Hello,

I can't seem to get rid of SystemErrorFixer no matter what I do.

I have tried Ad-Aware, Windows Defender (I know, but I still tried), removing all of the keys, directorys listed on different sites...

I have tried SDFix, but when I click on RunThis a box pops up on the screen and then disappears. I'm not sure if this is due to the fact that I'm using Vista or not.

Could someone please tell me where I need to go from here?

Thank you.

I have a Toshiba Satellite Notebook running Vista SP1 (model P205D-S7802), Symantec AntiVirus 10.2, and the latest version of Ad-Aware.

I'm not sure if this will help, but I saw a couple requests for logs on other posts:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:03 AM, on 5/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PILATE~1\AppData\Local\Temp\rqRKEUnL.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PILATE~1\AppData\Local\Temp\tuvSkhfg.dll,c
O4 - HKCU\..\Run: [BM05cbbd2d] Rundll32.exe "C:\Users\PILATE~1\AppData\Local\Temp\djotowjb.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:

--
End of file - 3266 bytes

I can't find the Ad-Aware log on Vista. I followed the C:\Users\Profile\AppData\ but there is no Lavasoft, Ad-Aware, or Logs folder. Is it placed somewhere else on Vista? Or is there another way to find it?


Mod.edit/merged to one/Raziel

I found it:

Ad-Aware Build
Log File Created on: 2008-05-22 10:10:43
Using Definitions File: C:\ProgramData\Lavasoft\Ad-Aware\core.aawdef
Computer name: PILATESAPPARATU
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: AMD Turion™ 64 X2 Mobile Technology TL-58
Memory Available: 53%
Total Physical Memory: 2010451968 Bytes
Available Physical Memory: 1056907264 Bytes
Total Page File Size: 4281524224 Bytes
Available On Page File: 3318517760 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1916248064 Bytes
OS: Microsoft Windows Vista Service Pack 1 (Build 6001)

Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 84
Build Number: 0
Build Date and Time: 2008/05/19 09:47:07

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 204508
Infections Detected: 0
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 0 0

Infections Found
===========================

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\user32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\sxs.dll

c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\user32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\sxs.dll

C:\WINDOWS\SYSTEM32\WININIT.EXE
c:\windows\system32\wininit.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\schannel.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ole32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\secur32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\psapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\windowscodecs.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\slc.dll

c:\windows\system32\mpr.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\feclient.dll

c:\windows\system32\mpr.dll

c:\windows\system32\userenv.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\slc.dll

c:\windows\system32\sysntfy.dll

c:\windows\system32\wevtapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\cngaudit.dll

c:\windows\system32\authz.dll

c:\windows\system32\ncrypt.dll

c:\windows\system32\bcrypt.dll

c:\windows\system32\credssp.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wship6.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\winbrand.dll

c:\windows\system32\schannel.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\tspkg.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\scecli.dll

c:\windows\system32\keyiso.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\LSM.EXE
c:\windows\system32\lsm.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\sysntfy.dll

c:\windows\system32\wmsgapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\firewallapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\winsta.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WPF\PRESENTATIONFONTCACHE.EXE
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1434_none_d08b6002442c891
f\msvcr80.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\92acb5125734e2ae96b5cc7f4cf3fa60\mscorlib.ni.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorsec.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imagehlp.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ncrypt.dll

c:\windows\system32\bcrypt.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\netapi32.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system\9b2dec076f82ca252468342820a74221\system.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\presentationfontcac#86f8b37f47df6e7b659dd0cea6e042b\presentationfontcache.ni.exe

c:\windows\assembly\nativeimages_v2.0.50727_32\system.serviceproce#\f74e2955ca6f94391399736ac5f3e5e0\system.serviceprocess.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\windowsbase\9f52692cb8bf74f2bdfb37e324443dd4\windowsbase.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\presentationcore\9d99035a87041ff1627ddb940f9acf60\presentationcore.ni.dll

c:\windows\assembly\gac_32\presentationcore\3.0.0.0__31bf3856ad364e35\presentationcore.dll

c:\windows\system32\shfolder.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\firewallapi.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\fwpuclnt.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\program files\windows defender\mpsvc.dll

c:\windows\system32\version.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\windows defender\mpclient.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\ncrypt.dll

c:\windows\system32\bcrypt.dll

c:\programdata\microsoft\windows defender\definition updates\{620af2c4-f191-4a72-a862-eb3b493949b8}\mpengine.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ktmw32.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\program files\windows defender\mprtplug.dll

c:\windows\system32\tdh.dll

c:\windows\system32\credssp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\wscapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\wevtsvc.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\version.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\mmdevapi.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\audioses.dll

c:\windows\system32\audioeng.dll

c:\windows\system32\avrt.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\mmdevapi.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\uxsms.dll

c:\windows\system32\tabsvc.dll

c:\windows\system32\hid.dll

c:\windows\system32\slc.dll

c:\windows\system32\wudfsvc.dll

c:\windows\system32\wudfplatform.dll

c:\windows\system32\version.dll

c:\windows\system32\wevtapi.dll

c:\windows\system32\wlansvc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\wlanmsm.dll

c:\windows\system32\wlansec.dll

c:\windows\system32\onex.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\eappcfg.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5a
c9c619f3\gdiplus.dll

c:\windows\system32\duser.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\authz.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\wlgpclnt.dll

c:\windows\system32\l2gpstore.dll

c:\windows\system32\wlanutil.dll

c:\windows\system32\sysntfy.dll

c:\windows\system32\winscard.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\bcrypt.dll

c:\windows\system32\msxml6.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\credssp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\emdmgmt.dll

c:\windows\system32\wdscore.dll

c:\windows\system32\slwga.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\netman.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\pcasvc.dll

c:\windows\system32\sysmain.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\wpdbusenum.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\wdi.dll

c:\windows\system32\pcadm.dll

c:\windows\system32\netshell.dll

c:\windows\system32\nlaapi.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\credui.dll

c:\windows\system32\atl.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\radardt.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\mmcss.dll

c:\windows\system32\avrt.dll

c:\windows\system32\gpsvc.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\authz.dll

c:\windows\system32\sysntfy.dll

c:\windows\system32\winsta.dll

c:\windows\system32\nlaapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sens.dll

c:\windows\system32\profsvc.dll

c:\windows\system32\atl.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\eapsvc.dll

c:\windows\system32\eapphost.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\umb.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\propsys.dll

c:\windows\system32\sxs.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll

c:\windows\system32\wiarpc.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\wevtapi.dll

c:\windows\system32\ktmw32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\credssp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\taskcomp.dll

c:\windows\system32\version.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\tschannel.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\sscore.dll

c:\windows\system32\firewallapi.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\credui.dll

c:\windows\system32\shell32.dll

c:\windows\system32\resutils.dll

c:\windows\system32\aelupsvc.dll

c:\windows\system32\ikeext.dll

c:\windows\system32\fwpuclnt.dll

c:\windows\system32\ncrypt.dll

c:\windows\system32\bcrypt.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\wbemcomn.dll

c:\windows\system32\iphlpsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\sqmapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\vsstrace.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\mpr.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\napinsp.dll

c:\windows\system32\pnrpnsp.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\bitsperf.dll

c:\windows\system32\bitsigd.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\esent.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mspatcha.dll

c:\windows\system32\wmsgapi.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\rasppp.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\rasqec.dll

c:\windows\system32\qutil.dll

c:\windows\system32\raschap.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\winscard.dll

C:\WINDOWS\SYSTEM32\SLSVC.EXE
c:\windows\system32\slsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\slc.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\es.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\propsys.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\nsisvc.dll

c:\windows\system32\secur32.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\winbrand.dll

c:\windows\system32\fdrespub.dll

c:\windows\system32\wsdapi.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\firewallapi.dll

c:\windows\system32\version.dll

c:\windows\system32\fundisc.dll

c:\windows\system32\atl.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\sxs.dll

c:\windows\system32\w32time.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\netprofm.dll

c:\windows\system32\nlaapi.dll

c:\windows\system32\npmproxy.dll

c:\windows\system32\napinsp.dll

c:\windows\system32\pnrpnsp.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\sstpsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\secur32.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wship6.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\atl.dll

c:\windows\system32\vsstrace.dll

c:\windows\system32\authz.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\mpr.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\nlasvc.dll

c:\windows\system32\wevtapi.dll

c:\windows\system32\ncsi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\bcrypt.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\es.dll

c:\windows\system32\propsys.dll

c:\windows\system32\credssp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\winsta.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\nlaapi.dll

c:\windows\system32\napinsp.dll

c:\windows\system32\pnrpnsp.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\esent.dll

c:\windows\system32\msdtckrm.dll

c:\windows\system32\version.dll

c:\windows\system32\ktmw32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\credui.dll

c:\windows\system32\shell32.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\hid.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware\ceapi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\program files\lavasoft\ad-aware\pkarchive85u.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\apphelp.dll

C:\WINDOWS\SYSTEM32\DWM.EXE
c:\windows\system32\dwm.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\dwmredir.dll

c:\windows\system32\slwga.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\slc.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\milcore.dll

c:\windows\system32\dwmapi.dll

c:\users\pilate~1\appdata\local\temp\tuvskhfg.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\shell32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\dwmapi.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18000_none_9e752e5a
c9c619f3\gdiplus.dll

c:\windows\system32\slc.dll

c:\windows\system32\propsys.dll

c:\windows\system32\browseui.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\duser.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\windowscodecs.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\acsignicon.dll

c:\windows\system32\winspool.drv

c:\windows\system32\oleacc.dll

c:\windows\system32\iconcodecservice.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msiltcfg.dll

c:\windows\system32\version.dll

c:\windows\system32\msi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\timedate.cpl

c:\windows\system32\atl.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\userenv.dll

c:\windows\system32\winbrand.dll

c:\windows\system32\shacct.dll

c:\windows\system32\msshsq.dll

c:\windows\system32\naturallanguage6.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nlsdata0009.dll

c:\windows\system32\nlslexicons0009.dll

c:\windows\system32\authui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\winmm.dll

c:\windows\system32\explorerframe.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\ksuser.dll

c:\windows\system32\mmdevapi.dll

c:\windows\system32\avrt.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\audioses.dll

c:\windows\system32\audioeng.dll

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\cscapi.dll

c:\program files\common files\autodesk shared\acsigncore16.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\es.dll

c:\windows\system32\sndvolsso.dll

c:\windows\ehome\ehsso.dll

c:\windows\system32\hid.dll

c:\windows\system32\netshell.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\nlaapi.dll

c:\windows\system32\pnidui.dll

c:\windows\system32\qutil.dll

c:\windows\system32\wevtapi.dll

c:\windows\system32\wlanutil.dll

c:\windows\system32\firewallapi.dll

c:\windows\system32\npmproxy.dll

c:\windows\system32\wlanapi.dll

c:\windows\system32\onex.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\eappcfg.dll

c:\windows\system32\bcrypt.dll

c:\windows\system32\alttab.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\srchadmin.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\synccenter.dll

c:\windows\system32\mssprxy.dll

c:\windows\system32\imapi2.dll

c:\windows\system32\wscntfy.dll

c:\windows\system32\wscapi.dll

c:\windows\system32\qagent.dll

c:\windows\system32\fwpuclnt.dll

c:\users\pilate~1\appdata\local\temp\tuvskhfg.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\bthprops.cpl

c:\users\pilate~1\appdata\local\temp\rqrhbbxy.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mpr.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\napinsp.dll

c:\windows\system32\pnrpnsp.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wshtcpip.dll

c:\program files\common files\microsoft shared\ink\tiptsf.dll

c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1434_none_d08b6002442c891
f\msvcr80.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\thumbcache.dll

c:\windows\system32\mlang.dll

c:\windows\system32\mssvp.dll

c:\windows\system32\mapi32.dll

c:\windows\system32\msstrc.dll

c:\windows\system32\wpdshext.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\tquery.dll

c:\windows\system32\query.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\slc.dll

c:\windows\system32\secur32.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\ole32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\version.dll

c:\windows\system32\sfc.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\setupapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\hpzlllhn.dll

c:\windows\system32\mdimon.dll

c:\windows\system32\msi.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsnmp32.dll

c:\windows\system32\msxml6.dll

c:\windows\system32\tcpmib.dll

c:\windows\system32\mgmtapi.dll

c:\windows\system32\tbtmon.dll

c:\windows\system32\tosbthcrpapi.dll

c:\windows\system32\tosbtapi.dll

c:\windows\system32\tosbdapi.dll

c:\windows\system32\tbtmon98language.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\wls0wndh.dll

c:\windows\system32\wsdmon.dll

c:\windows\system32\wsdapi.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\fundisc.dll

c:\windows\system32\atl.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\spool\prtprocs\w32x86\hpzpplhn.dll

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\printcom.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\nlaapi.dll

c:\windows\system32\napinsp.dll

c:\windows\system32\pnrpnsp.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\winsta.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\bfe.dll

c:\windows\system32\authz.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\mpssvc.dll

c:\windows\system32\firewallapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\nlaapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\bcrypt.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\fwpuclnt.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\credssp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\wfapigp.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\dps.dll

c:\windows\system32\wdi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\taskschd.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\npmproxy.dll

c:\windows\system32\diagperf.dll

c:\windows\system32\shell32.dll

c:\windows\system32\pnpts.dll

c:\windows\system32\whealogr.dll

c:\windows\system32\tdh.dll

C:\WINDOWS\SYSTEM32\TASKENG.EXE
c:\windows\system32\taskeng.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\mpr.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\tschannel.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\hotstartuseragent.dll

c:\windows\system32\slc.dll

c:\windows\system32\playsndsrv.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msctfmonitor.dll

c:\windows\system32\msutb.dll

c:\windows\system32\dwmapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\tmm.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\d3d9.dll

c:\windows\system32\version.dll

c:\windows\system32\d3d8thk.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\atitmmxx.dll

c:\windows\system32\atl.dll

c:\windows\system32\atipdlxx.dll

c:\windows\system32\qagent.dll

c:\windows\system32\fwpuclnt.dll

c:\windows\system32\qutil.dll

c:\windows\system32\wevtapi.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\ksuser.dll

c:\windows\system32\mmdevapi.dll

c:\windows\system32\avrt.dll

c:\windows\system32\audioses.dll

c:\windows\system32\audioeng.dll

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\winsta.dll

c:\windows\system32\apphelp.dll

c:\users\pilate~1\appdata\local\temp\tuvskhfg.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\dimsjob.dll

c:\windows\system32\ncrypt.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\pautoenr.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\certcli.dll

c:\windows\system32\certenroll.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winscard.dll

c:\windows\system32\taskeng.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\mpr.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\tschannel.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\dimsjob.dll

c:\windows\system32\userenv.dll

c:\windows\system32\ncrypt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\gpapi.dll

c:\windows\system32\slc.dll

c:\windows\system32\pautoenr.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\certcli.dll

c:\windows\system32\atl.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\certenroll.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\common files\microsoft shared\vs7debug\mdm.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\ole32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\winnsi.dll

c:\windows\system32\dhcpcsvc6.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\fwpuclnt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\firewallapi.dll

c:\windows\system32\version.dll

c:\windows\system32\fwremotesvr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wship6.dll

c:\windows\system32\credssp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\wiatrace.dll

c:\windows\system32\secur32.dll

c:\windows\system32\credssp.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\schannel.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\wsdchngr.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\fundisc.dll

c:\windows\system32\atl.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\hpowiav1.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\wersvc.dll

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
c:\windows\system32\searchindexer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\tquery.dll

c:\windows\system32\propsys.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\query.dll

c:\windows\system32\shell32.dll

c:\windows\system32\mpr.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\msstrc.dll

c:\windows\system32\credssp.dll

c:\windows\system32\schannel.dll

c:\windows\system32\mssrch.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\msidle.dll

c:\windows\system32\winsta.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\propdefs.dll

c:\windows\system32\en-us\tquery.dll.mui

c:\windows\system32\esent.dll

c:\windows\system32\msscb.dll

c:\windows\system32\mssprxy.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\atl.dll

c:\windows\system32\vsstrace.dll

c:\windows\system32\authz.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\es.dll

c:\windows\system32\sxs.dll

c:\windows\system32\slc.dll

c:\windows\system32\naturallanguage6.dll

c:\windows\system32\nlsdata0009.dll

c:\windows\system32\nlslexicons0009.dll

c:\windows\system32\normaliz.dll

C:\PROGRAM FILES\TOSHIBA\TOSCDSPD\TOSCDSPD.EXE
c:\program files\toshiba\toscdspd\toscdspd.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\users\pilate~1\appdata\local\temp\tuvskhfg.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shimeng.dll

c:\windows\system32\apphelp.dll

c:\windows\apppatch\aclayers.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\users\pilate~1\appdata\local\temp\tuvskhfg.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\samlib.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rundll32.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shimeng.dll

c:\windows\system32\apphelp.dll

c:\windows\apppatch\aclayers.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\msiltcfg.dll

c:\windows\system32\version.dll

c:\windows\system32\msi.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\urlmon.dll

c:\users\pilate~1\appdata\local\temp\tuvskhfg.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AD-AWARE.EXE
c:\program files\lavasoft\ad-aware\ad-aware.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\version.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\program files\lavasoft\ad-aware\lavalicense.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\users\pilate~1\appdata\local\temp\rqrhbbxy.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\psapi.dll

c:\users\pilate~1\appdata\local\temp\tuvskhfg.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\windowscodecs.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\dwmapi.dll

c:\windows\system32\rsaenh.dll

c:\program files\lavasoft\ad-aware\lavamessage.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\msiltcfg.dll

c:\windows\system32\msi.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

C:\WINDOWS\SYSTEM32\TASKENG.EXE
c:\windows\system32\taskeng.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xmllite.dll

c:\windows\system32\mpr.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\tschannel.dll

c:\windows\system32\apphelp.dll

C:\WINDOWS\EHOME\MCUPDATE.EXE
c:\windows\ehome\mcupdate.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1434_none_d08b6002442c891
f\msvcr80.dll

c:\windows\system32\shell32.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\92acb5125734e2ae96b5cc7f4cf3fa60\mscorlib.ni.dll

c:\windows\system32\rsaenh.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\system\9b2dec076f82ca252468342820a74221\system.ni.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mcupdate\f416f4f8b6e5812284a61d2f5ca3842a\mcupdate.ni.exe

c:\windows\assembly\nativeimages_v2.0.50727_32\mcstore\e48707f99188010c431223684fac3921\mcstore.ni.dll

c:\windows\ehome\ehepgres.dll

c:\windows\assembly\nativeimages_v2.0.50727_32\mcstoredb\ab73799493293b44faeec0b28998ecf3\mcstoredb.ni.dll

c:\windows\assembly\gac_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\nsi.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\sqlceoledb30.dll

c:\windows\system32\sqlcese30.dll

c:\windows\system32\sqlceqp30.dll

End of Scan Section
===========================

Hope that helps!!!

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

ComboFix 08-05-21.3 - Pilates Apparatus 2008-05-24 10:39:26.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1549 [GMT -4:00]
Running from: C:\Users\Pilates Apparatus\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\ddcCUnkj.dll
C:\Windows\system32\efcCTkHa.dll
C:\Windows\system32\fcccyVMd.dll
C:\Windows\system32\khfEvUNd.dll
C:\Windows\system32\rqRHxvSM.dll

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-22 07:20 . 2008-05-22 07:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-22 07:19 . 2008-05-22 07:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 06:43 . 2008-05-22 06:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-21 18:32 . 2008-05-20 13:32 <DIR> d-------- C:\SDFix
2008-05-21 15:43 . 2008-05-21 15:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-21 13:23 . 2008-05-21 13:25 <DIR> d-------- C:\SmitfraudFix
2008-05-21 13:03 . 2008-05-21 14:16 691 --a------ C:\Users\Pilates Apparatus\AppData\Roaming\GetValue.vbs
2008-05-21 13:03 . 2008-05-21 14:16 691 --a------ C:\Users\PILATE~1\AppData\Roaming\GetValue.vbs
2008-05-21 13:03 . 2008-05-21 14:16 35 --a------ C:\Users\Pilates Apparatus\AppData\Roaming\SetValue.bat
2008-05-21 13:03 . 2008-05-21 14:16 35 --a------ C:\Users\PILATE~1\AppData\Roaming\SetValue.bat
2008-05-21 12:58 . 2008-05-21 14:16 5,952 --a------ C:\Windows\System32\tmp.reg
2008-05-21 09:58 . 2008-05-21 09:58 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-05-21 09:50 . 2008-05-21 13:17 <DIR> d-------- C:\Users\Pilates Apparatus\AppData\Roaming\Autodesk
2008-05-21 09:50 . 2008-05-21 13:17 <DIR> d-------- C:\Users\PILATE~1\AppData\Roaming\Autodesk
2008-05-21 09:50 . 2008-05-21 13:14 <DIR> d-------- C:\Users\All Users\Autodesk
2008-05-21 09:50 . 2008-05-21 10:01 <DIR> d-------- C:\Program Files\AutoCAD 2006
2008-05-21 09:50 . 2008-05-21 13:14 <DIR> d-------- C:\PROGRA~2\Autodesk
2008-05-21 09:34 . 2008-05-21 10:01 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-21 09:34 . 2008-05-21 09:34 <DIR> d-------- C:\Program Files\Autodesk
2008-05-21 09:25 . 2008-05-22 07:20 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-21 09:25 . 2008-05-22 07:20 <DIR> d-------- C:\PROGRA~2\Lavasoft
2008-05-21 09:23 . 2008-05-21 09:23 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-20 22:11 . 2008-05-20 22:11 <DIR> d-------- C:\PerfLogs
2008-05-20 20:26 . 2008-01-19 03:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-20 20:25 . 2008-01-19 03:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-05-20 20:24 . 2008-01-19 02:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-20 20:23 . 2008-01-19 03:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-20 20:23 . 2008-01-19 03:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-20 20:23 . 2008-01-19 03:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-20 20:22 . 2008-01-19 03:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-20 20:22 . 2008-01-19 03:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-20 20:22 . 2008-01-19 03:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-20 20:22 . 2008-01-19 03:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-20 20:22 . 2008-01-19 03:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-20 20:22 . 2008-01-19 03:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-20 17:58 . 2008-04-23 20:38 1,715,704 --a------ C:\Windows\System32\wpfgfx.dll
2008-05-20 17:58 . 2008-04-23 20:37 789,536 --a------ C:\Windows\System32\PresentationNative_v0300.dll
2008-05-20 17:58 . 2008-04-23 20:37 580,608 --a------ C:\Windows\System32\icardagt.exe
2008-05-20 17:58 . 2008-04-23 20:37 335,888 --a------ C:\Windows\System32\PresentationHost.exe
2008-05-20 17:58 . 2008-04-23 20:37 105,016 --a------ C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-05-20 17:58 . 2008-04-23 20:37 97,800 --a------ C:\Windows\System32\infocardapi.dll
2008-05-20 17:58 . 2008-04-23 20:37 41,496 --a------ C:\Windows\System32\PresentationHostProxy.dll
2008-05-20 17:58 . 2008-04-23 20:37 37,384 --a------ C:\Windows\System32\infocardcpl.cpl
2008-05-20 17:58 . 2008-04-23 20:37 11,264 --a------ C:\Windows\System32\icardres.dll
2008-05-20 17:38 . 2008-04-17 21:30 96,760 --a------ C:\Windows\System32\dfshim.dll
2008-05-20 17:37 . 2008-04-17 21:30 282,112 --a------ C:\Windows\System32\mscoree.dll
2008-05-20 17:37 . 2008-04-17 21:30 158,720 --a------ C:\Windows\System32\mscorier.dll
2008-05-20 17:37 . 2008-04-17 21:30 83,968 --a------ C:\Windows\System32\mscories.dll
2008-05-20 17:37 . 2008-04-17 21:30 41,984 --a------ C:\Windows\System32\netfxperf.dll
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe
2008-05-09 16:06 . 2008-05-09 16:06 <DIR> d-------- C:\Program Files\iTunes
2008-05-09 16:06 . 2008-05-09 16:06 <DIR> d-------- C:\Program Files\iPod
2008-05-09 16:06 . 2008-05-21 12:20 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-09 16:06 . 2008-05-21 12:20 1,409 --a------ C:\Windows\QTFont.for
2008-05-09 16:04 . 2008-05-09 16:05 <DIR> d-------- C:\Program Files\QuickTime
2008-05-09 16:01 . 2008-05-09 16:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\Windows\System32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\Windows\System32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\Windows\System32\drivers\Awrtpd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 17:11 --------- d-----w C:\Users\Pilates Apparatus\AppData\Roaming\uTorrent
2008-05-21 17:11 --------- d-----w C:\Users\PILATE~1\AppData\Roaming\uTorrent
2008-05-21 02:26 174 --sha-w C:\Program Files\desktop.ini
2008-05-21 02:15 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-21 02:15 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-21 02:15 --------- d-----w C:\Program Files\Windows Mail
2008-05-21 02:15 --------- d-----w C:\Program Files\Windows Journal
2008-05-21 02:15 --------- d-----w C:\Program Files\Windows Defender
2008-05-21 02:15 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-21 02:15 --------- d-----w C:\Program Files\Windows Calendar
2008-05-21 01:26 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-21 01:26 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-03 14:51 199,600 ----a-w C:\Windows\system32\drivers\SynTP.sys
2008-04-03 14:50 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2008-04-03 14:14 151,552 ----a-w C:\Windows\System32\SynTPAPI.dll
2008-04-03 14:02 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2008-04-03 14:01 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2008-03-24 19:25 --------- d-----w C:\Users\Pilates Apparatus\AppData\Roaming\Intuit
2008-03-24 19:25 --------- d-----w C:\Users\PILATE~1\AppData\Roaming\Intuit
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 06:43 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= C:\Windows\system32\fcccyVMd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Pilates Apparatus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Pilates Apparatus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2007-05-22 19:32 538744 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\06f88eb1]
C:\Users\PILATE~1\AppData\Local\Temp\cnhdlwek.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM05cbbd2d]
C:\Users\PILATE~1\AppData\Local\Temp\djotowjb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-11-22 18:12 107112 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\PILATE~1\AppData\Local\Temp\tuvSkhfg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 03:33 125952 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-07 19:49 55416 C:\Program Files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-06 20:14 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\PILATE~1\AppData\Local\Temp\hgGabYPf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-07-07 06:06 4669440 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-06-16 11:45 1826816 C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2007-06-16 00:01 448080 C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 16:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-03-22 23:42 438272 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2008-04-03 10:51 1045800 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2007-03-29 13:39 411192 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2006-11-28 07:34 134808 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 03:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C9E52600-D9A7-46E6-B829-F145B1BD7B48}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A3F4BEFF-6048-4130-BF41-928AD364F052}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{AC58C815-BF25-4229-A9AD-7BEE3C61140D}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{9FE9A6D0-5B89-441E-8BD9-AA48017777B0}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{DA5DBEB3-779E-47F8-92D5-499E3C2FA25E}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{2E32166A-4ADF-418F-8313-46ED12A0C12F}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{8B2C092C-713F-4362-A707-B1195F5CA14D}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{DC8E7B6E-6B23-4079-B4CA-4B93655B1D29}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{ABE109F7-101D-4DBD-A9BE-D5CC6561F3F0}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{24486818-3CF1-4EC3-B276-D8B53F3DA1D7}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{848306C6-A7BB-4C86-B482-6C2A5C7D07BD}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{EC9251D2-6AA6-4BD5-9304-CB06FD2A9281}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{C7BC7036-E27A-42EA-B12C-2B0BE04FF463}"= UDP:C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:TurboTax
"{BAC6A72A-BDCA-4251-8811-45E1907A1995}"= TCP:C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:TurboTax
"{DE4E5F90-9580-487D-8E30-716C5AA0E46D}"= UDP:C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{7A0B8463-5C57-4686-9B9A-B65CFF372B5B}"= TCP:C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:TurboTax Update Manager
"TCP Query User{1D651B97-432E-4585-AD53-F013541A6861}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{817DBA97-DD3F-4141-9FEB-8A6066A787B2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{A3CD75EF-1CFD-42F9-9F33-3677C567E591}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A8C59864-DCE5-444E-9F21-81580ACA8B9D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 15:23]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-06-28 19:23]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 14:50]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 04:30]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-14 03:01]
S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 19:32]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-11-09 17:32]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2006-11-09 17:31]
S4 KR3NPXP;KR3NPXP;C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 23:06]
S4 pinger;pinger;C:\TOSHIBA\IVP\ISM\pinger.exe [2007-01-25 20:47]
S4 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-06-28 19:25]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 00:55]

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
*Newly Created Service* - PXHELP20
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 10:43:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????F?U 7???? 9???9?@?9?X?9?p?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-24 10:44:21
ComboFix-quarantined-files.txt 2008-05-24 14:44:16

Pre-Run: 85,697,073,152 bytes free
Post-Run: 85,658,910,720 bytes free

246 --- E O F --- 2008-05-23 00:07:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:33 AM, on 5/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

--
End of file - 2888 bytes

Hi

Are you familiar with these batch and vb script files:
C:\Users\Pilates Apparatus\AppData\Roaming\GetValue.vbs
C:\Users\Pilates Apparatus\AppData\Roaming\GetValue.vbs
C:\Users\Pilates Apparatus\AppData\Roaming\SetValue.bat
C:\Users\Pilates Apparatus\AppData\Roaming\SetValue.bat

If not please remove them.


Why you have disabled Norton (ccApp) thru msconfig? Please re-enable it.

Download attached CFScript.txt file to your desktop. Warning: The script is only for Brythonic's case. Using it in someone else's machine may cause damage!




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.

• The program will launch and start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings and select the following:

Scan using the following Anti-Virus database:

• Extended (If available, otherwise Standard)

Scan Options:

• Scan Archives
• Scan Mail Bases

• Click OK.
• Under
  select a target to scan
  , select My Computer.
• The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

Once the scan is complete:

• Click on the Save as Text button.
• Save the file to your desktop.
• Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log (without forgetting above meantioned ComboFix resultant log) too.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

Click to view attachment

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !