Sign in to follow this  
itsmeveve

dcads/spa_start Removal Help Needed

Recommended Posts

I am a new member and hope I get this right for posting. The computer is offline so I updated as well as I could manualy before running these scans. In this computer something created many user accounts in witch many pictures were added to take up all of the hard drive space. I have deleted the many folders of user accounts and the pictures to free up some room. My grandson was the last to use this computer and I suspect that he picked something up from limewire. Your help with this matter is greatly appreciated.

 

Logfile of HijackThis v1.99.1

Scan saved at 1:47:47 PM, on 1/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\awtrrrp.dll

O2 - BHO: superiorads - {4AD44D3E-7316-4251-B754-9B10EC96AF92} - C:\WINDOWS\system32\sprt_ads.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nshCB.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3} - C:\WINDOWS\system32\qqtqnio.dll (file missing)

O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)

O2 - BHO: (no name) - {BD16AA05-7045-4A15-A9FE-0E8CC5CB9083} - C:\Program Files\MSN\potegy4444.dll (file missing)

O2 - BHO: (no name) - {EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF} - C:\Program Files\MSN\potegy83122.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: awtrrrp - C:\WINDOWS\SYSTEM32\awtrrrp.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

 

 

 

 

 

 

Ad-Aware 2007 Build

Log File Created on: 2008-01-02 01:06:26

Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef

Computer name: CONNIE

Name of user performing scan: SYSTEM

 

System information

===========================

Number of processors: 1

Processor type: Intel® Celeron® CPU 2.70GHz

Memory Available: 38%

Total Physical Memory: 795848704 Bytes

Available Physical Memory: 300253184 Bytes

Total Page File Size: 1142681600 Bytes

Available On Page File: 686178304 Bytes

Total Virtual Memory: 2147352576 Bytes

Available Virtual Memory: 1991036928 Bytes

OS: Microsoft Windows XP Service Pack 2 (Build 2600)

 

Ad-Aware 2007 Settings

===========================

Skipping files larger than 1048576 kB

Ignoring infections with lower TAI than: 3

 

 

Extended Ad-Aware 2007 Settings

===========================

Unloading known modules during scan

Ignoring spanned files when scanning cab archives

Reanalyzing results after scanning before displaying results

Trying to unload modules prior to removal

Let Windows remove files currently in use at next reboot

Removing quarantined objects after restore

Deactivating Ad-Watch during scans

Writeprotecting system files after repairs

Include info about ignored objects in log file

Including basic settings in log file

Including advanced settings in log file

Including user and computer name in log file

Create and save WebUpdate log file

 

Databaseinfo

===========================

Version number: 31

Build Number: 0

Build Date and Time: 2007/11/05 03:13:33

 

Scan Statistics

===========================

Method: Full

Scan tracking cookies.............................: On

Scan ADS filestreams..............................: Off

 

Item Scanned: 544534

Infections Detected: 3

Infections Ignored: 0

 

Scan detailed statistics

===========================

Type Critical Total

Process Scan....: 0 0

Registry Scan...: 0 0

Registry PE Scan: 0 0

Hosts File Scan.: 0 0

File Scan.......: 0 0

Folder Scan.....: 0 0

LSP Scan........: 0 0

ADS Scan........: 0 0

Cookie Scan.....: 0 0

File Hash Scan..: 1 1

 

Infections Found

===========================

Family Id: 229 Name: BroadCastPC Category: DataMiner TAI:7

Item Id: 3587 Value: File: C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP698\A0277750.exe

Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

Item Id: 1 Value: MRU Path: C:\Documents and Settings\MOM\Recent Count: 7

Item Id: 2 Value: MRU Registry Key: S-1-5-21-77883839-1442915135-3015422921-1077\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1

 

Items Ignored During Scan

===========================

 

 

Listing of running processes

===========================

C:\WINDOWS\SYSTEM32\SMSS.EXE

c:\windows\system32\smss.exe

 

c:\windows\system32\ntdll.dll

 

C:\WINDOWS\SYSTEM32\CSRSS.EXE

c:\windows\system32\csrss.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\csrsrv.dll

 

c:\windows\system32\basesrv.dll

 

c:\windows\system32\winsrv.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\sxs.dll

 

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

c:\windows\system32\winlogon.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\nddeapi.dll

 

c:\windows\system32\profmap.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\regapi.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\msgina.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\odbc32.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\odbcint.dll

 

c:\windows\system32\shsvcs.dll

 

c:\windows\system32\sfc.dll

 

c:\windows\system32\sfc_os.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\winscard.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\cscdll.dll

 

c:\program files\softex\omnipass\opxpgina.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\wlnotify.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\wgalogon.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\awtrrrp.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\cscui.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\wdmaud.drv

 

c:\windows\system32\msacm32.drv

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\midimap.dll

 

c:\windows\system32\igfxsrvc.dll

 

c:\windows\system32\hccutils.dll

 

C:\WINDOWS\SYSTEM32\SERVICES.EXE

c:\windows\system32\services.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\scesrv.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\umpnpmgr.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\ncobjapi.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\eventlog.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\wtsapi32.dll

 

C:\WINDOWS\SYSTEM32\LSASS.EXE

c:\windows\system32\lsass.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\lsasrv.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\samsrv.dll

 

c:\windows\system32\cryptdll.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\msprivs.dll

 

c:\windows\system32\kerberos.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\netlogon.dll

 

c:\windows\system32\w32time.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\schannel.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\wdigest.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\scecli.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\pstorsvc.dll

 

c:\windows\system32\psbase.dll

 

c:\windows\system32\dssenh.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\rpcss.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\termsrv.dll

 

c:\windows\system32\icaapi.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\mstlsapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\regapi.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\rpcss.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshisn.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\wship6.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\shsvcs.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\dhcpcsvc.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\wzcsvc.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\wmi.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\esent.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\rastls.dll

 

c:\windows\system32\cryptui.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\schannel.dll

 

c:\windows\system32\winscard.dll

 

c:\windows\system32\raschap.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\schedsvc.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\windows\system32\msidle.dll

 

c:\windows\system32\audiosrv.dll

 

c:\windows\system32\wkssvc.dll

 

c:\windows\system32\cryptsvc.dll

 

c:\windows\system32\certcli.dll

 

c:\windows\system32\ersvc.dll

 

c:\windows\system32\es.dll

 

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

 

c:\windows\system32\srvsvc.dll

 

c:\windows\system32\netman.dll

 

c:\windows\system32\netshell.dll

 

c:\windows\system32\credui.dll

 

c:\windows\system32\wzcsapi.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\seclogon.dll

 

c:\windows\system32\sens.dll

 

c:\windows\system32\srsvc.dll

 

c:\windows\system32\powrprof.dll

 

c:\windows\system32\tapisrv.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\trkwks.dll

 

c:\windows\system32\w32time.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\wbem\wmisvc.dll

 

c:\windows\system32\vssapi.dll

 

c:\windows\system32\wuauserv.dll

 

c:\windows\system32\browser.dll

 

c:\windows\system32\rasmans.dll

 

c:\windows\system32\winipsec.dll

 

c:\windows\system32\netcfgx.dll

 

c:\windows\system32\clusapi.dll

 

c:\windows\system32\wuaueng.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\winhttp.dll

 

c:\windows\system32\cabinet.dll

 

c:\windows\system32\mspatcha.dll

 

c:\windows\system32\6to4svc.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\ipnathlp.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\wscsvc.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\wship6.dll

 

c:\windows\system32\wbem\wbemcomn.dll

 

c:\windows\system32\wbem\wbemcore.dll

 

c:\windows\system32\wbem\esscli.dll

 

c:\windows\system32\wbem\fastprox.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\wbem\wmiutils.dll

 

c:\windows\system32\wbem\repdrvfs.dll

 

c:\windows\system32\comsvcs.dll

 

c:\windows\system32\colbact.dll

 

c:\windows\system32\mtxclu.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\resutils.dll

 

c:\windows\system32\rastapi.dll

 

c:\windows\system32\unimdm.tsp

 

c:\windows\system32\uniplat.dll

 

c:\windows\system32\wbem\wmiprvsd.dll

 

c:\windows\system32\ncobjapi.dll

 

c:\windows\system32\wbem\wbemess.dll

 

c:\windows\system32\wbem\ncprov.dll

 

c:\windows\system32\sfc.dll

 

c:\windows\system32\sfc_os.dll

 

c:\windows\system32\unimdmat.dll

 

c:\windows\system32\modemui.dll

 

c:\windows\system32\kmddsp.tsp

 

c:\windows\system32\ndptsp.tsp

 

c:\windows\system32\ipconf.tsp

 

c:\windows\system32\h323.tsp

 

c:\windows\system32\hidphone.tsp

 

c:\windows\system32\hid.dll

 

c:\windows\system32\rasppp.dll

 

c:\windows\system32\ntlsapi.dll

 

c:\windows\system32\kerberos.dll

 

c:\windows\system32\cryptdll.dll

 

c:\windows\system32\rasauto.dll

 

c:\windows\system32\ipxwan.dll

 

c:\windows\system32\adptif.dll

 

c:\windows\system32\icmp.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\advpack.dll

 

c:\windows\system32\rasdlg.dll

 

c:\windows\system32\wbem\wbemsvc.dll

 

c:\windows\system32\wbem\wbemcons.dll

 

C:\PROGRAM FILES\SOFTEX\OMNIPASS\OPXPAPP.EXE

c:\program files\softex\omnipass\opxpapp.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\program files\softex\omnipass\ginastub.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\program files\softex\omnipass\sftxtgp.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\dnsrslvr.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\lmhsvc.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\webclnt.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\ssdpsrv.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wship6.dll

 

c:\windows\system32\dhcpcsvc.dll

 

c:\windows\system32\netman.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\netshell.dll

 

c:\windows\system32\credui.dll

 

c:\windows\system32\wzcsapi.dll

 

c:\windows\system32\wzcsvc.dll

 

c:\windows\system32\wmi.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\esent.dll

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE

c:\program files\common files\symantec shared\ccsvchst.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\msvcp71.dll

 

c:\windows\system32\msvcr71.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\dbghelp.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\program files\common files\symantec shared\ccvrtrst.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\program files\common files\symantec shared\ccsvc.dll

 

c:\program files\common files\symantec shared\ccset.dll

 

c:\progra~1\common~1\symant~1\ccsetplg.dll

 

c:\progra~1\norton~2\avpsvc32.dll

 

c:\windows\system32\shell32.dll

 

c:\progra~1\norton~2\avpsvc32.loc

 

c:\program files\norton antivirus\avsubmit.dll

 

c:\program files\norton antivirus\avsubmit.loc

 

c:\progra~1\norton~2\isdatasv.dll

 

c:\progra~1\common~1\symant~1\npc\npcwmimn.dll

 

c:\progra~1\common~1\symant~1\sndsvc.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\program files\common files\symantec shared\ccl60.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\wbem\wbemprox.dll

 

c:\windows\system32\wbem\wbemcomn.dll

 

c:\progra~1\common~1\symant~1\submis~1\subeng.dll

 

c:\progra~1\common~1\symant~1\submis~1\subres.loc

 

c:\progra~1\common~1\symant~1\spbbc\tprocplg.dll

 

c:\windows\system32\msi.dll

 

c:\progra~1\common~1\symant~1\ccevtplg.dll

 

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\pifeng.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\netman.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\netshell.dll

 

c:\windows\system32\credui.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\wzcsapi.dll

 

c:\windows\system32\wzcsvc.dll

 

c:\windows\system32\wmi.dll

 

c:\windows\system32\dhcpcsvc.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\esent.dll

 

c:\program files\common files\symantec shared\ccevtcli.dll

 

c:\progra~1\common~1\symant~1\firewall\fwagent.dll

 

c:\progra~1\common~1\symant~1\spbbc\spbbcevt.dll

 

c:\progra~1\common~1\symant~1\srtsp\srtsp32.dll

 

c:\windows\system32\rsaenh.dll

 

c:\program files\norton antivirus\setevthp.dll

 

c:\program files\common files\symantec shared\ccprosub.dll

 

c:\progra~1\common~1\symant~1\ccsetevt.dll

 

c:\windows\system32\atl71.dll

 

c:\progra~1\norton~2\navevent.dll

 

c:\windows\system32\symneti.dll

 

c:\program files\norton antivirus\isdatacl.dll

 

c:\program files\common files\symantec shared\antivirus\avifc.dll

 

c:\program files\common files\symantec shared\appcore\appmgr32.dll

 

c:\program files\common files\symantec shared\firewall\fwhelper.dll

 

c:\program files\norton antivirus\fwplugin.dll

 

c:\program files\norton antivirus\fwevent.dll

 

c:\progra~1\common~1\symant~1\opc\{31011~1\cltnetcn.dll

 

c:\program files\norton antivirus\imcfg.dll

 

c:\program files\common files\symantec shared\spbbc\bbrgen.dll

 

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\pollmgr.dll

 

c:\progra~1\common~1\symant~1\submis~1\subconn.dll

 

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\cceraser.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wship6.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\program files\common files\symantec shared\qbackup.dll

 

c:\program files\common files\symantec shared\npc\npcwmidt.dll

 

c:\windows\system32\wbem\wbemsvc.dll

 

c:\windows\system32\wbem\fastprox.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\program files\norton antivirus\navlogv.dll

 

c:\program files\norton antivirus\navlogv.loc

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE

c:\program files\common files\symantec shared\appcore\appsvc32.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\atl71.dll

 

c:\windows\system32\msvcp71.dll

 

c:\windows\system32\msvcr71.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\dbghelp.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\program files\common files\symantec shared\ccvrtrst.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\program files\common files\symantec shared\appcore\appmgr32.dll

 

c:\program files\common files\symantec shared\appcore\appset32.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\program files\common files\symantec shared\ccsvc.dll

 

c:\program files\common files\symantec shared\antivirus\avscan.dll

 

c:\windows\system32\userenv.dll

 

c:\program files\common files\symantec shared\antivirus\av.loc

 

c:\program files\common files\symantec shared\antivirus\avdefmgr.dll

 

c:\program files\common files\symantec shared\defutdcd.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\program files\common files\symantec shared\antivirus\avmodule.dll

 

c:\windows\system32\uxtheme.dll

 

c:\program files\common files\symantec shared\qbackup.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\netapi32.dll

 

c:\program files\common files\symantec shared\antivirus\avexclu.dll

 

c:\program files\common files\symantec shared\srtsp\srtsp32.dll

 

c:\program files\common files\symantec shared\ccprosub.dll

 

c:\windows\system32\msi.dll

 

c:\progra~1\common~1\symant~1\ccevtcli.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\linkinfo.dll

 

c:\windows\system32\ntshrui.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\apphelp.dll

 

c:\program files\common files\symantec shared\ccscanw.dll

 

c:\program files\common files\symantec shared\ecmldr32.dll

 

c:\program files\common files\symantec shared\msl\msl.dll

 

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\cceraser.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\ecmsvr32.dll

 

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\navex32a.dll

 

c:\progra~1\common~1\symant~1\virusd~1\20071231.002\naveng32.dll

 

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

c:\program files\lavasoft\ad-aware 2007\aawservice.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\program files\lavasoft\ad-aware 2007\update.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\rsaenh.dll

 

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

c:\windows\system32\spoolsv.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\spoolss.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\localspl.dll

 

c:\windows\system32\sfc_os.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\cnbjmon.dll

 

c:\windows\system32\cnbjmon2.dll

 

c:\windows\system32\hpzll4pi.dll

 

c:\windows\system32\mdimon.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\fxsmon.dll

 

c:\windows\system32\fxsevent.dll

 

c:\windows\system32\pjlmon.dll

 

c:\windows\system32\tcpmon.dll

 

c:\windows\system32\usbmon.dll

 

c:\windows\system32\spool\prtprocs\w32x86\hpzpp4pi.dll

 

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\win32spl.dll

 

c:\windows\system32\netrap.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\inetpp.dll

 

c:\windows\system32\xpsp2res.dll

 

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE

c:\program files\symantec\liveupdate\aluschedulersvc.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\program files\symantec\liveupdate\msvcp71.dll

 

c:\program files\symantec\liveupdate\msvcr71.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\uxtheme.dll

 

c:\program files\common files\symantec shared\ccvrtrst.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\program files\symantec\liveupdate\pslucomserver_3_1.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\rasadhlp.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\wiaservc.dll

 

c:\windows\system32\cfgmgr32.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\mscms.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\actxprxy.dll

 

C:\WINDOWS\SYSTEM32\WDFMGR.EXE

c:\windows\system32\wdfmgr.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

C:\WINDOWS\SYSTEM32\ALG.EXE

c:\windows\system32\alg.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\hnetcfg.dll

 

C:\WINDOWS\EXPLORER.EXE

c:\windows\explorer.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\browseui.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\shdocvw.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\cryptui.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\cscui.dll

 

c:\windows\system32\cscdll.dll

 

c:\windows\system32\themeui.dll

 

c:\windows\system32\msimg32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\actxprxy.dll

 

c:\program files\microsoft antispyware\shellextension.dll

 

c:\windows\system32\awtrrrp.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\ieframe.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wship6.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\dhcpcsvc.dll

 

c:\windows\system32\netman.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\netshell.dll

 

c:\windows\system32\credui.dll

 

c:\windows\system32\wzcsapi.dll

 

c:\windows\system32\wzcsvc.dll

 

c:\windows\system32\wmi.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\esent.dll

 

c:\windows\system32\msutb.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\linkinfo.dll

 

c:\windows\system32\ntshrui.dll

 

c:\windows\system32\webcheck.dll

 

c:\windows\system32\stobject.dll

 

c:\windows\system32\batmeter.dll

 

c:\windows\system32\powrprof.dll

 

c:\windows\system32\upnpui.dll

 

c:\windows\system32\upnp.dll

 

c:\windows\system32\winhttp.dll

 

c:\windows\system32\ssdpapi.dll

 

c:\windows\system32\wdmaud.drv

 

c:\windows\system32\msacm32.drv

 

c:\windows\system32\midimap.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\fxsst.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\fxsapi.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\mlang.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\dsound.dll

 

c:\program files\common files\symantec shared\npc\nscext.dll

 

c:\windows\system32\atl71.dll

 

c:\windows\system32\msvcp71.dll

 

c:\windows\system32\msvcr71.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\browselc.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\ntlanman.dll

 

c:\windows\system32\netui0.dll

 

c:\windows\system32\netui1.dll

 

c:\windows\system32\netrap.dll

 

c:\windows\system32\drprov.dll

 

c:\windows\system32\davclnt.dll

 

c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

 

c:\windows\system32\duser.dll

 

c:\program files\common files\ahead\lib\nerodigitalext.dll

 

c:\program files\common files\ahead\lib\mfc71.dll

 

c:\windows\system32\mfc71enu.dll

 

c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

 

c:\program files\nero\nero 7\nero backitup\nbshell.dll

 

c:\program files\nero\nero 7\nero backitup\mfc71u.dll

 

c:\program files\common files\symantec shared\ccvrtrst.dll

 

c:\windows\system32\wsock32.dll

 

c:\progra~1\winzip\wzshlstb.dll

 

c:\program files\winrar\rarext.dll

 

c:\program files\wordperfect office 11\programs\pfim110en.dll

 

c:\windows\system32\igfxpph.dll

 

c:\windows\system32\hccutils.dll

 

c:\windows\system32\igfxres.dll

 

c:\windows\system32\igfxsrvc.dll

 

c:\windows\system32\igfxdev.dll

 

c:\windows\system32\mydocs.dll

 

c:\windows\system32\comdlg32.dll

 

c:\progra~1\norton~2\navshext.dll

 

c:\progra~1\norton~2\navshext.loc

 

c:\progra~1\trojan~1.0\contmenu.dll

 

c:\program files\wordperfect office 11\programs\pfse110.dll

 

c:\program files\softex\omnipass\opshelle.dll

 

c:\program files\softex\omnipass\opcomm.dll

 

c:\program files\softex\omnipass\opfscure.dll

 

c:\windows\system32\mfc42.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\asfsipc.dll

 

c:\windows\system32\msisip.dll

 

c:\windows\system32\wshext.dll

 

c:\progra~1\micros~2\office11\mcps.dll

 

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\sprt_ads.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\msctf.dll

 

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

c:\program files\common files\symantec shared\ccapp.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcp71.dll

 

c:\windows\system32\msvcr71.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\dbghelp.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\symneti.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\userenv.dll

 

c:\program files\common files\symantec shared\ccvrtrst.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\program files\common files\symantec shared\ccset.dll

 

c:\program files\common files\symantec shared\ccsvc.dll

 

c:\program files\common files\symantec shared\appcore\appplg32.dll

 

c:\program files\common files\symantec shared\appcore\appmgr32.dll

 

c:\windows\system32\atl71.dll

 

c:\program files\common files\symantec shared\appcore\appset32.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\progra~1\common~1\symant~1\ccalert.dll

 

c:\progra~1\common~1\symant~1\ccemlpxy.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\program files\norton antivirus\fwalert.dll

 

c:\program files\norton antivirus\fwalres.dll

 

c:\progra~1\norton~2\defalert.dll

 

c:\progra~1\norton~2\avpapp32.dll

 

c:\program files\common files\symantec shared\npc\npctray.dll

 

c:\program files\common files\symantec shared\cf\pep2.dll

 

c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\alerteng.dll

 

c:\program files\common files\symantec shared\coh\seshlp.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\msctf.dll

 

c:\progra~1\norton~2\avpapp32.loc

 

c:\program files\common files\symantec shared\npc\datapvdr.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\program files\common files\symantec shared\npc\nschlpr2.dll

 

c:\program files\common files\symantec shared\ccsetevt.dll

 

c:\program files\common files\symantec shared\ccprosub.dll

 

c:\program files\common files\symantec shared\antivirus\avifc.dll

 

c:\program files\norton antivirus\fwevent.dll

 

c:\program files\norton antivirus\isdatacl.dll

 

c:\windows\system32\msi.dll

 

c:\program files\norton antivirus\setevthp.dll

 

c:\progra~1\common~1\symant~1\ccevtcli.dll

 

c:\progra~1\common~1\symant~1\rcemlpxy.dll

 

c:\windows\system32\symredir.dll

 

c:\program files\common files\symantec shared\npc\pcstatus.dll

 

c:\program files\common files\symantec shared\npc\uilicplg.dll

 

c:\program files\common files\symantec shared\antivirus\avmail.dll

 

c:\program files\common files\symantec shared\npc\nscwscr2.dll

 

c:\program files\common files\symantec shared\npc\npcwmicl.dll

 

c:\program files\common files\symantec shared\npc\npcwmidt.dll

 

c:\program files\common files\symantec shared\antivirus\avexclu.dll

 

c:\program files\common files\symantec shared\npc\pepevnt.dll

 

c:\program files\common files\symantec shared\npc\nscext.dll

 

c:\program files\common files\symantec shared\npc\uicntnr.dll

 

c:\program files\common files\symantec shared\symtheme\1.0\symtheme.dll

 

c:\program files\common files\symantec shared\symhtml\1.0\symhtml.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\oleacc.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\winmm.dll

 

c:\program files\norton antivirus\isstatus.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\urlmon.dll

 

c:\program files\common files\symantec shared\cf\cfv2pack.dll

 

c:\program files\common files\symantec shared\cf\cfepack.dll

 

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\alertui.dll

 

c:\windows\system32\msimg32.dll

 

C:\WINDOWS\SYSTEM32\CTFMON.EXE

c:\windows\system32\ctfmon.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\msutb.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\msctfime.ime

 

c:\program files\common files\symantec shared\npc\nscext.dll

 

c:\windows\system32\atl71.dll

 

c:\windows\system32\msvcp71.dll

 

c:\windows\system32\msvcr71.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

c:\program files\internet explorer\iexplore.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ieframe.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\ieui.dll

 

c:\windows\system32\msimg32.dll

 

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

 

c:\windows\system32\xmllite.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\msimtf.dll

 

c:\windows\system32\cscui.dll

 

c:\windows\system32\cscdll.dll

 

c:\windows\system32\setupapi.dll

 

c:\program files\microsoft office\office11\msohev.dll

 

c:\program files\internet explorer\ieproxy.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\mlang.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\program files\yahoo!\companion\installs\cpn2\yt.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\sxs.dll

 

c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

 

c:\windows\system32\msvcr71.dll

 

c:\windows\system32\adssite_sidebar.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\oledlg.dll

 

c:\windows\system32\msi.dll

 

c:\program files\microsoft money\system\mnyside.dll

 

c:\program files\microsoft money\system\misstub.dll

 

c:\windows\system32\awtrrrp.dll

 

c:\windows\system32\sprt_ads.dll

 

c:\windows\system32\dnsapi.dll

 

c:\program files\spybot - search & destroy\sdhelper.dll

 

c:\windows\system32\olepro32.dll

 

c:\windows\system32\nshcb.dll

 

c:\windows\system32\msvcp60.dll

 

c:\program files\java\jre1.6.0_02\bin\ssv.dll

 

c:\windows\system32\rsaenh.dll

 

c:\program files\yahoo!\companion\installs\cpn2\pubmod.dll

 

c:\program files\yahoo!\companion\installs\cpn2\ypubc.dll

 

c:\program files\yahoo!\companion\installs\cpn2\ytantispy.dll

 

c:\windows\system32\actxprxy.dll

 

c:\program files\yahoo!\companion\installs\cpn2\ymeremote.dll

 

c:\program files\common files\symantec shared\npc\nscext.dll

 

c:\windows\system32\atl71.dll

 

c:\windows\system32\msvcp71.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\mshtml.dll

 

c:\windows\system32\msls31.dll

 

c:\windows\system32\ieapfltr.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\jscript.dll

 

c:\windows\system32\imgutil.dll

 

c:\windows\system32\pngfilt.dll

 

c:\windows\system32\mshtmled.dll

 

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE

c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\lpk.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\inetmib1.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\snmpapi.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\oleacc.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\uxtheme.dll

 

c:\program files\common files\symantec shared\npc\nscext.dll

 

c:\windows\system32\atl71.dll

 

c:\windows\system32\msvcp71.dll

 

c:\windows\system32\msvcr71.dll

 

c:\program files\common files\symantec shared\ccl60u.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\olepro32.dll

 

End of Scan Section

===========================

 

Quarantined Infections

===========================

File: C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP698\A0277750.exe belonging to BroadCastPC

File: C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP698\A0277750.exe, Belonging to BroadCastPC

 

End Quarantine / Cleaned Infection Log

===========================

 

Cleaned Infections

===========================

MRU Path: C:\Documents and Settings\MOM\Recent Count: 7, Belonging to MRU Object

MRU Registry Key: S-1-5-21-77883839-1442915135-3015422921-1077\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1, Belonging to MRU Object

 

End of Cleaned Infections

===========================

Share this post


Link to post
Share on other sites

Hi,

 

* Download ComboFix from here.

**Save it to your desktop**

 

In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

 

In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

 

* Doubleclick combofix.exe

Follow the prompts.

Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.

Don't click on the window while the fix is running, because that will cause your system to hang.

In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".

 

When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.

Post the contents of this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post


Link to post
Share on other sites

Ok I ran combo fix from the desk top, by downloading it to my computer and paste it to a flash drive then paste to the "sick" computer desktop.

 

I got to where it said :

Please wait

ComboFix is preparing to run.

 

then I got an swreg.cfexe - Application Error

 

The instruction at "0x7c911de" referenced memory at "0x00200064". The memory could not be "read". Click ok to terminate the program

 

 

Gave me no other choice then to click ok so I clicked that and it is sitting on the desktop I am assuming going through the program anyways. Showing me the Disclaimer and asking me to type 1 to continue or 2 to abort.

 

I am just waiting to see if it is ok to go ahead with it when it got a bad start or to reboot the computer and start all over. If need be this computer can be put online to download into it if that would help just havent done that in case of infecting our network.

Share this post


Link to post
Share on other sites

Hi,

 

Showing me the Disclaimer and asking me to type 1 to continue or 2 to abort.
Yes, type 1 to continue.

In case you get the error again, download Combofix from the infected computer and make sure your Norton doesn't delete any related components.

Share this post


Link to post
Share on other sites

ComboFix 08-01-03.4 - MOM 2008-01-03 16:39:24.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.372 [GMT -5:00]

Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\WINDOWS\Fonts\a.zip

C:\WINDOWS\Fonts\acrsecB.fon

C:\WINDOWS\Fonts\acrsecI.fon

C:\WINDOWS\Fonts\svchost.exe

C:\WINDOWS\mrofinu1000106.exe

C:\WINDOWS\mrofinu1188.exe

C:\WINDOWS\NDNuninstall6_22.exe

C:\WINDOWS\system32\awtrrrp.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\nshCB.dll

C:\WINDOWS\system32\nsz10B.dll

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\rlvknlg.exe

C:\WINDOWS\system32\rlxf.dll

C:\WINDOWS\system32\sprt_ads.dll

C:\WINDOWS\system32\z1

C:\WINDOWS\system32\z1\aroblcidr31z.exe

C:\x.dat

C:\z.dat

D:\Autorun.inf

C:\WINDOWS\Fonts\'

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_SVCHOST

 

 

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))

.

 

2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f

2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0

2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft

2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS

2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec

2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic

2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView

2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute

2007-12-30 13:33 . 2007-12-30 14:05 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe

2007-12-30 13:33 . 2007-12-30 14:05 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe

2007-12-30 13:33 . 2007-12-30 14:05 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe

2007-12-30 13:33 . 2007-12-30 14:05 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe

2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT

2007-12-30 13:32 . 2007-12-30 14:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe

2007-12-30 13:31 . 2007-12-30 14:03 81,920 --a------ C:\WINDOWS\system32\ps2 .exe

2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat

2007-12-29 09:07 . 2007-12-29 09:07 128 --a------ C:\Documents and Settings\chance.CONNIE\services.exe

2007-12-29 09:01 . 2007-12-29 09:01 128 --a------ C:\Documents and Settings\Owner\services.exe

2007-12-28 18:11 . 2007-12-28 18:11 712,704 --a------ C:\WINDOWS\system32\rlph.dll

2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint

2007-12-28 17:18 . 2008-01-01 19:12 1,306 --ahs---- C:\WINDOWS\system32\ffhkj.ini2

2007-12-28 17:18 . 2008-01-01 19:14 1,306 --ahs---- C:\WINDOWS\system32\ffhkj.ini

2007-12-28 17:16 . 2007-12-28 17:16 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2007-12-28 17:15 . 2007-12-28 17:15 <DIR> d-------- C:\Program Files\Adssite Games Collection

2007-12-28 17:15 . 2007-12-28 17:15 77,353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe

2007-12-28 17:13 . 2007-12-31 06:56 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp

2007-12-28 17:13 . 2007-12-28 17:13 134 --a------ C:\n.bat

2007-12-28 17:12 . 2007-12-30 21:43 <DIR> d-------- C:\WINDOWS\system32\mr9

2007-12-28 17:12 . 2007-12-28 17:58 <DIR> d-------- C:\WINDOWS\system32\cc9

2007-12-28 17:12 . 2007-12-30 21:38 <DIR> d-------- C:\WINDOWS\system32\ardCo18

2007-12-28 17:12 . 2007-12-28 17:12 <DIR> d-------- C:\WINDOWS\system32\aj2

2007-12-28 17:12 . 2007-12-28 17:13 <DIR> d-------- C:\TEMP\cEeer12

2007-12-28 16:46 . 2007-12-28 18:09 380,928 --------- C:\WINDOWS\system32\rlls.dll_tobedeleted

2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2007-12-28 16:36 . 2007-12-28 17:07 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

2007-12-28 16:35 . 2007-12-28 16:35 <DIR> d-------- C:\Program Files\Dcads Games Collection

2007-12-28 16:35 . 2007-12-28 17:07 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe

2007-12-28 16:35 . 2007-12-28 17:54 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe

2007-12-28 07:34 . 2007-12-28 07:34 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio

2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared

2007-12-24 15:08 . 2007-12-30 14:00 <DIR> d-------- C:\Program Files\Napster

2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield

2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

2007-12-24 08:02 . 2007-12-24 08:02 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-02 02:08 --------- d-----w C:\Program Files\Free Offers from Freeze.com

2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft

2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft

2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-31 03:28 --------- d-----w C:\Program Files\Trojan Remover

2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant

2007-12-30 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire

2007-12-30 19:07 --------- d-----w C:\Program Files\Microsoft AntiSpyware

2007-12-30 19:01 --------- d-----w C:\Program Files\QuickTime

2007-12-30 19:01 --------- d-----w C:\Program Files\Norton AntiVirus

2007-12-30 19:01 --------- d-----w C:\Program Files\iTunes

2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE

2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio

2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat

2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat

2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG

.

----a-w			53,248 2007-12-30 19:05:47  C:\hp\bin\AUTOTKIT .EXE
----a-w			61,440 2007-12-30 19:04:52  C:\hp\KBD\KBD .EXE
----a-w			94,208 2007-12-30 19:07:13  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		   151,597 2007-12-30 19:01:39  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   110,592 2007-12-30 19:02:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w		   115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w			24,576 2007-12-30 19:07:27  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
----a-w			90,112 2007-12-30 19:05:42  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w			49,152 2007-12-30 19:05:16  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w			49,152 2007-12-30 19:05:11  C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w		   278,528 2007-12-30 19:04:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2007-12-30 19:03:05  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w		   473,920 2007-12-30 19:05:28  C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
----a-w			53,248 2007-12-30 19:01:34  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w		   323,216 2007-12-30 19:01:37  C:\Program Files\Napster\napster .exe
----a-w			26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe
----a-w			98,304 2007-12-30 19:01:54  C:\Program Files\QuickTime\qttask  .exe
----a-w			98,304 2007-12-31 01:52:56  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,003,520 2007-12-30 19:06:23  C:\Program Files\Real\RealOne Player\realplay .exe
----a-w		   295,936 2007-12-30 19:03:01  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w		 1,880,064 2007-12-30 19:02:47  C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
----a-w			50,744 2007-12-30 19:05:56  C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w		   385,024 2007-12-30 19:04:50  C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w			77,887 2007-12-30 19:03:24  C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
----a-w			57,344 2007-12-30 19:02:23  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w		 4,670,968 2007-12-30 17:42:13  C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
----a-w		 4,670,968 2007-12-31 01:57:31  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w		 4,670,968 2007-12-31 01:57:37  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w		 4,670,968 2007-12-30 19:06:26  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w		 4,670,968 2007-12-30 21:55:59  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w		 6,104,568 2007-12-30 19:02:24  C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
----a-w		   158,208 2007-12-30 18:31:18  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w		   212,992 2007-12-30 19:03:10  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2007-12-30 19:05:08  C:\WINDOWS\system\hpsysdrv .exe
----a-w		   118,784 2007-12-30 19:05:24  C:\WINDOWS\system32\hkcmd .exe
----a-w		   483,328 2007-12-30 19:05:17  C:\WINDOWS\system32\hphmon05 .exe
----a-w		   155,648 2007-12-30 19:05:04  C:\WINDOWS\system32\igfxtray .exe
----a-w		   155,648 2007-12-30 19:04:41  C:\WINDOWS\system32\NeroCheck .exe
----a-w			81,920 2007-12-30 19:03:37  C:\WINDOWS\system32\ps2 .exe

 

 

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

2007-12-24 08:02 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3}]

C:\WINDOWS\system32\qqtqnio.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]

C:\WINDOWS\system32\spads.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD16AA05-7045-4A15-A9FE-0E8CC5CB9083}]

C:\Program Files\MSN\potegy4444.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF}]

C:\Program Files\MSN\potegy83122.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 01:57 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-12-30 14:27 517768]

"THGuard"="C:\Program Files\TrojanHunter 4.0\THGuard.exe" [ ]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 15:20 115816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [2007-12-30 16:55 4670968]

 

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\

AutoTBar.exe [2003-06-18 21:19:08]

mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

 

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2007-12-30 14:05:47]

mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe

backup=C:\WINDOWS\pss\AutoTBar.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk

backup=C:\WINDOWS\pss\RegFreeze.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk

backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk

backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

2007-12-30 17:53 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]

ALCXMNTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]

2007-12-30 20:30 53248 --a------ C:\hp\bin\AUTOTKIT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]

2007-12-30 15:21 24576 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-12-30 15:08 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

2007-12-30 15:20 90112 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2007-12-30 15:20 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

2007-12-30 20:45 473920 --a------ C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

C:\WINDOWS\Fonts\svchost.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-12-30 14:40 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-12-30 15:25 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

2007-12-30 14:40 483328 --a------ C:\WINDOWS\System32\hphmon05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2007-12-30 17:53 49152 --a------ c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

2007-12-30 21:38 52736 --a------ c:\windows\system\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-12-30 15:20 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2007-12-30 17:53 61440 --a------ C:\HP\KBD\KBD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

C:\WINDOWS\system32\jkhff.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2007-12-30 15:20 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

2007-12-30 20:55 385024 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]

rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

C:\Program Files\Napster\napster.exe /systray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

rundll32.exe nview.dll,nViewLoadHook

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /installquiet /keeploaded /nodetect

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

2007-12-30 20:49 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

2007-12-30 14:41 81920 --a------ C:\WINDOWS\system32\ps2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]

2007-12-30 15:23 77887 --a------ c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask .exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2007-12-30 21:34 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\spads.dll DllVerify

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-12-30 20:44 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

C:\Program Files\Trojan Remover\Trjscan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2007-12-30 17:53 1880064 --a------ C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]

C:\Program Files\Web Buying\v1.8.6\webbuying.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

C:\Program Files\webHancer\Programs\whagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]

wfxsnt40.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

2007-12-30 20:56 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"omniserv"=2 (0x2)

"iPodService"=3 (0x3)

"Automatic LiveUpdate Scheduler"=2 (0x2)

 

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

 

.

Contents of the 'Scheduled Tasks' folder

"2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"

- C:\Program Files\Easy Internet signup\HPSdpApp.exe

"2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2007-12-29 01:00:13 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"

- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:

"2008-01-03 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N

"2008-01-03 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N

"2008-01-03 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-03 17:05:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Program Files\Softex\OmniPass\opxpgina.dll

.

Completion time: 2008-01-03 17:12:27 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-03 22:12:22

.

2007-12-30 21:32:20 --- E O F ---

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 5:33:57 PM, on 1/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3} - C:\WINDOWS\system32\qqtqnio.dll (file missing)

O2 - BHO: browser optimizer superiorads - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - C:\WINDOWS\system32\spads.dll (file missing)

O2 - BHO: (no name) - {BD16AA05-7045-4A15-A9FE-0E8CC5CB9083} - C:\Program Files\MSN\potegy4444.dll (file missing)

O2 - BHO: (no name) - {EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF} - C:\Program Files\MSN\potegy83122.dll (file missing)

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Share this post


Link to post
Share on other sites

Hi,

 

This looks really nasty. I also want to make you aware of the fact that you should change ALL your passwords afterwards, the passwords you use online + the passwords for your mailaccounts since they are known.

 

Do next please..

 

* Open notepad - don't use any other texteditor than notepad or the script will fail.

Copy/paste the text in the quotebox below into notepad:

 

File::
C:\WINDOWS\system32\rlls.dll_tobedeleted
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar.dll
C:\Documents and Settings\chance.CONNIE\services.exe
C:\Documents and Settings\Owner\services.exe
C:\WINDOWS\system32\rlph.dll
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\mrofinu1000106.exe.tmp
C:\n.bat


Folder::
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Dcads Games Collection
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\cc9
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\aj2
C:\TEMP\cEeer12
C:\Program Files\Adssite Games Collection

RENV::
C:\hp\bin\AUTOTKIT .EXE
C:\hp\KBD\KBD .EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\Program Files\Napster\napster .exe
C:\Program Files\Norton AntiVirus\osCheck .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealOne Player\realplay .exe
C:\Program Files\Trojan Remover\Trjscan .exe
C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
C:\Program Files\Yahoo!\browser\ybrwicon .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SMINST\RECGUARD .EXE
C:\WINDOWS\system\hpsysdrv .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\hphmon05 .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\ps2 .exe

Dirlook::
C:\WINDOWS\system32\1428841f

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c35148c-d7ee-4ab0-b5d9-8ca3405e9ab3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD16AA05-7045-4A15-A9FE-0E8CC5CB9083}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBCF4AD7-C8C9-4437-9FC0-86F685E4BCAF}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

 

Save this as txtfile CFScript

 

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

 

CFScript.gif

 

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

 

 

 

I also see your Internet Connection, LSP chain got broken, so do next as well please..

 

Go to start > run and type cmd

A dos Window will appear.

Type next in the dos window: netsh winsock reset

hit enter.

 

Reboot

 

This should solve your broken connection.

Share this post


Link to post
Share on other sites

I have one more question.. grandson had his flash drive in the infected computer I wonder if we have to be concerned about any files he may have put on the flash drive being infected?

 

also about the passwords was something in those logs that showed the passwords (I wasnt sure I posted those right since part of what I posted ended up in some pink code box) that you noticed or was there spyware that would have found passwords? Im just curious if I posted it wrong or if it was something else.

 

Ok I followed your instructions above and got the same error as the first time and then the program ran just as before. below are the new logs you asked for.

 

 

 

ComboFix 08-01-03.4 - MOM 2008-01-04 11:36:46.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.456 [GMT -5:00]

Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\MOM\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\Documents and Settings\chance.CONNIE\services.exe

C:\Documents and Settings\Owner\services.exe

C:\n.bat

C:\WINDOWS\mrofinu1000106.exe.tmp

C:\WINDOWS\system32\adssite_sidebar.dll

C:\WINDOWS\system32\adssite_sidebar_uninstall.exe

C:\WINDOWS\system32\dcads-remove.exe

C:\WINDOWS\system32\dcads_sidebar.dll

C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

C:\WINDOWS\system32\ffhkj.ini

C:\WINDOWS\system32\ffhkj.ini2

C:\WINDOWS\system32\rlls.dll_tobedeleted

C:\WINDOWS\system32\rlph.dll

C:\WINDOWS\system32\superiorads-uninst.exe

C:\WINDOWS\system32\vbzip10.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\chance.CONNIE\services.exe

C:\Documents and Settings\Owner\services.exe

C:\n.bat

C:\Program Files\Adssite Games Collection

C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe

C:\Program Files\Adssite Games Collection\BobAndBill.exe

C:\Program Files\Adssite Games Collection\CrazyBlocks.exe

C:\Program Files\Adssite Games Collection\Lines.exe

C:\Program Files\Adssite Games Collection\uninstall.exe

C:\Program Files\Adssite Games Collection\VideoPool.exe

C:\Program Files\Dcads Games Collection

C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe

C:\Program Files\Dcads Games Collection\BobAndBill.exe

C:\Program Files\Dcads Games Collection\CrazyBlocks.exe

C:\Program Files\Dcads Games Collection\Lines.exe

C:\Program Files\Dcads Games Collection\uninstall.exe

C:\Program Files\Dcads Games Collection\VideoPool.exe

C:\Program Files\Free Offers from Freeze.com

C:\Program Files\Free Offers from Freeze.com\bingocafe.ico

C:\Program Files\Free Offers from Freeze.com\bingocafe.url

C:\Program Files\Free Offers from Freeze.com\ebay.ico

C:\Program Files\Free Offers from Freeze.com\ebay.url

C:\Program Files\Free Offers from Freeze.com\mcc.ico

C:\Program Files\Free Offers from Freeze.com\mcc.url

C:\TEMP\cEeer12

C:\TEMP\cEeer12\skAt.log

C:\WINDOWS\mrofinu1000106.exe.tmp

C:\WINDOWS\system32\adssite_sidebar.dll

C:\WINDOWS\system32\adssite_sidebar_uninstall.exe

C:\WINDOWS\system32\aj2

C:\WINDOWS\system32\aj2\bumebrpl5.exe

C:\WINDOWS\system32\ardCo18

C:\WINDOWS\system32\cc9

C:\WINDOWS\system32\dcads-remove.exe

C:\WINDOWS\system32\dcads_sidebar.dll

C:\WINDOWS\system32\dcads_sidebar_uninstall.exe

C:\WINDOWS\system32\ffhkj.ini

C:\WINDOWS\system32\ffhkj.ini2

C:\WINDOWS\system32\mr9

C:\WINDOWS\system32\rlls.dll_tobedeleted

C:\WINDOWS\system32\rlph.dll

C:\WINDOWS\system32\superiorads-uninst.exe

C:\WINDOWS\system32\vbzip10.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))

.

 

2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f

2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0

2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft

2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS

2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec

2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic

2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView

2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute

2007-12-30 13:33 . 2007-12-30 14:05 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe

2007-12-30 13:33 . 2007-12-30 14:05 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe

2007-12-30 13:33 . 2007-12-30 14:05 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe

2007-12-30 13:33 . 2007-12-30 14:05 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe

2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT

2007-12-30 13:32 . 2007-12-30 14:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe

2007-12-30 13:31 . 2007-12-30 14:03 81,920 --a------ C:\WINDOWS\system32\ps2 .exe

2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat

2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint

2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio

2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared

2007-12-24 15:08 . 2007-12-30 14:00 <DIR> d-------- C:\Program Files\Napster

2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield

2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-01 06:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe

2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft

2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft

2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-31 03:28 --------- d-----w C:\Program Files\Trojan Remover

2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant

2007-12-30 19:41 81,920 ----a-w C:\WINDOWS\system32\ps2.exe

2007-12-30 19:40 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe

2007-12-30 19:40 155,648 ----a-w C:\WINDOWS\system32\NeroCheck.exe

2007-12-30 19:40 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe

2007-12-30 19:40 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe

2007-12-30 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire

2007-12-30 19:07 --------- d-----w C:\Program Files\Microsoft AntiSpyware

2007-12-30 19:01 --------- d-----w C:\Program Files\QuickTime

2007-12-30 19:01 --------- d-----w C:\Program Files\Norton AntiVirus

2007-12-30 19:01 --------- d-----w C:\Program Files\iTunes

2007-12-30 18:31 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe

2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE

2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio

2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe

2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat

2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat

2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG

.

----a-w			53,248 2007-12-30 19:05:47  C:\hp\bin\AUTOTKIT .EXE
----a-w			61,440 2007-12-30 19:04:52  C:\hp\KBD\KBD .EXE
----a-w			94,208 2007-12-30 19:07:13  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		   151,597 2007-12-30 19:01:39  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   110,592 2007-12-30 19:02:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w		   115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w			24,576 2007-12-30 19:07:27  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
----a-w			90,112 2007-12-30 19:05:42  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w			49,152 2007-12-30 19:05:16  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w			49,152 2007-12-30 19:05:11  C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w		   278,528 2007-12-30 19:04:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2007-12-30 19:03:05  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w		   473,920 2007-12-30 19:05:28  C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
----a-w			53,248 2007-12-30 19:01:34  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w		   323,216 2007-12-30 19:01:37  C:\Program Files\Napster\napster .exe
----a-w			26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe
----a-w			98,304 2007-12-30 19:01:54  C:\Program Files\QuickTime\qttask  .exe
----a-w			98,304 2007-12-31 01:52:56  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,003,520 2007-12-30 19:06:23  C:\Program Files\Real\RealOne Player\realplay .exe
----a-w		   295,936 2007-12-30 19:03:01  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w		 1,880,064 2007-12-30 19:02:47  C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
----a-w			50,744 2007-12-30 19:05:56  C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w		   385,024 2007-12-30 19:04:50  C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w			77,887 2007-12-30 19:03:24  C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
----a-w			57,344 2007-12-30 19:02:23  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w		 4,670,968 2007-12-30 17:42:13  C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
----a-w		 4,670,968 2007-12-31 01:57:31  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w		 4,670,968 2007-12-31 01:57:37  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w		 4,670,968 2007-12-30 19:06:26  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w		 4,670,968 2007-12-30 21:55:59  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w		 6,104,568 2007-12-30 19:02:24  C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
----a-w		   158,208 2007-12-30 18:31:18  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w		   212,992 2007-12-30 19:03:10  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2007-12-30 19:05:08  C:\WINDOWS\system\hpsysdrv .exe
----a-w		   118,784 2007-12-30 19:05:24  C:\WINDOWS\system32\hkcmd .exe
----a-w		   483,328 2007-12-30 19:05:17  C:\WINDOWS\system32\hphmon05 .exe
----a-w		   155,648 2007-12-30 19:05:04  C:\WINDOWS\system32\igfxtray .exe
----a-w		   155,648 2007-12-30 19:04:41  C:\WINDOWS\system32\NeroCheck .exe
----a-w			81,920 2007-12-30 19:03:37  C:\WINDOWS\system32\ps2 .exe

 

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\WINDOWS\system32\1428841f ----

 

C:\WINDOWS\system32\1428841f\

 

 

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-01 01:57 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-12-30 14:27 517768]

"THGuard"="C:\Program Files\TrojanHunter 4.0\THGuard.exe" [ ]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 15:20 115816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [2007-12-30 16:55 4670968]

 

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\

AutoTBar.exe [2003-06-18 21:19:08]

mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

 

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2007-12-30 14:05:47]

mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe

backup=C:\WINDOWS\pss\AutoTBar.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk

backup=C:\WINDOWS\pss\RegFreeze.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk

backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk

backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

2007-12-30 17:53 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]

2007-12-30 20:30 53248 --a------ C:\hp\bin\AUTOTKIT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]

2007-12-30 15:21 24576 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-12-30 15:08 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

2007-12-30 15:20 90112 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2007-12-30 15:20 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

2007-12-30 20:45 473920 --a------ C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-12-30 14:40 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-12-30 15:25 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

2007-12-30 14:40 483328 --a------ C:\WINDOWS\System32\hphmon05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2007-12-30 17:53 49152 --a------ c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

2007-12-30 21:38 52736 --a------ c:\windows\system\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-12-30 15:20 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2007-12-30 17:53 61440 --a------ C:\HP\KBD\KBD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2007-12-30 15:20 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

2007-12-30 20:55 385024 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

C:\Program Files\Napster\napster.exe /systray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-12-30 14:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

rundll32.exe nview.dll,nViewLoadHook

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /installquiet /keeploaded /nodetect

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

2007-12-30 20:49 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

2007-12-30 14:41 81920 --a------ C:\WINDOWS\system32\ps2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]

2007-12-30 15:23 77887 --a------ c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask .exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2007-12-30 21:34 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-12-30 20:44 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

C:\Program Files\Trojan Remover\Trjscan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2007-12-30 17:53 1880064 --a------ C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]

wfxsnt40.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

2007-12-30 20:56 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"omniserv"=2 (0x2)

"iPodService"=3 (0x3)

"Automatic LiveUpdate Scheduler"=2 (0x2)

 

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

 

.

Contents of the 'Scheduled Tasks' folder

"2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"

- C:\Program Files\Easy Internet signup\HPSdpApp.exe

"2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2007-12-29 01:00:13 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"

- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:

"2008-01-03 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N

"2008-01-04 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N

"2008-01-03 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-04 11:45:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Program Files\Softex\OmniPass\opxpgina.dll

.

Completion time: 2008-01-04 11:46:54

ComboFix-quarantined-files.txt 2008-01-04 16:46:30

ComboFix2.txt 2008-01-03 22:12:28

.

2007-12-30 21:32:20 --- E O F ---

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 11:53:44 AM, on 1/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\rlls.dll' missing

O11 - Options group: [iNTERNATIONAL] International*

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Share this post


Link to post
Share on other sites

Hi,

 

Please check and fix next entries in HijackThis:

 

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

 

They are legitimate files, but in this case they are infected, so we have to disable them and replace them afterwards+restore these entries via the HijackThis backup option AFTERWARDS. Do NOT use msconfig, because that may cause a reinfection again.

The Renv:: part in the CFScript failed, so we'll have to do this again.

 

After you have checked and fixed above entries in HijackThis,

 

* Please download RenV.exe to your desktop.

Doubleclick RenV.exe to run it. It will produce a log - please copy and paste the contents of the log in your next reply.

Share this post


Link to post
Share on other sites

Also, to answer some questions..

 

I have one more question.. grandson had his flash drive in the infected computer I wonder if we have to be concerned about any files he may have put on the flash drive being infected?
You are indeed dealing with a file infector, but this infector only infects files running from the Run entries in the registry, this means, programs that start up with Windows. So as long as you didn't put any of these files (wonder why you should do that anyway) on your flashdrive, you should be OK.

 

also about the passwords was something in those logs that showed the passwords (I wasnt sure I posted those right since part of what I posted ended up in some pink code box) that you noticed or was there spyware that would have found passwords? Im just curious if I posted it wrong or if it was something else.
No, but I know the infection you are dealing with collected all your passwords.

Share this post


Link to post
Share on other sites
Ran on Fri 01/04/2008 - 20:00:42.21

----a-w			53,248 2007-12-30 19:05:47  C:\hp\bin\AUTOTKIT .EXE
----a-w			61,440 2007-12-30 19:04:52  C:\hp\KBD\KBD .EXE
----a-w			94,208 2007-12-30 19:07:13  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w		   151,597 2007-12-30 19:01:39  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   110,592 2007-12-30 19:02:50  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w		   115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w			24,576 2007-12-30 19:07:27  C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify .exe
----a-w			90,112 2007-12-30 19:05:42  C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon .exe
----a-w			49,152 2007-12-30 19:05:16  C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w			49,152 2007-12-30 19:05:11  C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05 .exe
----a-w		   278,528 2007-12-30 19:04:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2007-12-30 19:03:05  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w		   473,920 2007-12-30 19:05:28  C:\Program Files\Microsoft AntiSpyware\gcasServ .exe
----a-w			53,248 2007-12-30 19:01:34  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w		   323,216 2007-12-30 19:01:37  C:\Program Files\Napster\napster .exe
----a-w			26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe
----a-w			98,304 2007-12-30 19:01:54  C:\Program Files\QuickTime\qttask  .exe
----a-w			98,304 2007-12-31 01:52:56  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,003,520 2007-12-30 19:06:23  C:\Program Files\Real\RealOne Player\realplay .exe
----a-w		   295,936 2007-12-30 19:03:01  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w		 1,880,064 2007-12-30 19:02:47  C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
----a-w			50,744 2007-12-30 19:05:56  C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w		   385,024 2007-12-30 19:04:50  C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w			77,887 2007-12-30 19:03:24  C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110 .EXE
----a-w			57,344 2007-12-30 19:02:23  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w		 4,670,968 2007-12-30 17:42:13  C:\Program Files\Yahoo!\Messenger\YahooMessenger   .exe
----a-w		 4,670,968 2007-12-31 01:57:31  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
----a-w		 4,670,968 2007-12-31 01:57:37  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w		 4,670,968 2007-12-30 19:06:26  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w		 4,670,968 2007-12-30 21:55:59  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w		 6,104,568 2007-12-30 19:02:24  C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine .exe
----a-w		   158,208 2007-12-30 18:31:18  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w		   212,992 2007-12-30 19:03:10  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2007-12-30 19:05:08  C:\WINDOWS\system\hpsysdrv .exe
----a-w		   118,784 2007-12-30 19:05:24  C:\WINDOWS\system32\hkcmd .exe
----a-w		   483,328 2007-12-30 19:05:17  C:\WINDOWS\system32\hphmon05 .exe
----a-w		   155,648 2007-12-30 19:05:04  C:\WINDOWS\system32\igfxtray .exe
----a-w		   155,648 2007-12-30 19:04:41  C:\WINDOWS\system32\NeroCheck .exe
----a-w			81,920 2007-12-30 19:03:37  C:\WINDOWS\system32\ps2 .exe

Entries:			   40  (40)
Directories:			0  Files:			40
Bytes:		 37,431,116  Blocks:	   73,114

Share this post


Link to post
Share on other sites

Thanks for clearing up the questions for me and disregard the post about my missing posts as they are back now.

 

Hope your evening is a good one. Your help is greatly appreciated!

Share this post


Link to post
Share on other sites

Hi,

 

* Now DRAG Log.txt (the above log which is on your desktop) into RenV.exe as you see in the picture below.

RenV.gif

 

When finished, it shall produce a new log for you. Post that log in your next reply.

 

Also rescan with Combofix and post the new log in your next reply as well.

Share this post


Link to post
Share on other sites

Ran on Sat 01/05/2008 -  4:57:04.28

------w		   115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w			26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe

Entries:				3  (3)
Directories:			0  Files:			 3
Bytes:			659,832  Blocks:		1,291

 

 

 

ComboFix 08-01-03.4 - MOM 2008-01-05 5:03:25.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.434 [GMT -5:00]

Running from: C:\Documents and Settings\MOM\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))

.

 

2008-01-05 04:57 . 2007-12-30 14:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-01-03 15:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 01:57 . 2008-01-01 01:57 9 --a------ C:\WINDOWS\system32\1428841f

2007-12-31 04:29 . 2007-12-31 04:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-30 19:50 . 2007-12-31 02:41 <DIR> d-------- C:\Program Files\TrojanHunter 4.0

2007-12-30 15:09 . 2007-12-30 15:09 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Lavasoft

2007-12-30 15:07 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-12-30 15:07 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-12-30 14:51 . 2003-08-23 09:34 <DIR> d-------- C:\Documents and Settings\MOM\WINDOWS

2007-12-30 14:51 . 2003-08-28 22:16 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Symantec

2007-12-30 14:51 . 2003-08-23 09:12 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\Sonic

2007-12-30 14:51 . 2003-08-23 22:26 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\SampleView

2007-12-30 14:51 . 2003-08-28 22:19 <DIR> d-------- C:\Documents and Settings\MOM\Application Data\interMute

2007-12-30 13:33 . 2007-12-30 14:22 178 --a------ C:\WINDOWS\system\hpsysdrv .DAT

2007-12-29 09:08 . 2007-12-29 09:08 1,358,156 --a------ C:\WINDOWS\system32\silc.dat

2007-12-28 17:31 . 2007-12-28 17:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Viewpoint

2007-12-28 16:46 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2007-12-26 11:32 . 2007-12-26 13:03 <DIR> d-------- C:\Documents and Settings\chance.CONNIE\Application Data\Roxio

2007-12-24 15:09 . 2007-12-24 15:09 <DIR> d-------- C:\Program Files\Common Files\Napster Shared

2007-12-24 15:08 . 2008-01-05 04:56 <DIR> d-------- C:\Program Files\Napster

2007-12-24 15:08 . 2007-12-24 15:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield

2007-12-24 15:08 . 2007-12-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-05 09:56 --------- d-----w C:\Program Files\Trojan Remover

2008-01-05 09:56 --------- d-----w C:\Program Files\QuickTime

2008-01-05 09:56 --------- d-----w C:\Program Files\Microsoft AntiSpyware

2008-01-05 09:56 --------- d-----w C:\Program Files\iTunes

2008-01-01 06:57 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe

2007-12-31 09:30 --------- d-----w C:\Program Files\Lavasoft

2007-12-31 09:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft

2007-12-31 09:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-12-31 00:24 --------- d-----w C:\Program Files\TrueAssistant

2007-12-30 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-30 19:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire

2007-12-30 19:05 483,328 ----a-w C:\WINDOWS\system32\hphmon05.exe

2007-12-30 19:05 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe

2007-12-30 19:05 118,784 ----a-w C:\WINDOWS\system32\hkcmd.exe

2007-12-30 19:03 81,920 ----a-w C:\WINDOWS\system32\ps2.exe

2007-12-30 19:01 --------- d-----w C:\Program Files\Norton AntiVirus

2007-12-30 18:31 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

2007-12-29 14:29 --------- d-----w C:\Program Files\Warcraft II BNE

2007-12-29 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-27 23:32 28,352 -c--a-w C:\WINDOWS\system32\drivers\MxlW2k.sys

2007-12-27 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio

2007-12-24 20:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2007-11-26 05:22 --------- d-----w C:\Program Files\Hewlett-Packard

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe

2005-07-31 16:18 2,492 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat

2005-07-25 20:12 284 ----a-w C:\Documents and Settings\chance.CONNIE\Application Data\ViewerApp.dat

2004-12-30 04:14 868 -c--a-w C:\Program Files\INSTALL.LOG

.

------w		   115,816 2007-12-30 19:01:58  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   517,768 2007-12-30 19:24:58  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w			26,248 2007-12-30 19:03:58  C:\Program Files\Norton AntiVirus\osCheck .exe

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-26 16:03 160832]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]

 

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\

AutoTBar.exe [2003-06-18 21:19:08]

mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

 

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\

AutoTBar.exe [2007-12-30 14:05:47]

mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe

backup=C:\WINDOWS\pss\AutoTBar.exeStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RegFreeze.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RegFreeze.lnk

backup=C:\WINDOWS\pss\RegFreeze.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk

backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]

path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk

backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]

2007-12-30 14:05 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]

2007-12-30 14:05 53248 --a------ C:\hp\bin\AUTOTKIT.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]

2007-12-30 14:07 24576 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-12-30 14:07 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

2007-12-30 14:05 90112 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2007-12-30 15:20 115816 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

2007-12-30 14:05 473920 --a------ C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-12-30 14:05 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-12-30 14:05 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]

2007-12-30 14:05 483328 --a------ C:\WINDOWS\System32\hphmon05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]

2007-12-30 14:05 49152 --a------ c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

2007-12-30 14:05 52736 --a------ c:\windows\system\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-12-30 14:05 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-12-30 14:04 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2007-12-30 14:04 61440 --a------ C:\HP\KBD\KBD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

2007-12-30 14:01 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

2007-12-30 14:04 385024 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

C:\Program Files\Napster\napster.exe /systray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-12-30 14:04 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

rundll32.exe nview.dll,nViewLoadHook

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /installquiet /keeploaded /nodetect

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

2007-12-30 20:49 26248 --a------ C:\Program Files\Norton AntiVirus\osCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

2007-12-30 14:03 81920 --a------ C:\WINDOWS\system32\ps2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]

2007-12-30 14:03 77887 --a------ c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask .exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]

C:\Program Files\Real\RealOne Player\realplay.exe /RunUPGToolCommandReBoot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2007-12-30 14:03 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-12-30 14:03 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

2007-12-30 14:03 295936 --a------ C:\Program Files\Trojan Remover\Trjscan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2007-12-30 14:02 1880064 --a------ C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]

wfxsnt40.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE -quiet

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

2007-12-30 14:02 57344 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -preload

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"omniserv"=2 (0x2)

"iPodService"=3 (0x3)

"Automatic LiveUpdate Scheduler"=2 (0x2)

 

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]

 

.

Contents of the 'Scheduled Tasks' folder

"2005-01-10 19:56:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"

- C:\Program Files\Easy Internet signup\HPSdpApp.exe

"2004-10-20 19:18:49 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1090250881.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I

"2008-01-05 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"

- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:

"2008-01-04 20:58:00 C:\WINDOWS\Tasks\WebReg 20040502155831.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20040502155831 /N

"2008-01-05 02:03:00 C:\WINDOWS\Tasks\WebReg 20041024210327.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041024210327 /N

"2008-01-04 19:03:00 C:\WINDOWS\Tasks\WebReg 20041027140322.job"

- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe[/TaskName 20041027140322 /N

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-05 05:07:38

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\Program Files\Softex\OmniPass\opxpgina.dll

.

Completion time: 2008-01-05 5:09:13

ComboFix-quarantined-files.txt 2008-01-05 10:09:01

ComboFix2.txt 2008-01-04 16:46:55

ComboFix3.txt 2008-01-03 22:12:28

.

2007-12-30 21:32:20 --- E O F ---

Share this post


Link to post
Share on other sites

Hi,

 

Please start your system in Windows Safe mode and perform the same step again. (Drag log.txt into Renv.exe)

°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.

Choose Safe Mode from the menu that will appear and press Enter.

Then reboot back to normal mode, rescan with Combofix and post the log in your next reply.

 

Also do next.. while back in normal mode..

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply as well.

Share this post


Link to post
Share on other sites

Extra note, have you done this previously?

 

Go to start > run and type cmd

A dos Window will appear.

Type next in the dos window: netsh winsock reset

hit enter.

 

Reboot

 

because from your previous HijackThislog I see your Internet connection was still "broken". Above step should fix it.

Share this post


Link to post
Share on other sites

That's Ok. Maybe your previous HijackThislog was before you used that command :(

As long as you can connect with the internet from this infected machine, it should be solved. :)

Share this post


Link to post
Share on other sites

Also I tried to get to safe mode before I contacted you and couldnt get there the system seems to hang at loading \Windows\System32\DRIVERS\agp440.sys

 

Now I just tried it again as you requested and it hangs at the same place still.

Share this post


Link to post
Share on other sites

OK this is the code done in safe mode.......... now im off to do the combo fix in normal start up.

 

 

Ran on Sat 01/05/2008 - 12:32:04.45

Entries:				0  (0)
Directories:			0  Files:			 0
Bytes:				  0  Blocks:			0

Share this post


Link to post
Share on other sites

Well, this looks good. Now the rest.. new Combofix log and log from the Online scanner.

We're making improvements here :(

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this