 09:21 . 2004-08-04 07:00 388,608 --a------ C:\kmd.exe 2008-02-05 12:54 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-05 11:27 . 2007-11-01 06:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-05 11:27 . 2007-11-01 06:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-05 11:18 . 2008-02-05 11:18 68,089,416 --a------ C:\Program Files\Embarq_RTM_703-106.exe 2008-02-05 10:25 . 2008-02-05 10:44 <DIR> d-------- C:\Program Files\EMBARQ 2008-02-04 11:08 . 2008-02-04 11:08 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\com.adobe.kuler.Kuler.419D633A757E8B26DD2BDB301927BA7BA7490F38.1 2008-02-04 01:50 . 2008-02-04 01:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 23:55 . 2008-02-06 10:13 <DIR> d----c--- C:\HJT 2008-02-03 22:59 . 2008-02-03 22:59 <DIR> d-------- C:\Program Files\Windows Defender 2008-02-03 16:58 . 2008-02-03 16:58 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Grisoft 2008-02-03 16:57 . 2008-02-03 16:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-03 16:43 . 2008-02-03 16:45 3,134 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-02 20:03 . 2008-02-02 20:03 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-02 20:03 . 2008-02-04 01:51 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-02 09:27 . 2008-02-02 09:27 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-01 11:52 . 2008-02-01 14:29 <DIR> d-------- C:\Program Files\SourceTec 2008-02-01 11:44 . 2008-02-01 14:08 367 --a------ C:\WINDOWS\SWFConverter.INI 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iTunes 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iPod 2008-01-17 09:46 . 2008-02-05 11:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-17 09:46 . 2008-01-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 19:05 . 2008-01-15 19:05 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS 2008-01-15 18:44 . 2008-01-15 18:44 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\fssg 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-07 20:16 . 2008-01-07 20:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-01-06 11:26 . 2008-01-06 11:32 64 --a------ C:\WINDOWS\MovingPicture.ini 2008-01-06 10:46 . 2004-10-03 17:41 167,936 --a------ C:\WINDOWS\system32\Engine3D.dll 2008-01-06 10:35 . 2008-01-06 10:35 36,868 --a------ C:\Program Files\uninst-3DStroke.exe 2008-01-06 09:59 . 2008-01-06 10:43 <DIR> d-------- C:\Program Files\Trapcode 2008-01-06 09:59 . 2008-01-06 09:59 <DIR> d----c--- C:\Presets 2008-01-06 09:59 . 2008-01-06 10:35 36,868 --a------ C:\Program Files\uninst-Particular.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 17:10 --------- d-----w C:\Program Files\EMBARQ Online Security 2008-02-05 16:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 15:28 --------- d-----w C:\Program Files\Common Files\Motive 2008-02-04 16:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-02-02 00:31 --------- d-----w C:\Documents and Settings\Customer\Application Data\uTorrent 2008-02-01 19:29 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-26 18:11 6,832 ----a-w C:\Program Files\KLF2.5GPU.log 2008-01-25 14:50 --------- d-----w C:\Program Files\Bonjour 2008-01-19 15:09 --------- d-----w C:\Program Files\DivX 2008-01-19 14:15 --------- d-----w C:\Documents and Settings\Customer\Application Data\DivX 2008-01-17 14:04 --------- d-----w C:\Program Files\QuickTime 2008-01-08 22:41 --------- d-----w C:\Program Files\LimeWire 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-27 22:47 --------- d-----w C:\Program Files\Java 2007-12-16 15:59 --------- d-----w C:\Program Files\Magic Video Converter 2007-12-16 15:58 81,920 ----a-w C:\Documents and Settings\Customer\Application Data\ezpinst.exe 2007-12-16 15:58 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-12-16 15:58 47,360 ----a-w C:\Documents and Settings\Customer\Application Data\pcouffin.sys 2007-12-16 15:58 --------- d-----w C:\Documents and Settings\Customer\Application Data\Vso 2007-12-15 21:41 98,304 ----a-w C:\WINDOWS\system32\SoftAheadCert.dll 2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-06-24 12:48 9,216 --sha-w C:\Program Files\Thumbs.db . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SprintModemUpdate"="javaw.exe" [2007-09-24 22:30 135168 C:\WINDOWS\system32\javaw.exe] "F-Secure Manager"="C:\Program Files\EMBARQ Online Security\Common\FSM32.exe" [2007-11-01 06:42 182936] "F-Secure TNB"="C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2007-11-01 06:42 739936] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Virtual Assistant.lnk backup=C:\WINDOWS\pss\Virtual Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Customer\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --------- 2005-02-15 15:10 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2007-11-01 06:42 182936 C:\Program Files\EMBARQ Online Security\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2007-11-01 06:42 739936 C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2005-01-27 12:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 14:41 438359 C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] -ra------ 2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2005-03-07 14:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] -ra------ 2005-01-10 18:33 143360 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 06:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\EMBARQ Online Security\HIPS\fshs.sys [2007-11-01 06:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 06:42] S1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [] S3 ADSFilter;ADSFilter - (EarthLink Filter Driver);C:\WINDOWS\system32\drivers\ADSFilter.sys [2006-11-20 08:44] S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);C:\WINDOWS\system32\drivers\ADSMonitor.sys [2006-11-20 08:44] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 06:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 06:42] . Contents of the 'Scheduled Tasks' folder "2008-01-31 13:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-06 16:55:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-02-06 16:23:23 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\EMBARQ~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\EMBARQ~1\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 12:04:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-06 12:04:58 ComboFix-quarantined-files.txt 2008-02-06 17:04:39 ComboFix2.txt 2008-02-06 14:54:59 . 2008-02-06 13:53:07 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:41 PM, on 2/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [sprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/cabs/MSDcode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150585256359 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 6823 bytes
  5. ComboFix 08-02.05.3 - Customer 2008-02-06 11:59:57.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.584 [GMT -5:00] Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Customer\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\Fonts\fff_harmony.zip C:\WINDOWS\Fonts\ohio_script.zip C:\WINDOWS\Fonts\OldeEuropeanES.zip C:\WINDOWS\Fonts\VehicleDecalsFlamesArt.zip C:\WINDOWS\Fonts\Versal.zip C:\WINDOWS\system32\awdiiyek.dll C:\WINDOWS\system32\drivers\oreans32.sys C:\WINDOWS\system32\novxaxjn.dll C:\WINDOWS\system32\sfgsffcg.dll C:\WINDOWS\system32\sfgsffcg.dllbox . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\sfgsffcg.dll C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Customer\Desktop\Live Safety Center.lnk C:\Documents and Settings\Customer\Desktop\Online Security Guide.lnk C:\Documents and Settings\Customer\Favorites\Online Security Guide.lnk C:\WINDOWS\Fonts\fff_harmony.zip C:\WINDOWS\Fonts\ohio_script.zip C:\WINDOWS\Fonts\OldeEuropeanES.zip C:\WINDOWS\Fonts\VehicleDecalsFlamesArt.zip C:\WINDOWS\Fonts\Versal.zip C:\WINDOWS\system32\awdiiyek.dll C:\WINDOWS\system32\drivers\oreans32.sys C:\WINDOWS\system32\keyiidwa.ini C:\WINDOWS\system32\novxaxjn.dll C:\WINDOWS\system32\sfgsffcg.dll C:\WINDOWS\system32\sfgsffcg.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_OREANS32 -------\oreans32 ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))) . 2008-02-06 10:15 . 2008-02-06 10:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-06 09:25 . 2004-08-03 23:00 260,272 --a--c--- C:\cmldr 2008-02-06 09:21 . 2004-08-04 07:00 388,608 --a------ C:\kmd.exe 2008-02-05 12:54 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-05 11:27 . 2007-11-01 06:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-05 11:27 . 2007-11-01 06:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-05 11:18 . 2008-02-05 11:18 68,089,416 --a------ C:\Program Files\Embarq_RTM_703-106.exe 2008-02-05 10:25 . 2008-02-05 10:44 <DIR> d-------- C:\Program Files\EMBARQ 2008-02-04 11:08 . 2008-02-04 11:08 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\com.adobe.kuler.Kuler.419D633A757E8B26DD2BDB301927BA7BA7490F38.1 2008-02-04 01:50 . 2008-02-04 01:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 23:55 . 2008-02-06 10:13 <DIR> d----c--- C:\HJT 2008-02-03 22:59 . 2008-02-03 22:59 <DIR> d-------- C:\Program Files\Windows Defender 2008-02-03 16:58 . 2008-02-03 16:58 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Grisoft 2008-02-03 16:57 . 2008-02-03 16:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-03 16:43 . 2008-02-03 16:45 3,134 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-02 20:03 . 2008-02-02 20:03 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-02 20:03 . 2008-02-04 01:51 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-02 09:27 . 2008-02-02 09:27 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-01 11:52 . 2008-02-01 14:29 <DIR> d-------- C:\Program Files\SourceTec 2008-02-01 11:44 . 2008-02-01 14:08 367 --a------ C:\WINDOWS\SWFConverter.INI 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iTunes 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iPod 2008-01-17 09:46 . 2008-02-05 11:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-17 09:46 . 2008-01-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 19:05 . 2008-01-15 19:05 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS 2008-01-15 18:44 . 2008-01-15 18:44 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\fssg 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-07 20:16 . 2008-01-07 20:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-01-06 11:26 . 2008-01-06 11:32 64 --a------ C:\WINDOWS\MovingPicture.ini 2008-01-06 10:46 . 2004-10-03 17:41 167,936 --a------ C:\WINDOWS\system32\Engine3D.dll 2008-01-06 10:35 . 2008-01-06 10:35 36,868 --a------ C:\Program Files\uninst-3DStroke.exe 2008-01-06 09:59 . 2008-01-06 10:43 <DIR> d-------- C:\Program Files\Trapcode 2008-01-06 09:59 . 2008-01-06 09:59 <DIR> d----c--- C:\Presets 2008-01-06 09:59 . 2008-01-06 10:35 36,868 --a------ C:\Program Files\uninst-Particular.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 17:10 --------- d-----w C:\Program Files\EMBARQ Online Security 2008-02-05 16:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 15:28 --------- d-----w C:\Program Files\Common Files\Motive 2008-02-04 16:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-02-02 00:31 --------- d-----w C:\Documents and Settings\Customer\Application Data\uTorrent 2008-02-01 19:29 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-26 18:11 6,832 ----a-w C:\Program Files\KLF2.5GPU.log 2008-01-25 14:50 --------- d-----w C:\Program Files\Bonjour 2008-01-19 15:09 --------- d-----w C:\Program Files\DivX 2008-01-19 14:15 --------- d-----w C:\Documents and Settings\Customer\Application Data\DivX 2008-01-17 14:04 --------- d-----w C:\Program Files\QuickTime 2008-01-08 22:41 --------- d-----w C:\Program Files\LimeWire 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-27 22:47 --------- d-----w C:\Program Files\Java 2007-12-16 15:59 --------- d-----w C:\Program Files\Magic Video Converter 2007-12-16 15:58 81,920 ----a-w C:\Documents and Settings\Customer\Application Data\ezpinst.exe 2007-12-16 15:58 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-12-16 15:58 47,360 ----a-w C:\Documents and Settings\Customer\Application Data\pcouffin.sys 2007-12-16 15:58 --------- d-----w C:\Documents and Settings\Customer\Application Data\Vso 2007-12-15 21:41 98,304 ----a-w C:\WINDOWS\system32\SoftAheadCert.dll 2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-06-24 12:48 9,216 --sha-w C:\Program Files\Thumbs.db . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SprintModemUpdate"="javaw.exe" [2007-09-24 22:30 135168 C:\WINDOWS\system32\javaw.exe] "F-Secure Manager"="C:\Program Files\EMBARQ Online Security\Common\FSM32.exe" [2007-11-01 06:42 182936] "F-Secure TNB"="C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2007-11-01 06:42 739936] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Virtual Assistant.lnk backup=C:\WINDOWS\pss\Virtual Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Customer\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --------- 2005-02-15 15:10 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2007-11-01 06:42 182936 C:\Program Files\EMBARQ Online Security\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2007-11-01 06:42 739936 C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2005-01-27 12:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 14:41 438359 C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] -ra------ 2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2005-03-07 14:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] -ra------ 2005-01-10 18:33 143360 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 06:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\EMBARQ Online Security\HIPS\fshs.sys [2007-11-01 06:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 06:42] S1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [] S3 ADSFilter;ADSFilter - (EarthLink Filter Driver);C:\WINDOWS\system32\drivers\ADSFilter.sys [2006-11-20 08:44] S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);C:\WINDOWS\system32\drivers\ADSMonitor.sys [2006-11-20 08:44] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 06:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 06:42] . Contents of the 'Scheduled Tasks' folder "2008-01-31 13:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-06 16:55:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-02-06 16:23:23 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\EMBARQ~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\EMBARQ~1\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 12:04:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-06 12:04:58 ComboFix-quarantined-files.txt 2008-02-06 17:04:39 ComboFix2.txt 2008-02-06 14:54:59 . 2008-02-06 13:53:07 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:41 PM, on 2/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [sprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/cabs/MSDcode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150585256359 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 6823 bytes
  6. I am not sure if I should have created a new post or replied to your message.

    So, I believe I did both.

    My youngest (13yrs old) Katie said "what a nice lady" (that being you) she asked if this was your job, to help people when they have problems with there "compooter".

    She stated emphatically that she wanted to be "just like that nice lady, when

  7. As per your request here are the ComboFix and HijackThis files: Thank you for taking the time to help us. ComboFix 08-02.05.3 - Customer 2008-02-06 9:33:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.535 [GMT -5:00] Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awttrrr.dll C:\WINDOWS\system32\vturq.dll C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Customer\Desktop\Live Safety Center.lnk C:\Documents and Settings\Customer\Desktop\Online Security Guide.lnk C:\Documents and Settings\Customer\Desktop\Torrent Files\~~Finished\AE Plugins\DIGITAL_ANARCHY\Digital Anarchy Psunami 1.0\Desktop_.ini C:\Documents and Settings\Customer\Desktop\Torrent Files\~~Finished\AE Plugins\DIGITAL_ANARCHY\Digital Anarchy Psunami 1.0\Digital Anarchy Psunami 1.0\Desktop_.ini C:\Documents and Settings\Customer\Desktop\Torrent Files\~~Finished\AE Plugins\DIGITAL_ANARCHY\Digital Anarchy Psunami 1.0\Digital Anarchy Psunami 1.0\Tutorial\Desktop_.ini C:\Documents and Settings\Customer\Desktop\Torrent Files\~~Finished\AE Plugins\Profound Effects CameraPOV v1.0\Desktop_.ini C:\Documents and Settings\Customer\Favorites\Online Security Guide.lnk C:\Program Files\Adobe\Adobe After Effects 7.0\Support Files\Plug-ins\digital.anarchy.geomancy.v1.2.1.cracked\Desktop_.ini C:\WINDOWS\adaway.lic C:\WINDOWS\cookies.ini C:\WINDOWS\system32\attiunae.dll C:\WINDOWS\system32\awttrrr.dll C:\WINDOWS\system32\bghrowxr.dll C:\WINDOWS\system32\bswdeaqq.dll C:\WINDOWS\system32\bswdeaqq.dllbox C:\WINDOWS\system32\dfuvjbqj.dll C:\WINDOWS\system32\dfuvjbqj.dllbox C:\WINDOWS\system32\efdtxyme.dll C:\WINDOWS\system32\emyxtdfe.ini C:\WINDOWS\system32\hrrxgtib.dll C:\WINDOWS\system32\hvoztnun.dll C:\WINDOWS\system32\hvoztnun.dllbox C:\WINDOWS\system32\jtnekxsl.ini C:\WINDOWS\system32\keyiidwa.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mcxmllhn.dll C:\WINDOWS\system32\ougcopyl.dll C:\WINDOWS\system32\prsgrc.dll C:\WINDOWS\system32\qrutv.ini C:\WINDOWS\system32\qrutv.ini2 C:\WINDOWS\system32\ripesplq.dll C:\WINDOWS\system32\ripesplq.dllbox C:\WINDOWS\system32\sfgsffcg.dll C:\WINDOWS\system32\sfgsffcg.dll . . . . failed to delete C:\WINDOWS\system32\sfgsffcg.dllbox C:\WINDOWS\system32\vturq.dll C:\WINDOWS\system32\ycsrkgse.dll C:\WINDOWS\system32\yegjmtie.dll . ((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))) . 2008-02-06 09:49 . 2008-02-06 09:50 21,276 ---hs---- C:\WINDOWS\system32\sfgsffcg.dllbox 2008-02-06 09:25 . 2004-08-03 23:00 260,272 --a--c--- C:\cmldr 2008-02-05 12:54 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-05 11:27 . 2007-11-01 06:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-02-05 11:27 . 2007-11-01 06:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-02-05 11:18 . 2008-02-05 11:18 68,089,416 --a------ C:\Program Files\Embarq_RTM_703-106.exe 2008-02-05 11:18 . 2008-02-06 09:44 146,496 --a------ C:\WINDOWS\system32\sfgsffcg.dll 2008-02-05 11:18 . 2008-02-05 11:18 90,688 --a------ C:\WINDOWS\system32\awdiiyek.dll 2008-02-05 10:25 . 2008-02-05 10:44 <DIR> d-------- C:\Program Files\EMBARQ 2008-02-04 11:08 . 2008-02-04 11:08 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\com.adobe.kuler.Kuler.419D633A757E8B26DD2BDB301927BA7BA7490F38.1 2008-02-04 01:50 . 2008-02-04 01:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 23:55 . 2008-02-04 02:23 <DIR> d----c--- C:\HJT 2008-02-03 22:59 . 2008-02-03 22:59 <DIR> d-------- C:\Program Files\Windows Defender 2008-02-03 16:58 . 2008-02-03 16:58 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Grisoft 2008-02-03 16:57 . 2008-02-03 16:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-03 16:43 . 2008-02-03 16:45 3,134 --a------ C:\WINDOWS\system32\tmp.reg 2008-02-03 07:59 . 2008-02-03 07:59 1,482 --a------ C:\WINDOWS\system32\novxaxjn.dll 2008-02-02 20:03 . 2008-02-02 20:03 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-02 20:03 . 2008-02-04 01:51 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-02 09:27 . 2008-02-02 09:27 <DIR> d-------- C:\Program Files\Alwil Software 2008-02-01 11:52 . 2008-02-01 14:29 <DIR> d-------- C:\Program Files\SourceTec 2008-02-01 11:44 . 2008-02-01 14:08 367 --a------ C:\WINDOWS\SWFConverter.INI 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iTunes 2008-02-01 10:38 . 2008-02-01 10:38 <DIR> d-------- C:\Program Files\iPod 2008-01-17 09:46 . 2008-02-05 11:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-17 09:46 . 2008-01-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-15 19:05 . 2008-01-15 19:05 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS 2008-01-15 18:44 . 2008-01-15 18:44 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\fssg 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-07 20:16 . 2008-01-07 20:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-01-06 11:26 . 2008-01-06 11:32 64 --a------ C:\WINDOWS\MovingPicture.ini 2008-01-06 10:46 . 2004-10-03 17:41 167,936 --a------ C:\WINDOWS\system32\Engine3D.dll 2008-01-06 10:35 . 2008-01-06 10:35 36,868 --a------ C:\Program Files\uninst-3DStroke.exe 2008-01-06 09:59 . 2008-01-06 10:43 <DIR> d-------- C:\Program Files\Trapcode 2008-01-06 09:59 . 2008-01-06 09:59 <DIR> d----c--- C:\Presets 2008-01-06 09:59 . 2008-01-06 10:35 36,868 --a------ C:\Program Files\uninst-Particular.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-05 17:10 --------- d-----w C:\Program Files\EMBARQ Online Security 2008-02-05 16:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\F-Secure 2008-02-05 15:28 --------- d-----w C:\Program Files\Common Files\Motive 2008-02-04 16:07 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-02-02 00:31 --------- d-----w C:\Documents and Settings\Customer\Application Data\uTorrent 2008-02-01 19:29 --------- d-----w C:\Program Files\Common Files\SourceTec 2008-01-26 18:11 6,832 ----a-w C:\Program Files\KLF2.5GPU.log 2008-01-25 14:50 --------- d-----w C:\Program Files\Bonjour 2008-01-19 15:09 --------- d-----w C:\Program Files\DivX 2008-01-19 14:15 --------- d-----w C:\Documents and Settings\Customer\Application Data\DivX 2008-01-17 14:04 --------- d-----w C:\Program Files\QuickTime 2008-01-08 22:41 --------- d-----w C:\Program Files\LimeWire 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-27 22:47 --------- d-----w C:\Program Files\Java 2007-12-16 15:59 --------- d-----w C:\Program Files\Magic Video Converter 2007-12-16 15:58 81,920 ----a-w C:\Documents and Settings\Customer\Application Data\ezpinst.exe 2007-12-16 15:58 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-12-16 15:58 47,360 ----a-w C:\Documents and Settings\Customer\Application Data\pcouffin.sys 2007-12-16 15:58 --------- d-----w C:\Documents and Settings\Customer\Application Data\Vso 2007-12-15 21:41 98,304 ----a-w C:\WINDOWS\system32\SoftAheadCert.dll 2007-12-15 21:41 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys 2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-07-22 18:34 17,628 ----a-w C:\WINDOWS\Fonts\fff_harmony.zip 2007-06-24 12:48 9,216 --sha-w C:\Program Files\Thumbs.db 2006-10-04 14:09 7,863 ----a-w C:\WINDOWS\Fonts\Versal.zip 2006-10-04 14:08 57,796 ----a-w C:\WINDOWS\Fonts\VehicleDecalsFlamesArt.zip 2006-10-04 14:08 28,888 ----a-w C:\WINDOWS\Fonts\OldeEuropeanES.zip 2006-08-20 14:38 54,520 ----a-w C:\WINDOWS\Fonts\ohio_script.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2008-02-06 09:44 146496 --a------ C:\WINDOWS\system32\sfgsffcg.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SprintModemUpdate"="javaw.exe" [2007-09-24 22:30 135168 C:\WINDOWS\system32\javaw.exe] "c0f359d9"="C:\WINDOWS\system32\awdiiyek.dll" [2008-02-05 11:18 90688] "F-Secure Manager"="C:\Program Files\EMBARQ Online Security\Common\FSM32.exe" [2007-11-01 06:42 182936] "F-Secure TNB"="C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" [2007-11-01 06:42 739936] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "csr"="csrrs.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sfgsffcg] sfgsffcg.dll 2008-02-06 09:44 146496 C:\WINDOWS\system32\sfgsffcg.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Virtual Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Virtual Assistant.lnk backup=C:\WINDOWS\pss\Virtual Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Customer^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\Customer\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0f359d9] C:\WINDOWS\system32\efdtxyme.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --------- 2005-02-15 15:10 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] --a------ 2007-11-01 06:42 182936 C:\Program Files\EMBARQ Online Security\Common\FSM32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] --a------ 2007-11-01 06:42 739936 C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2005-01-27 12:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] --a------ 2006-04-21 14:41 438359 C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] -ra------ 2005-05-02 22:38 64512 C:\WINDOWS\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] -ra------ 2005-03-07 14:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] -ra------ 2005-01-10 18:33 143360 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 06:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\EMBARQ Online Security\HIPS\fshs.sys [2007-11-01 06:42] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-15 16:41] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 06:42] S1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [] S3 ADSFilter;ADSFilter - (EarthLink Filter Driver);C:\WINDOWS\system32\drivers\ADSFilter.sys [2006-11-20 08:44] S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver);C:\WINDOWS\system32\drivers\ADSMonitor.sys [2006-11-20 08:44] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 06:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 06:42] . Contents of the 'Scheduled Tasks' folder "2008-01-31 13:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-06 14:50:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 09:49:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\sfgsffcg.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\sfgsffcg.dll -> C:\WINDOWS\system32\awdiiyek.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe . ************************************************************************** . Completion time: 2008-02-06 9:54:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-06 14:54:53 . 2008-02-06 13:53:07 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:15:12 AM, on 2/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\WINDOWS\Explorer.EXE C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\sfgsffcg.dll O4 - HKLM\..\Run: [sprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate O4 - HKLM\..\Run: [c0f359d9] rundll32.exe "C:\WINDOWS\system32\awdiiyek.dll",b O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [csr] csrrs.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/cabs/MSDcode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150585256359 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O20 - Winlogon Notify: sfgsffcg - C:\WINDOWS\SYSTEM32\sfgsffcg.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 7205 bytes
  8. LOGS: 20080204 01-59-25 : Smart scan started. 20080204 02-16-13 : Smart scan ended. Ad-Aware 2007 Build Log File Created on: 2008-02-04 02:16:13 Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef Computer name: DJENGLANDER Name of user performing scan: SYSTEM System information =========================== Number of processors: 1 Processor type: AMD Sempron Processor 3000+ Memory Available: 37% Total Physical Memory: 1006092288 Bytes Available Physical Memory: 363724800 Bytes Total Page File Size: 1621925888 Bytes Available On Page File: 960860160 Bytes Total Virtual Memory: 2147352576 Bytes Available Virtual Memory: 1921896448 Bytes OS: Microsoft Windows XP Service Pack 2 (Build 2600) Ad-Aware 2007 Settings =========================== Skipping files larger than 1048576 kB Ignoring infections with lower TAI than: 3 Extended Ad-Aware 2007 Settings =========================== Unloading known modules during scan Ignoring spanned files when scanning cab archives Reanalyzing results after scanning before displaying results Trying to unload modules prior to removal Let Windows remove files currently in use at next reboot Removing quarantined objects after restore Deactivating Ad-Watch during scans Writeprotecting system files after repairs Include info about ignored objects in log file Including basic settings in log file Including advanced settings in log file Including user and computer name in log file Create and save WebUpdate log file Databaseinfo =========================== Version number: 48 Build Number: 0 Build Date and Time: 2008/01/28 02:34:58 Scan Statistics =========================== Method: Smart Scan tracking cookies.............................: On Scan ADS filestreams..............................: Off Item Scanned: 223815 Infections Detected: 9 Infections Ignored: 0 Scan detailed statistics =========================== Type Critical Total Process Scan....: 0 0 Registry Scan...: 3 3 Registry PE Scan: 0 0 Hosts File Scan.: 0 0 File Scan.......: 2 2 Folder Scan.....: 0 0 LSP Scan........: 0 0 ADS Scan........: 0 0 Cookie Scan.....: 4 4 File Hash Scan..: 0 0 Infections Found =========================== Family Id: 1040 Name: Win32.Trojandownloader.Zlob Category: Malware TAI:10 Item Id: 300036957 Value: Root: HKU Path: S-1-5-21-606747145-1958367476-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{a95b2816-1d7e-4561-a202-68c0de02353a} Item Id: 300036959 Value: Root: HKCR Path: clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} Item Id: 300036960 Value: Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} Item Id: 700005053 Value: File: c:\documents and settings\all users\start menu\Online Security Guide.lnk Item Id: 700006689 Value: File: c:\System Volume Information\tracking.log Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3 Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com optin / Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com ajess1_4731096EF26A2AFF14692984 / Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com ajcmp / Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com ajpct / Items Ignored During Scan =========================== Listing of running processes =========================== C:\WINDOWS\SYSTEM32\SMSS.EXE c:\windows\system32\smss.exe c:\windows\system32\ntdll.dll C:\WINDOWS\SYSTEM32\CSRSS.EXE c:\windows\system32\csrss.exe c:\windows\system32\ntdll.dll c:\windows\system32\csrsrv.dll c:\windows\system32\basesrv.dll c:\windows\system32\winsrv.dll c:\windows\system32\gdi32.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\sxs.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\WINLOGON.EXE c:\windows\system32\winlogon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\authz.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\nddeapi.dll c:\windows\system32\profmap.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\psapi.dll c:\windows\system32\regapi.dll c:\windows\system32\secur32.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\imm32.dll c:\windows\system32\msgina.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\shsvcs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\ole32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\winscard.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\sxs.dll c:\windows\system32\winmm.dll c:\windows\system32\uxtheme.dll c:\windows\system32\bswdeaqq.dll c:\windows\system32\oleaut32.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\cscdll.dll c:\windows\system32\wlnotify.dll c:\windows\system32\winspool.drv c:\windows\system32\mpr.dll c:\windows\system32\rsaenh.dll c:\windows\system32\wgalogon.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\awttrrr.dll c:\windows\system32\cscui.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\xpsp2res.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\SERVICES.EXE c:\windows\system32\services.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\userenv.dll c:\windows\system32\scesrv.dll c:\windows\system32\authz.dll c:\windows\system32\umpnpmgr.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\msvcp60.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acadproc.dll c:\windows\system32\imm32.dll c:\windows\system32\secur32.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll c:\windows\system32\eventlog.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\LSASS.EXE c:\windows\system32\lsass.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\lsasrv.dll c:\windows\system32\mpr.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\msvcrt.dll c:\windows\system32\netapi32.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wldap32.dll c:\windows\system32\secur32.dll c:\windows\system32\samlib.dll c:\windows\system32\samsrv.dll c:\windows\system32\cryptdll.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msprivs.dll c:\windows\system32\kerberos.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netlogon.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\schannel.dll c:\windows\system32\crypt32.dll c:\windows\system32\wdigest.dll c:\windows\system32\rsaenh.dll c:\windows\system32\vturq.dll c:\windows\system32\shfolder.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll c:\windows\system32\ipsecsvc.dll c:\windows\system32\authz.dll c:\windows\system32\oakley.dll c:\windows\system32\winipsec.dll c:\windows\system32\pstorsvc.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\psbase.dll c:\windows\system32\dssenh.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\termsrv.dll c:\windows\system32\icaapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\authz.dll c:\windows\system32\mstlsapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\atl.dll c:\windows\system32\regapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\shsvcs.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\rtutils.dll c:\windows\system32\wmi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\esent.dll c:\windows\system32\atl.dll c:\windows\system32\rastls.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\schannel.dll c:\windows\system32\winscard.dll c:\windows\system32\raschap.dll c:\windows\system32\msv1_0.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\schedsvc.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\msidle.dll c:\windows\system32\audiosrv.dll c:\windows\system32\wkssvc.dll c:\windows\system32\qmgr.dll c:\windows\system32\mpr.dll c:\windows\system32\shfolder.dll c:\windows\system32\winhttp.dll c:\windows\system32\cryptsvc.dll c:\windows\system32\certcli.dll c:\windows\system32\ersvc.dll c:\windows\system32\es.dll c:\windows\pchealth\helpctr\binaries\pchsvc.dll c:\windows\system32\srvsvc.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\wzcsapi.dll c:\windows\system32\seclogon.dll c:\windows\system32\sens.dll c:\windows\system32\srsvc.dll c:\windows\system32\powrprof.dll c:\windows\system32\trkwks.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\wbem\wmisvc.dll c:\windows\system32\vssapi.dll c:\windows\system32\wuauserv.dll c:\windows\system32\browser.dll c:\windows\system32\wuaueng.dll c:\windows\system32\winspool.drv c:\windows\system32\cabinet.dll c:\windows\system32\mspatcha.dll c:\windows\system32\wscsvc.dll c:\windows\system32\msi.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\sxs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\comsvcs.dll c:\windows\system32\colbact.dll c:\windows\system32\mtxclu.dll c:\windows\system32\wsock32.dll c:\windows\system32\clusapi.dll c:\windows\system32\resutils.dll c:\windows\system32\ipnathlp.dll c:\windows\system32\authz.dll c:\windows\system32\tapisrv.dll c:\windows\system32\psapi.dll c:\windows\system32\wbem\wbemcore.dll c:\windows\system32\wbem\esscli.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\wbem\wmiutils.dll c:\windows\system32\wbem\repdrvfs.dll c:\windows\system32\rasmans.dll c:\windows\system32\winipsec.dll c:\windows\system32\netcfgx.dll c:\windows\system32\wbem\wmiprvsd.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\rastapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\wbem\wbemess.dll c:\windows\system32\unimdm.tsp c:\windows\system32\uniplat.dll c:\windows\system32\wbem\ncprov.dll c:\windows\system32\upnp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\kmddsp.tsp c:\windows\system32\ndptsp.tsp c:\windows\system32\ipconf.tsp c:\windows\system32\h323.tsp c:\windows\system32\hidphone.tsp c:\windows\system32\hid.dll c:\windows\system32\rasppp.dll c:\windows\system32\ntlsapi.dll c:\windows\system32\kerberos.dll c:\windows\system32\cryptdll.dll c:\windows\system32\apphelp.dll c:\windows\system32\rasdlg.dll c:\windows\system32\dssenh.dll c:\windows\system32\msxml3.dll c:\windows\system32\winrnr.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\catsrvut.dll c:\windows\system32\catsrv.dll c:\windows\system32\mfcsubs.dll c:\windows\system32\urlmon.dll c:\windows\system32\advpack.dll C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE c:\program files\ahead\incd\incdsrv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\common files\ahead\lib\drivelocker.dll c:\windows\system32\oleaut32.dll c:\program files\ahead\incd\incdshx.dll c:\windows\system32\shell32.dll c:\windows\system32\uxtheme.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\dnsrslvr.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\lmhsvc.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\webclnt.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\secur32.dll c:\windows\system32\ssdpsrv.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\upnphost.dll c:\windows\system32\winhttp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\netapi32.dll C:\WINDOWS\SYSTEM32\SPOOLSV.EXE c:\windows\system32\spoolsv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\spoolss.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\localspl.dll c:\windows\system32\secur32.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\winspool.drv c:\windows\system32\netapi32.dll c:\windows\system32\cnbjmon.dll c:\windows\system32\pjlmon.dll c:\windows\system32\tcpmon.dll c:\windows\system32\usbmon.dll c:\windows\system32\mswsock.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\win32spl.dll c:\windows\system32\netrap.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\inetpp.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE c:\program files\bonjour\mdnsresponder.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSGK32ST.EXE c:\program files\embarq online security\anti-virus\fsgk32st.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FSMA32.EXE c:\program files\embarq online security\common\fsma32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\imm32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\common\fsexc.dll c:\windows\system32\apphelp.dll c:\windows\system32\psapi.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSGK32.EXE c:\program files\embarq online security\anti-virus\fsgk32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fsma32s.dll c:\program files\embarq online security\anti-virus\avperf.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\fltlib.dll c:\windows\system32\msvcrt.dll c:\program files\embarq online security\hips\fships.dll c:\windows\system32\version.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\daas\fsclm.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\anti-virus\ftrlib.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\w3ssl.dll c:\windows\system32\strmfilt.dll c:\windows\system32\secur32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\httpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FSMB32.EXE c:\program files\embarq online security\common\fsmb32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsexc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FCH32.EXE c:\program files\embarq online security\common\fch32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\common\fspmeng.dll c:\program files\embarq online security\daas\fsclm.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSQH.EXE c:\program files\embarq online security\anti-virus\fsqh.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\anti-virus\qrt.dll c:\windows\system32\version.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FAMEH32.EXE c:\program files\embarq online security\common\fameh32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\imm32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\common\amehevn.dll c:\program files\embarq online security\common\amehlog.dll c:\program files\embarq online security\common\amehsmt.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\embarq online security\common\amehtvl.dll C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\program files\common files\microsoft shared\vs7debug\mdm.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\psapi.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FSPC\FSPC.EXE c:\program files\embarq online security\fspc\fspc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\pdh.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcbcp.dll c:\windows\system32\version.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\odbcint.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\fsaua\program\fsaua_api_dll.dll c:\program files\embarq online security\fspc\fshttps\fshttps.eng c:\windows\system32\perfos.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\program files\embarq online security\fspc\fspcinst.eng c:\program files\embarq online security\fspc\fspchres.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\program files\embarq online security\fspc\csdk\dll\csdk.dll c:\windows\system32\wsock32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE c:\program files\windows media player\wmpnetwk.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\winhttp.dll c:\windows\system32\shlwapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\shell32.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\httpapi.dll c:\windows\system32\wmpmde.dll c:\windows\system32\mfplat.dll c:\windows\system32\userenv.dll c:\windows\system32\faultrep.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\setupapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\secur32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\upnp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\sxs.dll c:\windows\system32\hnetcfg.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\wmp.dll c:\windows\system32\msvfw32.dll c:\windows\system32\winmm.dll c:\windows\system32\dbghelp.dll c:\windows\system32\wmploc.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\actxprxy.dll c:\windows\system32\wmpps.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FSAUA\PROGRAM\FSAUA.EXE c:\program files\embarq online security\fsaua\program\fsaua.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\wininet.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\userenv.dll c:\windows\system32\shell32.dll c:\windows\system32\sensapi.dll c:\windows\system32\secur32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\rsaenh.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\dnsapi.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSSM32.EXE c:\program files\embarq online security\anti-virus\fssm32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\embarq online security\anti-virus\fm4av.dll c:\windows\system32\imm32.dll c:\windows\system32\fltlib.dll c:\windows\system32\msvcrt.dll c:\program files\embarq online security\anti-virus\avperf.dll c:\program files\embarq online security\anti-virus\avpproxy.dll c:\program files\embarq online security\anti-virus\avpfpi0.dll c:\program files\embarq online security\anti-virus\avp_iont.dll c:\windows\system32\psapi.dll c:\windows\system32\ole32.dll c:\program files\embarq online security\anti-spyware\lsse.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\gemini\fsgem.dll c:\program files\embarq online security\gemini\fsgeme.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\program files\embarq online security\anti-virus\fslfpi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\embarq online security\anti-virus\dffpi.dll c:\program files\embarq online security\pegasus\fpinor.dll c:\program files\embarq online security\pegasus\nse_w32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\program files\embarq online security\spam control\fsas.dll c:\program files\embarq online security\anti-virus\fsuss.dll c:\program files\embarq online security\anti-virus\fsusscr.dll c:\program files\embarq online security\daas\fsclm.dll c:\program files\embarq online security\spam control\fspl58.dll c:\program files\embarq online security\spam control\lib\auto\socket\socket.dll c:\program files\embarq online security\spam control\lib\auto\time\hires\hires.dll c:\program files\embarq online security\spam control\lib\auto\sys\hostname\hostname.dll c:\program files\embarq online security\spam control\lib\auto\fcntl\fcntl.dll c:\program files\embarq online security\spam control\lib\auto\posix\posix.dll c:\program files\embarq online security\spam control\lib\auto\mime\base64\base64.dll c:\program files\embarq online security\spam control\lib\auto\io\io.dll c:\program files\embarq online security\spam control\lib\auto\win32\winerror\winerror.dll c:\program files\embarq online security\spam control\lib\auto\win32\registry\registry.dll c:\program files\embarq online security\spam control\lib\auto\digest\sha1\sha1.dll c:\program files\embarq online security\spam control\lib\auto\sdbm_file\sdbm_file.dll c:\program files\embarq online security\spam control\lib\auto\html\parser\parser.dll c:\program files\embarq online security\spam control\lib\auto\cwd\cwd.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\version.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\rsvpsp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\spam control\lib\auto\digest\md5\md5.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\spam control\lib\auto\compress\zlib\zlib.dll c:\program files\embarq online security\anti-virus\avpfpi1.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FWES\PROGRAM\FSDFWD.EXE c:\program files\embarq online security\fwes\program\fsdfwd.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\version.dll c:\windows\system32\ole32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\tnb\fstnb.dll c:\windows\system32\shlwapi.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\common\fswscs.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msvcp60.dll c:\program files\embarq online security\fwes\program\fsmirror.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\program files\embarq online security\fwes\program\fsesperf.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\common\fsdfwres.eng c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\psapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\hnetcfg.dll c:\program files\embarq online security\fwes\program\fsfwperf.dll c:\program files\embarq online security\fsaua\program\fsaua_api_dll.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\wshtcpip.dll C:\WINDOWS\SYSTEM32\ALG.EXE c:\windows\system32\alg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\atl.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\hnetcfg.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\wshtcpip.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\VTTIMER.EXE c:\windows\system32\vttimer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\powrprof.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\imm32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\VTTRAYP.EXE c:\windows\system32\vttrayp.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\version.dll c:\windows\system32\winmm.dll c:\windows\system32\imm32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\vtdisply.dll c:\windows\system32\vtgamma2.dll c:\windows\system32\vtinfo2.dll c:\windows\system32\vtovrlay.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE c:\program files\ahead\incd\incd.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\program files\ahead\incd\incdapi.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\winspool.drv c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\system32\setupapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\program files\common files\ahead\lib\drivelocker.dll c:\program files\ahead\incd\incdshx.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRA~1\VIRTUA~1\SMARTB~1\SPRINTDSLALERT.EXE c:\progra~1\virtua~1\smartb~1\sprintdslalert.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\progra~1\virtua~1\smartb~1\httpclient52.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\progra~1\virtua~1\smartb~1\clientutil52.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\virtua~1\smartb~1\sbres.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\psapi.dll c:\windows\system32\ieframe.dll c:\windows\system32\uxtheme.dll c:\windows\system32\sxs.dll c:\windows\system32\secur32.dll c:\windows\system32\urlmon.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctf.dll c:\progra~1\virtua~1\smartb~1\alertfilter.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\userenv.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\sensapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msimtf.dll c:\windows\system32\mslbui.dll c:\windows\system32\mlang.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll C:\PROGRAM FILES\CREATIVE\SBAUDIGY\SURROUND MIXER\CTSYSVOL.EXE c:\program files\creative\sbaudigy\surround mixer\ctsysvol.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\winmm.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\mfc42.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\creative\sbaudigy\surround mixer\ctsysvol.crl c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\program files\creative\shared files\cttheme.dll c:\program files\creative\shared files\ctrlsrc.dll c:\program files\creative\shared files\ctinif.dll c:\program files\creative\shared files\gdictrl.skc c:\windows\system32\comdlg32.dll c:\program files\creative\shared files\gdictrl2.skc c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\program files\creative\shared files\gdictrl3.skc c:\program files\creative\shared files\rtxctrl.skc c:\program files\creative\shared files\mxlib.dll c:\windows\system32\wdmaud.drv c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\p17.dll c:\windows\system32\dsound.dll c:\windows\system32\msctfime.ime c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FSM32.EXE c:\program files\embarq online security\common\fsm32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\fsgui\about.dll c:\windows\system32\comdlg32.dll c:\windows\system32\winspool.drv c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\program files\embarq online security\common\fsmres.eng c:\windows\system32\secur32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\program files\embarq online security\fsgui\fsmuiav.dll c:\windows\system32\msimg32.dll c:\program files\embarq online security\fsgui\fsavures.eng c:\program files\embarq online security\fsaua\program\fsauainfo.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\fsgui\guilaunc.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\program files\embarq online security\common\fsmaui32.dll c:\windows\system32\mpr.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\common\fsmaures.eng c:\program files\embarq online security\fspc\fspcfsm.dll c:\program files\embarq online security\fspc\fspcapi.dll c:\program files\embarq online security\fsgui\pcpwd.dll c:\program files\embarq online security\fspc\fspcfsm.eng c:\program files\embarq online security\spam control\fsscoepl.dll c:\program files\embarq online security\fsgui\fsscgui.dll c:\windows\system32\uxtheme.dll c:\windows\system32\riched32.dll c:\windows\system32\riched20.dll c:\program files\embarq online security\fsgui\aboutres.dll c:\program files\embarq online security\fsgui\strres.eng c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE c:\program files\java\jre1.6.0_03\bin\jusched.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\wininet.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\ole32.dll c:\windows\system32\shell32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FSGUI\FSGUIDLL.EXE c:\program files\embarq online security\fsgui\fsguidll.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\winspool.drv c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\fsgui\guiplugn.dll c:\windows\system32\msimg32.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\fspc\fspcapi.dll c:\program files\embarq online security\fsgui\pcpwd.dll c:\program files\embarq online security\fsgui\flyer.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\version.dll c:\program files\embarq online security\fsgui\fsavesui.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\program files\embarq online security\fsgui\strres.eng c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\program files\embarq online security\fsgui\flyerres.eng c:\program files\embarq online security\fsgui\gres.dll c:\windows\system32\msctf.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\setupapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll C:\WINDOWS\SYSTEM32\CTFMON.EXE c:\windows\system32\ctfmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msctf.dll c:\windows\system32\msutb.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctfime.ime c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE c:\program files\windows media player\wmpnscfg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\shlwapi.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\shell32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctf.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\xpsp2res.dll c:\program files\windows media player\wmpnssci.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE c:\program files\messenger\msmsgs.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shell32.dll c:\windows\system32\version.dll c:\windows\system32\winmm.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\msimg32.dll c:\windows\system32\netapi32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\cryptdll.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\xpob2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\sxs.dll c:\windows\system32\es.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\credui.dll c:\windows\system32\secur32.dll c:\program files\messenger\msgsc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSAV32.EXE c:\program files\embarq online security\anti-virus\fsav32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\embarq online security\anti-virus\fsched.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\program files\embarq online security\anti-virus\fstsm.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\common\fsma32s.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fswscs.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msvcp60.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\anti-virus\fsavhres.eng c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\mstask.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wldap32.dll c:\windows\system32\netapi32.dll c:\windows\system32\secur32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\mpr.dll c:\windows\system32\userenv.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\program files\embarq online security\fsaua\program\fsaua_api_dll.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll C:\PROGRAM FILES\VIRTUAL ASSISTANT\BIN\MPBTN.EXE c:\program files\virtual assistant\bin\mpbtn.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\program files\virtual assistant\bin\clientutil52.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\virtual assistant\bin\asstcatalog.dll c:\program files\virtual assistant\bin\resource.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE c:\program files\internet explorer\iexplore.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\urlmon.dll c:\windows\system32\oleaut32.dll c:\windows\system32\iertutil.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\uxtheme.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\ieui.dll c:\windows\system32\msimg32.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\xmllite.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msimtf.dll c:\windows\system32\secur32.dll c:\windows\system32\mslbui.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\setupapi.dll c:\program files\microsoft office\office11\msohev.dll c:\windows\ime\sptip.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\windows\ime\spgrmr.dll c:\windows\system32\msi.dll c:\program files\common files\microsoft shared\ink\skchui.dll c:\program files\internet explorer\ieproxy.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\mlang.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\awttrrr.dll c:\program files\java\jre1.6.0_03\bin\ssv.dll c:\program files\java\jre1.6.0_03\bin\msvcr71.dll c:\windows\system32\vturq.dll c:\windows\system32\shfolder.dll c:\windows\system32\bswdeaqq.dll c:\windows\system32\sxs.dll c:\windows\system32\actxprxy.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\system32\userenv.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\sensapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\dnsapi.dll c:\windows\system32\wshtcpip.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\ieapfltr.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\jscript.dll c:\windows\system32\rsaenh.dll c:\windows\system32\rsvpsp.dll c:\windows\system32\winrnr.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\ddraw.dll c:\windows\system32\dciman32.dll c:\windows\system32\schannel.dll c:\windows\system32\dssenh.dll c:\windows\system32\mscms.dll c:\windows\system32\winspool.drv C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE c:\program files\mozilla firefox\firefox.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\mozilla firefox\js3250.dll c:\program files\mozilla firefox\nspr4.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\winmm.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\mozilla firefox\xpcom_core.dll c:\program files\mozilla firefox\plc4.dll c:\program files\mozilla firefox\plds4.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\version.dll c:\program files\mozilla firefox\smime3.dll c:\program files\mozilla firefox\nss3.dll c:\program files\mozilla firefox\softokn3.dll c:\program files\mozilla firefox\ssl3.dll c:\program files\mozilla firefox\xpcom_compat.dll c:\windows\system32\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\winspool.drv c:\windows\system32\imm32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\setupapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\mozilla firefox\components\myspell.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\iphlpapi.dll c:\program files\mozilla firefox\components\jar50.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\msimtf.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\uxtheme.dll c:\program files\mozilla firefox\freebl3.dll c:\program files\mozilla firefox\nssckbi.dll c:\program files\mozilla firefox\components\spellchk.dll c:\windows\system32\msimg32.dll c:\windows\system32\mslbui.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\vturq.dll c:\windows\system32\secur32.dll c:\windows\system32\shfolder.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\rsvpsp.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\mlang.dll c:\windows\system32\wdmaud.drv c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\schannel.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\browseui.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\linkinfo.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\shdocvw.dll c:\windows\system32\cryptui.dll c:\program files\common files\adobe\acrobat\activex\pdfshell.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\mpr.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\samlib.dll c:\windows\system32\davclnt.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\msgina.dll c:\windows\system32\winsta.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcint.dll C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE c:\program files\windows defender\msmpeng.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\msvcrt.dll c:\program files\windows defender\mpsvc.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\version.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\program files\windows defender\mpclient.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\psapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\program files\windows defender\mprtplug.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b9626bd9-724d-4c76-b658-382f874d599d}\mpengine.dll c:\program files\windows defender\mpasdesc.dll c:\windows\system32\apphelp.dll C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE c:\program files\windows defender\msascui.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\msvcrt.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\windows defender\mpclient.dll c:\windows\system32\userenv.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\program files\windows defender\msmpres.dll c:\program files\windows defender\mprtmon.dll c:\windows\system32\netapi32.dll c:\windows\system32\winhttp.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msftedit.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\windows\system32\rsaenh.dll c:\windows\system32\secur32.dll c:\windows\system32\mslbui.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wuapi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\cabinet.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wups.dll c:\windows\system32\dciman32.dll c:\program files\windows defender\mpasdesc.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\msxml3.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\schannel.dll c:\windows\system32\dssenh.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\dnsapi.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\apphelp.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\awttrrr.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll c:\progra~1\wifd1f~1\mpshhook.dll C:\WINDOWS\EXPLORER.EXE c:\windows\explorer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\browseui.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shdocvw.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\netapi32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wldap32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\vturq.dll c:\windows\system32\secur32.dll c:\windows\system32\shfolder.dll c:\windows\system32\urlmon.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\bswdeaqq.dll c:\windows\system32\ntmarta.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\themeui.dll c:\windows\system32\msimg32.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\sensapi.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\progra~1\window~2\wmpband.dll c:\windows\system32\mpr.dll c:\windows\system32\mswsock.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\linkinfo.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dnsapi.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\msi.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\sxs.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\winsta.dll c:\windows\system32\webcheck.dll c:\windows\system32\stobject.dll c:\windows\system32\batmeter.dll c:\windows\system32\powrprof.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\winhttp.dll c:\windows\system32\mslbui.dll c:\windows\system32\mydocs.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\awttrrr.dll c:\windows\system32\portabledeviceapi.dll c:\progra~1\wifd1f~1\mpshhook.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll c:\windows\system32\browselc.dll c:\windows\system32\duser.dll c:\windows\system32\mlang.dll c:\windows\system32\rsaenh.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\davclnt.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\midimap.dll c:\windows\system32\winrnr.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\common files\adobe\acrobat\activex\pdfshell.dll c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll c:\program files\embarq online security\common\fpshx.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fslapi.dll c:\windows\system32\mfc42.dll c:\program files\embarq online security\common\fpshx.eng c:\program files\winrar\rarext.dll c:\program files\magiciso\misosh.dll c:\windows\system32\syncui.dll c:\program files\grisoft\avg anti-spyware 7.5\context.dll c:\windows\system32\cryptnet.dll c:\windows\system32\shdoclc.dll c:\windows\system32\msgina.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\odbcint.dll c:\windows\system32\actxprxy.dll c:\windows\system32\xpsp1res.dll c:\windows\system32\riched32.dll c:\windows\system32\riched20.dll c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll c:\program files\common files\microsoft shared\office11\msoxev.dll c:\program files\ahead\incd\incdshx.dll C:\WINDOWS\SYSTEM32\NOTEPAD.EXE c:\windows\system32\notepad.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\winspool.drv c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctfime.ime c:\windows\system32\mslbui.dll C:\WINDOWS\SYSTEM32\MSIEXEC.EXE c:\windows\system32\msiexec.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\msi.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\apphelp.dll c:\windows\system32\perfproc.dll c:\windows\system32\srclient.dll c:\windows\system32\wbem\framedyn.dll c:\windows\system32\linkinfo.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\setupapi.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\program files\lavasoft\ad-aware 2007\aawservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\lavasoft\ad-aware 2007\ceapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wldap32.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\program files\lavasoft\ad-aware 2007\update.dll c:\windows\system32\wsock32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\oleaut32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\snmpapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\msctfime.ime c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\version.dll c:\windows\system32\mpr.dll c:\windows\system32\comctl32.dll c:\windows\system32\imm32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comdlg32.dll c:\program files\lavasoft\ad-aware 2007\lavalicense.dll c:\windows\system32\winmm.dll c:\windows\system32\shfolder.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\snmpapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\olepro32.dll c:\windows\system32\secur32.dll c:\program files\lavasoft\ad-aware 2007\lavamessage.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\mslbui.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\davclnt.dll c:\windows\system32\wpdshext.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shgina.dll c:\windows\system32\msgina.dll c:\windows\system32\userenv.dll c:\windows\system32\winsta.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcint.dll c:\windows\system32\audiodev.dll c:\windows\system32\wmvcore.dll c:\windows\system32\wmasf.dll End of Scan Section =========================== 20080204 02-19-55 : Tried to Quarantine an infection. 20080204 02-19-55 : Successfully Quarantined Root: HKU Path: S-1-5-21-606747145-1958367476-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{a95b2816-1d7e-4561-a202-68c0de02353a} belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined Root: HKCR Path: clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined File: c:\documents and settings\all users\start menu\Online Security Guide.lnk belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined File: c:\System Volume Information\tracking.log belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Quarantine succeeded. 20080204 02-20-06 : Started cleaning the system of infections 20080204 02-20-07 : Clean operation finished Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:23:16 AM, on 2/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\Program Files\Virtual Assistant\bin\mpbtn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [sprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe O4 - HKLM\..\Run: [EarthLink Installer] " /C O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [csr] csrrs.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunServices: [csr] csrrs.exe O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (file missing) O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/cabs/MSDcode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150585256359 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 8244 bytes
  9. LOGS: 20080204 01-59-25 : Smart scan started. 20080204 02-16-13 : Smart scan ended. Ad-Aware 2007 Build Log File Created on: 2008-02-04 02:16:13 Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef Computer name: DJENGLANDER Name of user performing scan: SYSTEM System information =========================== Number of processors: 1 Processor type: AMD Sempron Processor 3000+ Memory Available: 37% Total Physical Memory: 1006092288 Bytes Available Physical Memory: 363724800 Bytes Total Page File Size: 1621925888 Bytes Available On Page File: 960860160 Bytes Total Virtual Memory: 2147352576 Bytes Available Virtual Memory: 1921896448 Bytes OS: Microsoft Windows XP Service Pack 2 (Build 2600) Ad-Aware 2007 Settings =========================== Skipping files larger than 1048576 kB Ignoring infections with lower TAI than: 3 Extended Ad-Aware 2007 Settings =========================== Unloading known modules during scan Ignoring spanned files when scanning cab archives Reanalyzing results after scanning before displaying results Trying to unload modules prior to removal Let Windows remove files currently in use at next reboot Removing quarantined objects after restore Deactivating Ad-Watch during scans Writeprotecting system files after repairs Include info about ignored objects in log file Including basic settings in log file Including advanced settings in log file Including user and computer name in log file Create and save WebUpdate log file Databaseinfo =========================== Version number: 48 Build Number: 0 Build Date and Time: 2008/01/28 02:34:58 Scan Statistics =========================== Method: Smart Scan tracking cookies.............................: On Scan ADS filestreams..............................: Off Item Scanned: 223815 Infections Detected: 9 Infections Ignored: 0 Scan detailed statistics =========================== Type Critical Total Process Scan....: 0 0 Registry Scan...: 3 3 Registry PE Scan: 0 0 Hosts File Scan.: 0 0 File Scan.......: 2 2 Folder Scan.....: 0 0 LSP Scan........: 0 0 ADS Scan........: 0 0 Cookie Scan.....: 4 4 File Hash Scan..: 0 0 Infections Found =========================== Family Id: 1040 Name: Win32.Trojandownloader.Zlob Category: Malware TAI:10 Item Id: 300036957 Value: Root: HKU Path: S-1-5-21-606747145-1958367476-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{a95b2816-1d7e-4561-a202-68c0de02353a} Item Id: 300036959 Value: Root: HKCR Path: clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} Item Id: 300036960 Value: Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} Item Id: 700005053 Value: File: c:\documents and settings\all users\start menu\Online Security Guide.lnk Item Id: 700006689 Value: File: c:\System Volume Information\tracking.log Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3 Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com optin / Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com ajess1_4731096EF26A2AFF14692984 / Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com ajcmp / Item Id: 600000413 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Customer\Cookies\index.dat rotator.adjuggler.com ajpct / Items Ignored During Scan =========================== Listing of running processes =========================== C:\WINDOWS\SYSTEM32\SMSS.EXE c:\windows\system32\smss.exe c:\windows\system32\ntdll.dll C:\WINDOWS\SYSTEM32\CSRSS.EXE c:\windows\system32\csrss.exe c:\windows\system32\ntdll.dll c:\windows\system32\csrsrv.dll c:\windows\system32\basesrv.dll c:\windows\system32\winsrv.dll c:\windows\system32\gdi32.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\sxs.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\WINLOGON.EXE c:\windows\system32\winlogon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\authz.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\nddeapi.dll c:\windows\system32\profmap.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\psapi.dll c:\windows\system32\regapi.dll c:\windows\system32\secur32.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\imm32.dll c:\windows\system32\msgina.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\shsvcs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\ole32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\winscard.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\sxs.dll c:\windows\system32\winmm.dll c:\windows\system32\uxtheme.dll c:\windows\system32\bswdeaqq.dll c:\windows\system32\oleaut32.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\cscdll.dll c:\windows\system32\wlnotify.dll c:\windows\system32\winspool.drv c:\windows\system32\mpr.dll c:\windows\system32\rsaenh.dll c:\windows\system32\wgalogon.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\awttrrr.dll c:\windows\system32\cscui.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\xpsp2res.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\SERVICES.EXE c:\windows\system32\services.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\userenv.dll c:\windows\system32\scesrv.dll c:\windows\system32\authz.dll c:\windows\system32\umpnpmgr.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\msvcp60.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acadproc.dll c:\windows\system32\imm32.dll c:\windows\system32\secur32.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll c:\windows\system32\eventlog.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\LSASS.EXE c:\windows\system32\lsass.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\lsasrv.dll c:\windows\system32\mpr.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\msvcrt.dll c:\windows\system32\netapi32.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wldap32.dll c:\windows\system32\secur32.dll c:\windows\system32\samlib.dll c:\windows\system32\samsrv.dll c:\windows\system32\cryptdll.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msprivs.dll c:\windows\system32\kerberos.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netlogon.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\schannel.dll c:\windows\system32\crypt32.dll c:\windows\system32\wdigest.dll c:\windows\system32\rsaenh.dll c:\windows\system32\vturq.dll c:\windows\system32\shfolder.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll c:\windows\system32\ipsecsvc.dll c:\windows\system32\authz.dll c:\windows\system32\oakley.dll c:\windows\system32\winipsec.dll c:\windows\system32\pstorsvc.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\psbase.dll c:\windows\system32\dssenh.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\termsrv.dll c:\windows\system32\icaapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\authz.dll c:\windows\system32\mstlsapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\atl.dll c:\windows\system32\regapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rpcss.dll c:\windows\system32\secur32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\shsvcs.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\rtutils.dll c:\windows\system32\wmi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\esent.dll c:\windows\system32\atl.dll c:\windows\system32\rastls.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\schannel.dll c:\windows\system32\winscard.dll c:\windows\system32\raschap.dll c:\windows\system32\msv1_0.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\schedsvc.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\msidle.dll c:\windows\system32\audiosrv.dll c:\windows\system32\wkssvc.dll c:\windows\system32\qmgr.dll c:\windows\system32\mpr.dll c:\windows\system32\shfolder.dll c:\windows\system32\winhttp.dll c:\windows\system32\cryptsvc.dll c:\windows\system32\certcli.dll c:\windows\system32\ersvc.dll c:\windows\system32\es.dll c:\windows\pchealth\helpctr\binaries\pchsvc.dll c:\windows\system32\srvsvc.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\wzcsapi.dll c:\windows\system32\seclogon.dll c:\windows\system32\sens.dll c:\windows\system32\srsvc.dll c:\windows\system32\powrprof.dll c:\windows\system32\trkwks.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\wbem\wmisvc.dll c:\windows\system32\vssapi.dll c:\windows\system32\wuauserv.dll c:\windows\system32\browser.dll c:\windows\system32\wuaueng.dll c:\windows\system32\winspool.drv c:\windows\system32\cabinet.dll c:\windows\system32\mspatcha.dll c:\windows\system32\wscsvc.dll c:\windows\system32\msi.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\sxs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\comsvcs.dll c:\windows\system32\colbact.dll c:\windows\system32\mtxclu.dll c:\windows\system32\wsock32.dll c:\windows\system32\clusapi.dll c:\windows\system32\resutils.dll c:\windows\system32\ipnathlp.dll c:\windows\system32\authz.dll c:\windows\system32\tapisrv.dll c:\windows\system32\psapi.dll c:\windows\system32\wbem\wbemcore.dll c:\windows\system32\wbem\esscli.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\wbem\wmiutils.dll c:\windows\system32\wbem\repdrvfs.dll c:\windows\system32\rasmans.dll c:\windows\system32\winipsec.dll c:\windows\system32\netcfgx.dll c:\windows\system32\wbem\wmiprvsd.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\rastapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\wbem\wbemess.dll c:\windows\system32\unimdm.tsp c:\windows\system32\uniplat.dll c:\windows\system32\wbem\ncprov.dll c:\windows\system32\upnp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\kmddsp.tsp c:\windows\system32\ndptsp.tsp c:\windows\system32\ipconf.tsp c:\windows\system32\h323.tsp c:\windows\system32\hidphone.tsp c:\windows\system32\hid.dll c:\windows\system32\rasppp.dll c:\windows\system32\ntlsapi.dll c:\windows\system32\kerberos.dll c:\windows\system32\cryptdll.dll c:\windows\system32\apphelp.dll c:\windows\system32\rasdlg.dll c:\windows\system32\dssenh.dll c:\windows\system32\msxml3.dll c:\windows\system32\winrnr.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\catsrvut.dll c:\windows\system32\catsrv.dll c:\windows\system32\mfcsubs.dll c:\windows\system32\urlmon.dll c:\windows\system32\advpack.dll C:\PROGRAM FILES\AHEAD\INCD\INCDSRV.EXE c:\program files\ahead\incd\incdsrv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\common files\ahead\lib\drivelocker.dll c:\windows\system32\oleaut32.dll c:\program files\ahead\incd\incdshx.dll c:\windows\system32\shell32.dll c:\windows\system32\uxtheme.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\dnsrslvr.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\lmhsvc.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\webclnt.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\secur32.dll c:\windows\system32\ssdpsrv.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\upnphost.dll c:\windows\system32\winhttp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\netapi32.dll C:\WINDOWS\SYSTEM32\SPOOLSV.EXE c:\windows\system32\spoolsv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\spoolss.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\localspl.dll c:\windows\system32\secur32.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\winspool.drv c:\windows\system32\netapi32.dll c:\windows\system32\cnbjmon.dll c:\windows\system32\pjlmon.dll c:\windows\system32\tcpmon.dll c:\windows\system32\usbmon.dll c:\windows\system32\mswsock.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\win32spl.dll c:\windows\system32\netrap.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\inetpp.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE c:\program files\bonjour\mdnsresponder.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSGK32ST.EXE c:\program files\embarq online security\anti-virus\fsgk32st.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FSMA32.EXE c:\program files\embarq online security\common\fsma32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\imm32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\common\fsexc.dll c:\windows\system32\apphelp.dll c:\windows\system32\psapi.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSGK32.EXE c:\program files\embarq online security\anti-virus\fsgk32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fsma32s.dll c:\program files\embarq online security\anti-virus\avperf.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\fltlib.dll c:\windows\system32\msvcrt.dll c:\program files\embarq online security\hips\fships.dll c:\windows\system32\version.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\daas\fsclm.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\anti-virus\ftrlib.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\w3ssl.dll c:\windows\system32\strmfilt.dll c:\windows\system32\secur32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\httpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FSMB32.EXE c:\program files\embarq online security\common\fsmb32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsexc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FCH32.EXE c:\program files\embarq online security\common\fch32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\common\fspmeng.dll c:\program files\embarq online security\daas\fsclm.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSQH.EXE c:\program files\embarq online security\anti-virus\fsqh.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\anti-virus\qrt.dll c:\windows\system32\version.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FAMEH32.EXE c:\program files\embarq online security\common\fameh32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\imm32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\common\amehevn.dll c:\program files\embarq online security\common\amehlog.dll c:\program files\embarq online security\common\amehsmt.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\embarq online security\common\amehtvl.dll C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\program files\common files\microsoft shared\vs7debug\mdm.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\psapi.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FSPC\FSPC.EXE c:\program files\embarq online security\fspc\fspc.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\pdh.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcbcp.dll c:\windows\system32\version.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\odbcint.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\fsaua\program\fsaua_api_dll.dll c:\program files\embarq online security\fspc\fshttps\fshttps.eng c:\windows\system32\perfos.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\program files\embarq online security\fspc\fspcinst.eng c:\program files\embarq online security\fspc\fspchres.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\program files\embarq online security\fspc\csdk\dll\csdk.dll c:\windows\system32\wsock32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE c:\program files\windows media player\wmpnetwk.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\winhttp.dll c:\windows\system32\shlwapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\shell32.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\httpapi.dll c:\windows\system32\wmpmde.dll c:\windows\system32\mfplat.dll c:\windows\system32\userenv.dll c:\windows\system32\faultrep.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\setupapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\secur32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\upnp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\sxs.dll c:\windows\system32\hnetcfg.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\wmp.dll c:\windows\system32\msvfw32.dll c:\windows\system32\winmm.dll c:\windows\system32\dbghelp.dll c:\windows\system32\wmploc.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\actxprxy.dll c:\windows\system32\wmpps.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FSAUA\PROGRAM\FSAUA.EXE c:\program files\embarq online security\fsaua\program\fsaua.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\wininet.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\userenv.dll c:\windows\system32\shell32.dll c:\windows\system32\sensapi.dll c:\windows\system32\secur32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\rsaenh.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\dnsapi.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSSM32.EXE c:\program files\embarq online security\anti-virus\fssm32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\embarq online security\anti-virus\fm4av.dll c:\windows\system32\imm32.dll c:\windows\system32\fltlib.dll c:\windows\system32\msvcrt.dll c:\program files\embarq online security\anti-virus\avperf.dll c:\program files\embarq online security\anti-virus\avpproxy.dll c:\program files\embarq online security\anti-virus\avpfpi0.dll c:\program files\embarq online security\anti-virus\avp_iont.dll c:\windows\system32\psapi.dll c:\windows\system32\ole32.dll c:\program files\embarq online security\anti-spyware\lsse.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\gemini\fsgem.dll c:\program files\embarq online security\gemini\fsgeme.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\program files\embarq online security\anti-virus\fslfpi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\embarq online security\anti-virus\dffpi.dll c:\program files\embarq online security\pegasus\fpinor.dll c:\program files\embarq online security\pegasus\nse_w32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\program files\embarq online security\spam control\fsas.dll c:\program files\embarq online security\anti-virus\fsuss.dll c:\program files\embarq online security\anti-virus\fsusscr.dll c:\program files\embarq online security\daas\fsclm.dll c:\program files\embarq online security\spam control\fspl58.dll c:\program files\embarq online security\spam control\lib\auto\socket\socket.dll c:\program files\embarq online security\spam control\lib\auto\time\hires\hires.dll c:\program files\embarq online security\spam control\lib\auto\sys\hostname\hostname.dll c:\program files\embarq online security\spam control\lib\auto\fcntl\fcntl.dll c:\program files\embarq online security\spam control\lib\auto\posix\posix.dll c:\program files\embarq online security\spam control\lib\auto\mime\base64\base64.dll c:\program files\embarq online security\spam control\lib\auto\io\io.dll c:\program files\embarq online security\spam control\lib\auto\win32\winerror\winerror.dll c:\program files\embarq online security\spam control\lib\auto\win32\registry\registry.dll c:\program files\embarq online security\spam control\lib\auto\digest\sha1\sha1.dll c:\program files\embarq online security\spam control\lib\auto\sdbm_file\sdbm_file.dll c:\program files\embarq online security\spam control\lib\auto\html\parser\parser.dll c:\program files\embarq online security\spam control\lib\auto\cwd\cwd.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\version.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\rsvpsp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\spam control\lib\auto\digest\md5\md5.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\spam control\lib\auto\compress\zlib\zlib.dll c:\program files\embarq online security\anti-virus\avpfpi1.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FWES\PROGRAM\FSDFWD.EXE c:\program files\embarq online security\fwes\program\fsdfwd.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\version.dll c:\windows\system32\ole32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\tnb\fstnb.dll c:\windows\system32\shlwapi.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\common\fswscs.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msvcp60.dll c:\program files\embarq online security\fwes\program\fsmirror.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\program files\embarq online security\fwes\program\fsesperf.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\common\fsdfwres.eng c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\userenv.dll c:\windows\system32\secur32.dll c:\windows\system32\psapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\hnetcfg.dll c:\program files\embarq online security\fwes\program\fsfwperf.dll c:\program files\embarq online security\fsaua\program\fsaua_api_dll.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\wshtcpip.dll C:\WINDOWS\SYSTEM32\ALG.EXE c:\windows\system32\alg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\atl.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\hnetcfg.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\wshtcpip.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\VTTIMER.EXE c:\windows\system32\vttimer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\powrprof.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\imm32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\VTTRAYP.EXE c:\windows\system32\vttrayp.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\version.dll c:\windows\system32\winmm.dll c:\windows\system32\imm32.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\vtdisply.dll c:\windows\system32\vtgamma2.dll c:\windows\system32\vtinfo2.dll c:\windows\system32\vtovrlay.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE c:\program files\ahead\incd\incd.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\program files\ahead\incd\incdapi.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\winspool.drv c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\system32\setupapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\program files\common files\ahead\lib\drivelocker.dll c:\program files\ahead\incd\incdshx.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRA~1\VIRTUA~1\SMARTB~1\SPRINTDSLALERT.EXE c:\progra~1\virtua~1\smartb~1\sprintdslalert.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\progra~1\virtua~1\smartb~1\httpclient52.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\progra~1\virtua~1\smartb~1\clientutil52.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\virtua~1\smartb~1\sbres.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\psapi.dll c:\windows\system32\ieframe.dll c:\windows\system32\uxtheme.dll c:\windows\system32\sxs.dll c:\windows\system32\secur32.dll c:\windows\system32\urlmon.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctf.dll c:\progra~1\virtua~1\smartb~1\alertfilter.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\userenv.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\sensapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msimtf.dll c:\windows\system32\mslbui.dll c:\windows\system32\mlang.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll C:\PROGRAM FILES\CREATIVE\SBAUDIGY\SURROUND MIXER\CTSYSVOL.EXE c:\program files\creative\sbaudigy\surround mixer\ctsysvol.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\winmm.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\mfc42.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\creative\sbaudigy\surround mixer\ctsysvol.crl c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\program files\creative\shared files\cttheme.dll c:\program files\creative\shared files\ctrlsrc.dll c:\program files\creative\shared files\ctinif.dll c:\program files\creative\shared files\gdictrl.skc c:\windows\system32\comdlg32.dll c:\program files\creative\shared files\gdictrl2.skc c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\program files\creative\shared files\gdictrl3.skc c:\program files\creative\shared files\rtxctrl.skc c:\program files\creative\shared files\mxlib.dll c:\windows\system32\wdmaud.drv c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\WINDOWS\SYSTEM32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\p17.dll c:\windows\system32\dsound.dll c:\windows\system32\msctfime.ime c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\COMMON\FSM32.EXE c:\program files\embarq online security\common\fsm32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\program files\embarq online security\common\fspmapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\fsgui\about.dll c:\windows\system32\comdlg32.dll c:\windows\system32\winspool.drv c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\program files\embarq online security\common\fsmres.eng c:\windows\system32\secur32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\program files\embarq online security\fsgui\fsmuiav.dll c:\windows\system32\msimg32.dll c:\program files\embarq online security\fsgui\fsavures.eng c:\program files\embarq online security\fsaua\program\fsauainfo.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\fsgui\guilaunc.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\program files\embarq online security\common\fsmaui32.dll c:\windows\system32\mpr.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\program files\embarq online security\common\fsmaures.eng c:\program files\embarq online security\fspc\fspcfsm.dll c:\program files\embarq online security\fspc\fspcapi.dll c:\program files\embarq online security\fsgui\pcpwd.dll c:\program files\embarq online security\fspc\fspcfsm.eng c:\program files\embarq online security\spam control\fsscoepl.dll c:\program files\embarq online security\fsgui\fsscgui.dll c:\windows\system32\uxtheme.dll c:\windows\system32\riched32.dll c:\windows\system32\riched20.dll c:\program files\embarq online security\fsgui\aboutres.dll c:\program files\embarq online security\fsgui\strres.eng c:\windows\system32\msctf.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE c:\program files\java\jre1.6.0_03\bin\jusched.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\wininet.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\ole32.dll c:\windows\system32\shell32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\FSGUI\FSGUIDLL.EXE c:\program files\embarq online security\fsgui\fsguidll.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\msvcrt.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\winspool.drv c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\common\fsexc.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\fsgui\guiplugn.dll c:\windows\system32\msimg32.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\fspc\fspcapi.dll c:\program files\embarq online security\fsgui\pcpwd.dll c:\program files\embarq online security\fsgui\flyer.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\version.dll c:\program files\embarq online security\fsgui\fsavesui.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\program files\embarq online security\fsgui\strres.eng c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\program files\embarq online security\fsgui\flyerres.eng c:\program files\embarq online security\fsgui\gres.dll c:\windows\system32\msctf.dll c:\windows\system32\secur32.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\setupapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll C:\WINDOWS\SYSTEM32\CTFMON.EXE c:\windows\system32\ctfmon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msctf.dll c:\windows\system32\msutb.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctfime.ime c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNSCFG.EXE c:\program files\windows media player\wmpnscfg.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\shlwapi.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\shell32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\msctf.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\oleaut32.dll c:\windows\system32\version.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\xpsp2res.dll c:\program files\windows media player\wmpnssci.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\program files\embarq online security\fwes\program\fsdc.dll C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE c:\program files\messenger\msmsgs.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shell32.dll c:\windows\system32\version.dll c:\windows\system32\winmm.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\msimg32.dll c:\windows\system32\netapi32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\cryptdll.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\imm32.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\xpob2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\sxs.dll c:\windows\system32\es.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\credui.dll c:\windows\system32\secur32.dll c:\program files\messenger\msgsc.dll C:\PROGRAM FILES\EMBARQ ONLINE SECURITY\ANTI-VIRUS\FSAV32.EXE c:\program files\embarq online security\anti-virus\fsav32.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\embarq online security\anti-virus\fsched.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\program files\embarq online security\anti-virus\fstsm.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\embarq online security\common\fsma32s.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fswscs.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msvcp60.dll c:\program files\embarq online security\tnb\fstnb.dll c:\program files\embarq online security\common\fslapi.dll c:\program files\embarq online security\anti-virus\fsavhres.eng c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\mstask.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wldap32.dll c:\windows\system32\netapi32.dll c:\windows\system32\secur32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\mpr.dll c:\windows\system32\userenv.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\program files\embarq online security\fsaua\program\fsaua_api_dll.dll c:\program files\embarq online security\common\fsma32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll C:\PROGRAM FILES\VIRTUAL ASSISTANT\BIN\MPBTN.EXE c:\program files\virtual assistant\bin\mpbtn.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\program files\virtual assistant\bin\clientutil52.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\program files\virtual assistant\bin\asstcatalog.dll c:\program files\virtual assistant\bin\resource.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE c:\program files\internet explorer\iexplore.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\urlmon.dll c:\windows\system32\oleaut32.dll c:\windows\system32\iertutil.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\uxtheme.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\ieui.dll c:\windows\system32\msimg32.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\xmllite.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msimtf.dll c:\windows\system32\secur32.dll c:\windows\system32\mslbui.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\setupapi.dll c:\program files\microsoft office\office11\msohev.dll c:\windows\ime\sptip.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\windows\ime\spgrmr.dll c:\windows\system32\msi.dll c:\program files\common files\microsoft shared\ink\skchui.dll c:\program files\internet explorer\ieproxy.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\mlang.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\awttrrr.dll c:\program files\java\jre1.6.0_03\bin\ssv.dll c:\program files\java\jre1.6.0_03\bin\msvcr71.dll c:\windows\system32\vturq.dll c:\windows\system32\shfolder.dll c:\windows\system32\bswdeaqq.dll c:\windows\system32\sxs.dll c:\windows\system32\actxprxy.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\system32\userenv.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\sensapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\dnsapi.dll c:\windows\system32\wshtcpip.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\ieapfltr.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\jscript.dll c:\windows\system32\rsaenh.dll c:\windows\system32\rsvpsp.dll c:\windows\system32\winrnr.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\ddraw.dll c:\windows\system32\dciman32.dll c:\windows\system32\schannel.dll c:\windows\system32\dssenh.dll c:\windows\system32\mscms.dll c:\windows\system32\winspool.drv C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE c:\program files\mozilla firefox\firefox.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\mozilla firefox\js3250.dll c:\program files\mozilla firefox\nspr4.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\winmm.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\program files\mozilla firefox\xpcom_core.dll c:\program files\mozilla firefox\plc4.dll c:\program files\mozilla firefox\plds4.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\version.dll c:\program files\mozilla firefox\smime3.dll c:\program files\mozilla firefox\nss3.dll c:\program files\mozilla firefox\softokn3.dll c:\program files\mozilla firefox\ssl3.dll c:\program files\mozilla firefox\xpcom_compat.dll c:\windows\system32\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\winspool.drv c:\windows\system32\imm32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\setupapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files\mozilla firefox\components\myspell.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\iphlpapi.dll c:\program files\mozilla firefox\components\jar50.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\msimtf.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\uxtheme.dll c:\program files\mozilla firefox\freebl3.dll c:\program files\mozilla firefox\nssckbi.dll c:\program files\mozilla firefox\components\spellchk.dll c:\windows\system32\msimg32.dll c:\windows\system32\mslbui.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\vturq.dll c:\windows\system32\secur32.dll c:\windows\system32\shfolder.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\rsvpsp.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\mlang.dll c:\windows\system32\wdmaud.drv c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\schannel.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\browseui.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\linkinfo.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\shdocvw.dll c:\windows\system32\cryptui.dll c:\program files\common files\adobe\acrobat\activex\pdfshell.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\mpr.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\samlib.dll c:\windows\system32\davclnt.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\msgina.dll c:\windows\system32\winsta.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcint.dll C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE c:\program files\windows defender\msmpeng.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\msvcrt.dll c:\program files\windows defender\mpsvc.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\version.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\program files\windows defender\mpclient.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\psapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\program files\windows defender\mprtplug.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b9626bd9-724d-4c76-b658-382f874d599d}\mpengine.dll c:\program files\windows defender\mpasdesc.dll c:\windows\system32\apphelp.dll C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE c:\program files\windows defender\msascui.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\system32\msvcrt.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\program files\windows defender\mpclient.dll c:\windows\system32\userenv.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\program files\windows defender\msmpres.dll c:\program files\windows defender\mprtmon.dll c:\windows\system32\netapi32.dll c:\windows\system32\winhttp.dll c:\windows\system32\urlmon.dll c:\windows\system32\iertutil.dll c:\windows\system32\version.dll c:\windows\system32\imm32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msftedit.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\windows\system32\rsaenh.dll c:\windows\system32\secur32.dll c:\windows\system32\mslbui.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wuapi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\cabinet.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\wups.dll c:\windows\system32\dciman32.dll c:\program files\windows defender\mpasdesc.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\msxml3.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\schannel.dll c:\windows\system32\dssenh.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\dnsapi.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\apphelp.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\awttrrr.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll c:\progra~1\wifd1f~1\mpshhook.dll C:\WINDOWS\EXPLORER.EXE c:\windows\explorer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\browseui.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shdocvw.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\cryptui.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\netapi32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wldap32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\vturq.dll c:\windows\system32\secur32.dll c:\windows\system32\shfolder.dll c:\windows\system32\urlmon.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\bswdeaqq.dll c:\windows\system32\ntmarta.dll c:\windows\system32\samlib.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\ieframe.dll c:\windows\system32\psapi.dll c:\windows\system32\themeui.dll c:\windows\system32\msimg32.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\sensapi.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\progra~1\window~2\wmpband.dll c:\windows\system32\mpr.dll c:\windows\system32\mswsock.dll c:\program files\embarq online security\fwes\program\fsdc.dll c:\windows\system32\linkinfo.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dnsapi.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\msi.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\program files\embarq online security\scanner-interface\fsgkiapi.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\sxs.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\winsta.dll c:\windows\system32\webcheck.dll c:\windows\system32\stobject.dll c:\windows\system32\batmeter.dll c:\windows\system32\powrprof.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\winhttp.dll c:\windows\system32\mslbui.dll c:\windows\system32\mydocs.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\awttrrr.dll c:\windows\system32\portabledeviceapi.dll c:\progra~1\wifd1f~1\mpshhook.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll c:\windows\system32\browselc.dll c:\windows\system32\duser.dll c:\windows\system32\mlang.dll c:\windows\system32\rsaenh.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\davclnt.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\midimap.dll c:\windows\system32\winrnr.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\program files\common files\adobe\acrobat\activex\pdfshell.dll c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll c:\program files\embarq online security\common\fpshx.dll c:\program files\embarq online security\common\fsma32.dll c:\program files\embarq online security\common\fspmapi.dll c:\program files\embarq online security\common\fslapi.dll c:\windows\system32\mfc42.dll c:\program files\embarq online security\common\fpshx.eng c:\program files\winrar\rarext.dll c:\program files\magiciso\misosh.dll c:\windows\system32\syncui.dll c:\program files\grisoft\avg anti-spyware 7.5\context.dll c:\windows\system32\cryptnet.dll c:\windows\system32\shdoclc.dll c:\windows\system32\msgina.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\odbcint.dll c:\windows\system32\actxprxy.dll c:\windows\system32\xpsp1res.dll c:\windows\system32\riched32.dll c:\windows\system32\riched20.dll c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll c:\program files\common files\microsoft shared\office11\msoxev.dll c:\program files\ahead\incd\incdshx.dll C:\WINDOWS\SYSTEM32\NOTEPAD.EXE c:\windows\system32\notepad.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\winspool.drv c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctfime.ime c:\windows\system32\mslbui.dll C:\WINDOWS\SYSTEM32\MSIEXEC.EXE c:\windows\system32\msiexec.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\msi.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\apphelp.dll c:\windows\system32\perfproc.dll c:\windows\system32\srclient.dll c:\windows\system32\wbem\framedyn.dll c:\windows\system32\linkinfo.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\setupapi.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\program files\lavasoft\ad-aware 2007\aawservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\lavasoft\ad-aware 2007\ceapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wldap32.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\program files\lavasoft\ad-aware 2007\update.dll c:\windows\system32\wsock32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\oleaut32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\snmpapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\windows\system32\msctfime.ime c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\program files\embarq online security\fsps\program\fslsp.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\version.dll c:\windows\system32\mpr.dll c:\windows\system32\comctl32.dll c:\windows\system32\imm32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comdlg32.dll c:\program files\lavasoft\ad-aware 2007\lavalicense.dll c:\windows\system32\winmm.dll c:\windows\system32\shfolder.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\snmpapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\ntmarta.dll c:\progra~1\virtua~1\smartb~1\sbhook.dll c:\windows\system32\msctf.dll c:\program files\embarq online security\spam control\fsscoepl.dll c:\windows\system32\msctfime.ime c:\windows\system32\uxtheme.dll c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\olepro32.dll c:\windows\system32\secur32.dll c:\program files\lavasoft\ad-aware 2007\lavamessage.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\mslbui.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\davclnt.dll c:\windows\system32\wpdshext.dll c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\shgina.dll c:\windows\system32\msgina.dll c:\windows\system32\userenv.dll c:\windows\system32\winsta.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcint.dll c:\windows\system32\audiodev.dll c:\windows\system32\wmvcore.dll c:\windows\system32\wmasf.dll End of Scan Section =========================== 20080204 02-19-55 : Tried to Quarantine an infection. 20080204 02-19-55 : Successfully Quarantined Root: HKU Path: S-1-5-21-606747145-1958367476-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{a95b2816-1d7e-4561-a202-68c0de02353a} belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined Root: HKCR Path: clsid\{a95b2816-1d7e-4561-a202-68c0de02353a} belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a} belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined File: c:\documents and settings\all users\start menu\Online Security Guide.lnk belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Successfully Quarantined File: c:\System Volume Information\tracking.log belonging to Win32.Trojandownloader.Zlob 20080204 02-19-55 : Quarantine succeeded. 20080204 02-20-06 : Started cleaning the system of infections 20080204 02-20-07 : Clean operation finished Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:23:16 AM, on 2/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Ahead\InCD\InCD.exe C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe C:\Program Files\Virtual Assistant\bin\mpbtn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [sprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe O4 - HKLM\..\Run: [EarthLink Installer] " /C O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [csr] csrrs.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunServices: [csr] csrrs.exe O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (file missing) O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/cabs/MSDcode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150585256359 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://stash.nugs.net/dev/dlControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ADSService - Unknown owner - C:\Program Files\Common Files\ADS\ADSService.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 8244 bytes
  10. I am waiting patiently for a reply to my post. I've got a question for you.