Jump to content


Photo

Search engine problems


  • This topic is locked This topic is locked
3 replies to this topic

#1 Steve114

Steve114

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 April 2008 - 05:32 AM

I've never experienced a problem like this before. Whenever I go to a search engine like Google or Yahoo, type in my topic, the search produces what it should. Such as CNN shows up all items related to CNN. It's when I click on one of the items to view the page, I get redirected to some advertisement website such as on-credit-scores.com/, encyclopedia.thefreedictionary.com, .nexplore.com/search, isourcecenter.com/search, questionmarket.com, dealtime.com, casalemedia.com, findwhat.com, etc. And Symantec keeps notifiying me of a downloader trojan that it keeps blocking from accessing my computer. I also keep getting a pop-up advertisement asking me if I want to block junk e-mails.
I've successfully found and deleted the Trojan downloader Zlob, but that has not helped. I've also deleted some things out of the registry that maybe I shouldn't have in the Browser Helper Object folder. I did write down the key strings in case I need to rekey them, but one I cannot delete: {1E8A61710-7264-4D0F-BEAE-D42A53123C75} Also, the key {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} looked very supicious, and I found that in one other place than the Browser Helper Object Folder.
Any suggestions?
Or am I doomed?
I look forward to any suggestions, if what I've deleted doesn't prevent me from booting my computer up again.
Thanks!!
Steve


C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: IE Custom Tools - {062F3F8B-CB94-4D76-A98A-EF800A438F01} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F546CAC59B6
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: S&D Coffee, Inc. S&D Coffee VPN Client.lnk = C:\Program Files\S&D Coffee\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O22 - SharedTaskScheduler: celtiberi - {7999c5e2-b500-4ba5-8e9a-99639eca65fc} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\S&D Coffee\VPN Client\cvpnd.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7814 bytes
Ad-Aware 2007 Build
Log File Created on: 2008-04-29 01:01:46
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: OWNER-Q0NQG636G
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: AMD Athlon™ XP 2600+
Memory Available: 23%
Total Physical Memory: 502775808 Bytes
Available Physical Memory: 110891008 Bytes
Total Page File Size: 1176842240 Bytes
Available On Page File: 720662528 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1914359808 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 73
Build Number: 0
Build Date and Time: 2008/04/23 05:55:34

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 156581
Infections Detected: 0
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 0 0

Infections Found
===========================

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\cscui.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\psbase.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\es.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\srvsvc.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\sens.dll

c:\windows\system32\browser.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\sxs.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\resutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\hid.dll

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\msi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\catsrvut.dll

c:\windows\system32\catsrv.dll

c:\windows\system32\mfcsubs.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wups2.dll

c:\windows\system32\wbem\wbemcons.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
c:\program files\common files\symantec shared\ccsvchst.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\common files\symantec shared\ccsvc.dll

c:\windows\system32\secur32.dll

c:\program files\common files\symantec shared\ccset.dll

c:\progra~1\common~1\symant~1\ccsetplg.dll

c:\progra~1\norton~1\norton~1\avpsvc32.dll

c:\windows\system32\shell32.dll

c:\progra~1\norton~1\norton~1\avpsvc32.loc

c:\program files\norton internet security\norton antivirus\avsubmit.dll

c:\program files\norton internet security\norton antivirus\avsubmit.loc

c:\progra~1\norton~1\isdatasv.dll

c:\progra~1\common~1\symant~1\npc\npcwmimn.dll

c:\progra~1\common~1\symant~1\sndsvc.dll

c:\windows\system32\iphlpapi.dll

c:\program files\common files\symantec shared\ccl60.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\progra~1\common~1\symant~1\submis~1\subeng.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\progra~1\common~1\symant~1\submis~1\subres.loc

c:\progra~1\common~1\symant~1\spbbc\tprocplg.dll

c:\windows\system32\msi.dll

c:\progra~1\common~1\symant~1\ccevtplg.dll

c:\windows\system32\netman.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\samlib.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\esent.dll

c:\progra~1\common~1\symant~1\opc\{31011~1\cltnetcn.dll

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\pifeng.dll

c:\windows\system32\userenv.dll

c:\program files\norton internet security\setevthp.dll

c:\program files\common files\symantec shared\ccevtcli.dll

c:\progra~1\common~1\symant~1\firewall\fwagent.dll

c:\progra~1\common~1\symant~1\spbbc\spbbcevt.dll

c:\progra~1\common~1\symant~1\srtsp\srtsp32.dll

c:\progra~1\common~1\symant~1\ccsetevt.dll

c:\windows\system32\atl71.dll

c:\progra~1\norton~1\issvc.dll

c:\program files\common files\symantec shared\ccprosub.dll

c:\progra~1\norton~1\norton~1\navevent.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\symneti.dll

c:\program files\common files\symantec shared\firewall\fwhelper.dll

c:\program files\common files\symantec shared\antivirus\avifc.dll

c:\program files\norton internet security\isdatacl.dll

c:\program files\common files\symantec shared\appcore\appmgr32.dll

c:\program files\common files\symantec shared\antivirus\avexclu.dll

c:\program files\common files\symantec shared\ncoitf.dll

c:\program files\norton internet security\fwplugin.dll

c:\program files\norton internet security\fwevent.dll

c:\program files\common files\symantec shared\npc\npcwmidt.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\program files\norton internet security\imcfg.dll

c:\program files\common files\symantec shared\spbbc\bbrgen.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\msxml3.dll

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\pollmgr.dll

c:\windows\system32\apphelp.dll

c:\progra~1\common~1\symant~1\submis~1\subconn.dll

c:\progra~1\common~1\symant~1\virusd~1\20080428.003\cceraser.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\program files\common files\symantec shared\qbackup.dll

c:\windows\system32\cscdll.dll

c:\program files\common files\symantec shared\ccaleng.dll

c:\program files\common files\symantec shared\spbbc\cctrstpc.dll

c:\program files\common files\symantec shared\ccscanw.dll

c:\program files\common files\symantec shared\ecmldr32.dll

c:\program files\common files\symantec shared\defutdcd.dll

c:\program files\common files\symantec shared\msl\msl.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\urlmon.dll

c:\program files\norton internet security\norton antivirus\navlogv.dll

c:\program files\norton internet security\norton antivirus\navlogv.loc

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
c:\program files\common files\symantec shared\appcore\appsvc32.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\atl71.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\common files\symantec shared\appcore\appmgr32.dll

c:\program files\common files\symantec shared\appcore\appset32.dll

c:\program files\common files\symantec shared\ccset.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\common files\symantec shared\ccsvc.dll

c:\program files\common files\symantec shared\antivirus\avscan.dll

c:\windows\system32\userenv.dll

c:\program files\common files\symantec shared\antivirus\av.loc

c:\program files\common files\symantec shared\antivirus\avdefmgr.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\program files\common files\symantec shared\antivirus\avmodule.dll

c:\windows\system32\uxtheme.dll

c:\program files\common files\symantec shared\qbackup.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\program files\common files\symantec shared\antivirus\avexclu.dll

c:\program files\common files\symantec shared\srtsp\srtsp32.dll

c:\program files\common files\symantec shared\ccprosub.dll

c:\windows\system32\msi.dll

c:\progra~1\common~1\symant~1\ccevtcli.dll

c:\program files\common files\symantec shared\spbbc\spbbccli.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\mstask.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\mpr.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\sensapi.dll

c:\program files\common files\symantec shared\ccscanw.dll

c:\program files\common files\symantec shared\ecmldr32.dll

c:\program files\common files\symantec shared\msl\msl.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\program files\common files\symantec shared\dec_abi.dll

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\program files\common files\symantec shared\ccpd-lc\symlcnet.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\hpzsnt09.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\spool\drivers\w32x86\3\hpzpm309.dll

c:\windows\system32\spool\drivers\w32x86\3\hpz2ku09.dll

c:\windows\system32\winsta.dll

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
c:\program files\symantec\liveupdate\aluschedulersvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\program files\symantec\liveupdate\msvcp71.dll

c:\program files\symantec\liveupdate\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\uxtheme.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\userenv.dll

c:\windows\system32\version.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\symantec\liveupdate\pslucomserver_3_2.dll

c:\windows\system32\msi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

C:\PROGRAM FILES\S&D COFFEE\VPN CLIENT\CVPND.EXE
c:\program files\s&d coffee\vpn client\cvpnd.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msvcirt.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\vsdata.dll

c:\windows\system32\vsinit.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\apphelp.dll

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\common files\microsoft shared\vs7debug\mdm.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\psapi.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\common files\microsoft shared\vs7debug\msdbg2.dll

C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\netshell.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\credui.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mydocs.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\mlang.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msctf.dll

c:\windows\system32\mslbui.dll

c:\program files\common files\symantec shared\npc\nscext.dll

c:\windows\system32\atl71.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\samlib.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\browselc.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\system32\sxs.dll

c:\windows\system32\duser.dll

c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msdmo.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\d3dim700.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\shdoclc.dll

c:\windows\system32\msgina.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\printui.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\wzcdlg.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\zipfldr.dll

c:\program files\ibm\client access\shared\cwbunddh.dll

c:\windows\system32\cwbnl.dll

c:\windows\system32\cwbsv.dll

c:\windows\system32\cwbbb1.dll

c:\windows\system32\cwbrw.dll

c:\windows\system32\msvcirt.dll

c:\windows\system32\cwbnl1.dll

c:\windows\system32\cwbcf.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\cwbcftft.dll

c:\windows\system32\cwbadnrt.dll

c:\windows\system32\cwbab.dll

c:\windows\system32\cwbnltrn.dll

c:\windows\system32\cwbad.dll

c:\windows\system32\cwbmsgbx.dll

c:\windows\system32\cwbnldlg.dll

c:\windows\system32\cwbuireg.dll

c:\windows\system32\cwbab1.dll

c:\windows\system32\mfc42.dll

c:\program files\ibm\client access\mri2924\cwbmsgb.dll

c:\windows\system32\dsound.dll

c:\windows\system32\ksuser.dll

C:\WINDOWS\SOUNDMAN.EXE
c:\windows\soundman.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msctf.dll

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZTSB09.EXE
c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msvcrt.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\spool\drivers\w32x86\3\hpzr3209.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
c:\program files\common files\symantec shared\ccapp.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\symneti.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\common files\symantec shared\ccsvc.dll

c:\program files\common files\symantec shared\ccset.dll

c:\program files\common files\symantec shared\appcore\appplg32.dll

c:\program files\common files\symantec shared\appcore\appmgr32.dll

c:\windows\system32\atl71.dll

c:\program files\common files\symantec shared\appcore\appset32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\progra~1\common~1\symant~1\ccalert.dll

c:\progra~1\common~1\symant~1\ccemlpxy.dll

c:\windows\system32\mswsock.dll

c:\program files\norton internet security\fwalert.dll

c:\program files\norton internet security\fwalres.dll

c:\progra~1\norton~1\norton~1\defalert.dll

c:\progra~1\norton~1\norton~1\avpapp32.dll

c:\progra~1\norton~1\nistray.dll

c:\progra~1\norton~1\islalert.dll

c:\program files\common files\symantec shared\npc\npctray.dll

c:\program files\common files\symantec shared\cf\pep2.dll

c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\alerteng.dll

c:\program files\common files\symantec shared\coh\seshlp.dll

c:\program files\common files\symantec shared\ccsetevt.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\program files\common files\symantec shared\ccprosub.dll

c:\windows\system32\secur32.dll

c:\progra~1\norton~1\alertres.dll

c:\windows\system32\msi.dll

c:\progra~1\norton~1\nistrres.dll

c:\progra~1\common~1\symant~1\ccevtcli.dll

c:\program files\common files\symantec shared\ncoitf.dll

c:\program files\norton internet security\setevthp.dll

c:\progra~1\norton~1\norton~1\avpapp32.loc

c:\program files\common files\symantec shared\antivirus\avifc.dll

c:\program files\norton internet security\isdatacl.dll

c:\program files\norton internet security\fwevent.dll

c:\program files\common files\symantec shared\npc\datapvdr.dll

c:\program files\common files\symantec shared\coh\sh0003.dll

c:\windows\system32\winspool.drv

c:\program files\common files\symantec shared\npc\nschlpr2.dll

c:\progra~1\common~1\symant~1\rcemlpxy.dll

c:\windows\system32\symredir.dll

c:\program files\common files\symantec shared\antivirus\avmail.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\program files\common files\symantec shared\npc\pcstatus.dll

c:\program files\common files\symantec shared\npc\uilicplg.dll

c:\program files\common files\symantec shared\npc\nscwscr2.dll

c:\program files\common files\symantec shared\npc\npcwmicl.dll

c:\program files\common files\symantec shared\npc\npcwmidt.dll

c:\program files\common files\symantec shared\antivirus\avexclu.dll

c:\program files\common files\symantec shared\npc\pepevnt.dll

c:\windows\system32\winmm.dll

c:\windows\system32\mslbui.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\program files\common files\symantec shared\cf\cfv2pack.dll

c:\program files\common files\symantec shared\cf\cfepack.dll

c:\windows\system32\rsaenh.dll

c:\progra~1\common~1\symant~1\pif\{b8e1d~1\alertui.dll

c:\windows\system32\msimg32.dll

c:\progra~1\common~1\symant~1\rcalert.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\urlmon.dll

c:\program files\common files\symantec shared\npc\uicntnr.dll

c:\program files\common files\symantec shared\symtheme\1.0\symtheme.dll

c:\windows\system32\comdlg32.dll

c:\program files\common files\symantec shared\symhtml\1.0\symhtml.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\usp10.dll

c:\program files\norton internet security\isstatus.dll

c:\windows\system32\mlang.dll

C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
c:\program files\quicktime\qttask.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\msctf.dll

C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msutb.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
c:\program files\messenger\msmsgs.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\version.dll

c:\windows\system32\winmm.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpob2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\sxs.dll

c:\windows\system32\es.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\credui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msi.dll

c:\program files\messenger\msgsc.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\program files\lavasoft\ad-aware 2007\lavalicense.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\secur32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\MROFINU.EXE
c:\windows\mrofinu.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcirt.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\apphelp.dll

C:\PROGRAM FILES\SVCONR\SVCONR.EXE
c:\program files\svconr\svconr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wininet.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\msctf.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
c:\program files\internet explorer\iexplore.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ieui.dll

c:\windows\system32\msimg32.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\secur32.dll

c:\windows\system32\mslbui.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\setupapi.dll

c:\program files\microsoft office\office11\msohev.dll

c:\windows\ime\sptip.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\ime\spgrmr.dll

c:\windows\system32\msi.dll

c:\program files\common files\microsoft shared\ink\skchui.dll

c:\program files\internet explorer\ieproxy.dll

c:\windows\system32\mlang.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\common files\symantec shared\coshared\browser\1.7\nppbho.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\common files\symantec shared\ccl60u.dll

c:\program files\common files\symantec shared\appcore\appmgr32.dll

c:\windows\system32\atl71.dll

c:\program files\common files\symantec shared\appcore\appset32.dll

c:\program files\common files\symantec shared\ccvrtrst.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\common files\symantec shared\ccsvc.dll

c:\program files\common files\symantec shared\coshared\browser\1.7\brrules.dll

c:\windows\system32\userenv.dll

c:\program files\common files\symantec shared\coshared\browser\1.7\brcore.dll

c:\program files\common files\symantec shared\coshared\wp\1.7\nppwui.dll

c:\program files\common files\symantec shared\coshared\browser\1.7\uibho.dll

c:\windows\system32\riched20.dll

c:\program files\common files\symantec shared\coshared\browser\1.7\uibhores.loc

c:\program files\common files\symantec shared\coshared\wp\1.7\nppwbho.dll

c:\program files\common files\symantec shared\coshared\wp\1.7\nppw.dll

c:\windows\system32\cabinet.dll

c:\program files\common files\symantec shared\antivirus\avifc.dll

c:\windows\system32\sxs.dll

c:\windows\system32\actxprxy.dll

c:\program files\norton internet security\isres.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\jscript.dll

c:\windows\system32\mshtmled.dll

c:\windows\system32\imgutil.dll

c:\windows\system32\pngfilt.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\iepeers.dll

c:\windows\system32\winspool.drv

c:\windows\system32\macromed\flash\flash9e.ocx

c:\windows\system32\comdlg32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\ddrawex.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\vbscript.dll

c:\windows\system32\msxml3.dll

c:\program files\common files\symantec shared\ccset.dll

c:\windows\system32\dxtrans.dll

c:\windows\system32\atl.dll

c:\windows\system32\dxtmsft.dll

c:\windows\system32\usp10.dll

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
c:\program files\outlook express\msimn.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\program files\outlook express\msoe.dll

c:\windows\system32\atl.dll

c:\windows\system32\msoert2.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msoeacct.dll

c:\windows\system32\inetcomm.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\acctres.dll

c:\windows\system32\inetres.dll

c:\program files\outlook express\msoeres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msident.dll

c:\windows\system32\msidntld.dll

c:\windows\system32\pstorec.dll

c:\program files\common files\system\directdb.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\shdoclc.dll

c:\windows\system32\mlang.dll

c:\program files\messenger\msgsc.dll

c:\windows\system32\msi.dll

c:\program files\common files\system\wab32.dll

c:\program files\common files\system\wab32res.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\mslbui.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\msimtf.dll

c:\windows\ime\sptip.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\ime\spgrmr.dll

c:\program files\common files\microsoft shared\ink\skchui.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\jscript.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dxtrans.dll

c:\windows\system32\ddrawex.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\dxtmsft.dll

c:\windows\system32\sxs.dll

c:\windows\system32\mshtmled.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\hlink.dll

c:\windows\system32\riched20.dll

c:\windows\system32\rsaenh.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\program files\lavasoft\ad-aware 2007\lavalicense.dll

c:\windows\system32\winmm.dll

c:\windows\system32\shfolder.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\userenv.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\secur32.dll

c:\program files\lavasoft\ad-aware 2007\lavamessage.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mslbui.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

End of Scan Section
===========================

Attached Files



#2 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 30 April 2008 - 08:32 AM

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 Steve114

Steve114

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 01 May 2008 - 05:14 AM

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here




That did the trick.
Or are there more steps?
Thanks for your help!!
Sincerely,
Steve


Here is the Combofix log, and then the new Hijackthis Log...
ComboFix 08-04-29.5 - Stephen 2008-04-30 22:37:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT -4:00]
Running from: C:\Documents and Settings\Stephen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Stephen\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Program Files\Temporary
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\sft.res

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-29 01:07 . 2008-04-29 01:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 22:44 . 2008-04-30 20:03 <DIR> d-------- C:\Program Files\Svconr
2008-04-28 22:17 . 2008-04-28 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 22:15 . 2008-04-28 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 22:57 . 2008-04-30 15:49 1,695 --a------ C:\WINDOWS\system32\clbcfg.dat
2008-04-27 22:57 . 2008-04-27 22:57 578 --a------ C:\WINDOWS\index.html
2008-04-27 22:12 . 2008-04-27 22:12 <DIR> d-------- C:\WINDOWS\system32\pnVes06
2008-04-27 22:12 . 2008-04-27 22:12 <DIR> d-------- C:\Temp\zvebs14
2008-04-27 22:12 . 2008-04-27 22:12 <DIR> d-------- C:\Temp
2008-04-27 22:12 . 2001-08-18 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-01 02:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-29 02:18 --------- d-----w C:\Program Files\Lavasoft
2008-04-29 02:18 --------- d-----w C:\Documents and Settings\Stephen\Application Data\Lavasoft
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 01:30 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-07 18:03 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-03-07 18:03 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-03-07 17:40 13,035 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-03-07 17:40 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-03-07 17:39 39,984 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-03-07 17:39 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-03-07 17:39 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-03-07 17:39 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-03-07 17:39 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-03-07 17:39 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-03-07 17:39 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2005-09-21 23:29 56,024 ----a-w C:\Documents and Settings\Stephen\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 07:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2003-09-10 05:07 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 15:12 176128]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2000-11-28 06:10 20480]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2000-11-28 06:10 24576]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2000-11-28 06:10 49152]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2000-11-28 06:10 20480]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 22:05 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-26 01:00 771440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-31 22:37 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
S&D Coffee, Inc. S&D Coffee VPN Client.lnk - C:\Program Files\S&D Coffee\VPN Client\vpngui.exe [2006-02-17 18:24:31 1445904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen^Start Menu^Programs^Startup^Forget Me Not Reminders.lnk]
path=C:\Documents and Settings\Stephen\Start Menu\Programs\Startup\Forget Me Not Reminders.lnk
backup=C:\WINDOWS\pss\Forget Me Not Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 19:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 16:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-31 22:37 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 1997-08-15 00:00 34304 C:\Program Files\Microsoft Money\System\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2003-05-07 04:32 36864 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2e36be4-0991-11dc-9113-000180561e83}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 22:39:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-30 22:41:15
ComboFix-quarantined-files.txt 2008-05-01 02:41:11

Pre-Run: 64,205,017,088 bytes free
Post-Run: 65,234,448,384 bytes free

149 --- E O F --- 2008-04-12 04:22:24


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:57 AM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\S&D Coffee\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: IE Custom Tools - {062F3F8B-CB94-4D76-A98A-EF800A438F01} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: S&D Coffee, Inc. S&D Coffee VPN Client.lnk = C:\Program Files\S&D Coffee\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symant...ex/symdlmgr.cab
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\S&D Coffee\VPN Client\cvpnd.exe
O23 - Service: Client Access Express Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7477 bytes

#4 Blade81

Blade81

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 6582 posts

Posted 01 May 2008 - 01:29 PM

Hi Steve

How do you explain this? Posting same topic on multiple forums is wasting of helper resources. This topic is now closed. Teacup61 will help you at Bleeping Computer. If you have posted your topic to other forums too I recommend you let those know ASAP that you're already helped.
Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013

UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users