Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.delf.rtk Win32.trojanspy.pophot Wont Go Away!


  • Please log in to reply
3 replies to this topic

#1 shoulda

shoulda

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 24 September 2008 - 03:39 PM

WAS using IE browser w/o any anti-virus/malware protection. Ive since downloaded Spybot, AdAware and AVG removing many problems but WIN32.delf.rtk, Win32.TrojanSpy.Pophot come back. Ive cleared all history, deleted files, disconnected from internet, run the three programs 2xs and still it remains. Ive backed up my files as prior experience has proven that I probably shd, just in case. What do I need to do to clear this? Txs

Shoulda(known better)


Scan Results
Ad-Aware 2008 Free Edition
Log File Created on:
2008-09-2413:21:57
Using Definitions File:
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name:
OWNER-BF7B2CB99
Name of user performing scan:
SYSTEM
Name of user ordering scan:
Owner
Scan completed successfully
• System Information
• File Version Information
• Ad-Aware 2008 Settings
• Extended Ad-Aware 2008 Settings
• Database Information
• Scan Statistics
• Scan Detailed Statistics
• Infections Found
• Listing of running processes
System Information
Number of processors:
2
Processor type:
Intel Core™2 CPU 6300 @ 1.86GHz
Memory Available:
55%
Total Physical Memory:
2119970816 Bytes
Available Physical Memory:
1163042816 Bytes
Total Page File Size:
4104978432 Bytes
Available On Page File:
3359449088 Bytes
Total Virtual Memory:
2147352576 Bytes
Available Virtual Memory:
1756745728 Bytes
OS:
Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7,1,0,12
aawservice.exe 7,1,0,12
Ad-Aware.exe 7.1.0.11
[to top]
Ad-Aware 2008 Settings
Skipping files larger than:
1048576 Bytes
Ignoring infections with lower TAI than:
3
Safe Mode:
False
[to top]
Extended Ad-Aware 2008 Settings
• Unload malicious processes and modules
• Unload Modules
• Let Windows remove files at Start-Up
• Deactivate Ad-Watch
• Re-analyze Scan Result
• Delete Restored Items
• Write Protect System Files
• Create Log file
• Include basic settings
• Include advanced settings
• Include user and computer name
• Environment information
• Running processes
• Running processes and modules
• Include info about ignored objects in log file
[to top]
Database Info
Version number:
124
Build Number:
0
Build Date and Time:
2008/09/2208:06:12
[to top]
Scan Statistics
Method:
Full

Items Scanned:
261874
Infections Detected:
4
Infections Removed:
0
Infections Quarantined:
0
Infections Ignored:
0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 0 0
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 0 0
File Hash Scan 2 2
[to top]
Infections Found
Family Id Name Category TAI
1349 Win32.TrojanSpy.Pophot Malware 10
• [251273] File: C:\System Volume Information\_restore{DE2A6147-C398-4D5F-A9E9-375E13E7C2E6}\RP587\A0058960.exe
• [251273] File: C:\System Volume Information\_restore{DE2A6147-C398-4D5F-A9E9-375E13E7C2E6}\RP587\A0058961.scr
9999 MRU Object MRU Object 0
• [1] MRU Path: C:\Documents and Settings\Owner\Recent Count: 28
• [2] MRU Registry Key: S-1-5-21-583907252-630328440-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1
Quarantined Objects
Family Id Name Category TAI
Removed Objects
Family Id Name Category TAI
[to top]
Listing of Running Processes
• C:\WINDOWS\SYSTEM32\SMSS.EXE
o c:\windows\system32\smss.exe
o c:\windows\system32\ntdll.dll
• C:\WINDOWS\SYSTEM32\CSRSS.EXE
o c:\windows\system32\csrss.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\csrsrv.dll
o c:\windows\system32\basesrv.dll
o c:\windows\system32\winsrv.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
• C:\WINDOWS\SYSTEM32\WINLOGON.EXE
o c:\windows\system32\winlogon.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\nddeapi.dll
o c:\windows\system32\profmap.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\regapi.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\version.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\avgrsstx.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\msgina.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\odbc32.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\odbcint.dll
o c:\windows\system32\shsvcs.dll
o c:\windows\system32\sfc.dll
o c:\windows\system32\sfc_os.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\winscard.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\cscdll.dll
o c:\windows\system32\wlnotify.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\mpr.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\cscui.dll
o c:\windows\system32\wdmaud.drv
o c:\windows\system32\msacm32.drv
o c:\windows\system32\msacm32.dll
o c:\windows\system32\midimap.dll
o c:\windows\system32\mprapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\clbcatq.dll
• C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
o c:\program files\avg\avg8\avgrsx.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
o c:\windows\system32\msvcrt.dll
o c:\program files\avg\avg8\avglogx.dll
o c:\program files\avg\avg8\avgcorex.dll
o c:\program files\avg\avg8\avgcrlpx.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\imm32.dll
• C:\WINDOWS\SYSTEM32\SERVICES.EXE
o c:\windows\system32\services.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\scesrv.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\umpnpmgr.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\ncobjapi.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\eventlog.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\wtsapi32.dll
• C:\WINDOWS\SYSTEM32\LSASS.EXE
o c:\windows\system32\lsass.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\lsasrv.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\ntdsapi.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\samsrv.dll
o c:\windows\system32\cryptdll.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\msprivs.dll
o c:\windows\system32\kerberos.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\netlogon.dll
o c:\windows\system32\w32time.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\schannel.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\wdigest.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\scecli.dll
o c:\windows\system32\ipsecsvc.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\oakley.dll
o c:\windows\system32\winipsec.dll
o c:\windows\system32\pstorsvc.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dssenh.dll
o c:\windows\system32\psbase.dll
• C:\WINDOWS\SYSTEM32\SVCHOST.EXE
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\rpcss.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\termsrv.dll
o c:\windows\system32\icaapi.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\mstlsapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\regapi.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\rpcss.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\shsvcs.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\dhcpcsvc.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\wzcsvc.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\wmi.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\esent.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\rastls.dll
o c:\windows\system32\cryptui.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\mprapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\rasapi32.dll
o c:\windows\system32\rasman.dll
o c:\windows\system32\tapi32.dll
o c:\windows\system32\schannel.dll
o c:\windows\system32\winscard.dll
o c:\windows\system32\raschap.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\schedsvc.dll
o c:\windows\system32\ntdsapi.dll
o c:\windows\system32\msidle.dll
o c:\windows\system32\audiosrv.dll
o c:\windows\system32\wkssvc.dll
o c:\windows\system32\cryptsvc.dll
o c:\windows\system32\certcli.dll
o c:\windows\system32\dmserver.dll
o c:\windows\system32\ersvc.dll
o c:\windows\system32\es.dll
o c:\windows\pchealth\helpctr\binaries\pchsvc.dll
o c:\windows\system32\hidserv.dll
o c:\windows\system32\hid.dll
o c:\windows\system32\srvsvc.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\netman.dll
o c:\windows\system32\netshell.dll
o c:\windows\system32\credui.dll
o c:\windows\system32\wzcsapi.dll
o c:\windows\system32\seclogon.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\upnp.dll
o c:\windows\system32\winhttp.dll
o c:\windows\system32\ssdpapi.dll
o c:\windows\system32\wbem\wbemcomn.dll
o c:\windows\system32\sens.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\netcfgx.dll
o c:\windows\system32\clusapi.dll
o c:\windows\system32\srsvc.dll
o c:\windows\system32\powrprof.dll
o c:\windows\system32\rasmans.dll
o c:\windows\system32\winipsec.dll
o c:\windows\system32\trkwks.dll
o c:\windows\system32\w32time.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\wbem\wmisvc.dll
o c:\windows\system32\vssapi.dll
o c:\windows\system32\browser.dll
o c:\windows\system32\wuauserv.dll
o c:\windows\system32\wuaueng.dll
o c:\windows\system32\cabinet.dll
o c:\windows\system32\mspatcha.dll
o c:\windows\system32\ipnathlp.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\wscsvc.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\comsvcs.dll
o c:\windows\system32\colbact.dll
o c:\windows\system32\mtxclu.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\resutils.dll
o c:\windows\system32\wbem\wbemcore.dll
o c:\windows\system32\wbem\esscli.dll
o c:\windows\system32\wbem\fastprox.dll
o c:\windows\system32\sfc.dll
o c:\windows\system32\sfc_os.dll
o c:\windows\system32\wbem\wmiutils.dll
o c:\windows\system32\wbem\repdrvfs.dll
o c:\windows\system32\wbem\wmiprvsd.dll
o c:\windows\system32\ncobjapi.dll
o c:\windows\system32\wbem\wbemess.dll
o c:\windows\system32\wbem\ncprov.dll
o c:\windows\system32\tapisrv.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\rastapi.dll
o c:\windows\system32\unimdm.tsp
o c:\windows\system32\uniplat.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\kmddsp.tsp
o c:\windows\system32\ndptsp.tsp
o c:\windows\system32\ipconf.tsp
o c:\windows\system32\h323.tsp
o c:\windows\system32\hidphone.tsp
o c:\windows\system32\rasppp.dll
o c:\windows\system32\ntlsapi.dll
o c:\windows\system32\kerberos.dll
o c:\windows\system32\cryptdll.dll
o c:\windows\system32\rasdlg.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\wups2.dll
o c:\windows\system32\advpack.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\dnsrslvr.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\lmhsvc.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\webclnt.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\regsvc.dll
o c:\windows\system32\ssdpsrv.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\wshtcpip.dll
• C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
o c:\program files\lavasoft\ad-aware\aawservice.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\program files\lavasoft\ad-aware\ceapi.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\program files\lavasoft\ad-aware\pkarchive85u.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\version.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\rsaenh.dll
• C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
o c:\windows\system32\spoolsv.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\spoolss.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\localspl.dll
o c:\windows\system32\sfc_os.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\netapi32.dll
o c:\windows\system32\cnbjmon.dll
o c:\windows\system32\e_flm9aa.dll
o c:\windows\system32\mdimon.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\pjlmon.dll
o c:\windows\system32\tcpmon.dll
o c:\windows\system32\usbmon.dll
o c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
o c:\windows\system32\spool\prtprocs\w32x86\ppbipr.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\win32spl.dll
o c:\windows\system32\netrap.dll
o c:\windows\system32\ntdsapi.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\inetpp.dll
o c:\windows\system32\spool\drivers\w32x86\3\brumf04b.dll
o c:\windows\system32\spool\drivers\w32x86\3\brlmf04b.dll
o c:\windows\system32\spool\drivers\w32x86\3\bromf04b.dll
• C:\PROGRA~1\AVG\AVG8\AVGWDSVC.EXE
o c:\progra~1\avg\avg8\avgwdsvc.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\imm32.dll
o c:\program files\avg\avg8\avglogx.dll
o c:\progra~1\avg\avg8\avgwd.dll
o c:\progra~1\avg\avg8\avgcfgx.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\apphelp.dll
o c:\progra~1\avg\avg8\avgsched.dll
o c:\windows\system32\sensapi.dll
o c:\progra~1\avg\avg8\avgwdwsc.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\progra~1\avg\avg8\avglngx.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\wbem\wbemprox.dll
o c:\windows\system32\wbem\wbemcomn.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\wbem\wbemsvc.dll
o c:\windows\system32\wbem\fastprox.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\ntdsapi.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\netapi32.dll
• C:\WINDOWS\SYSTEM32\MABIDWE.EXE
o c:\windows\system32\mabidwe.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\rtl60.bpl
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\temp\mta29949.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\iertutil.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\rasadhlp.dll
• C:\WINDOWS\SYSTEM32\SVCHOST.EXE
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\msgsvc.dll
o c:\windows\system32\urlmon.dll
o c:\windows\system32\iertutil.dll
• C:\WINDOWS\SYSTEM32\NOYTCYR.EXE
o c:\windows\system32\noytcyr.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\rtl60.bpl
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\temp\mta24459.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\iertutil.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\rasadhlp.dll
• C:\WINDOWS\SYSTEM32\ROYTCTM.EXE
o c:\windows\system32\roytctm.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\rtl60.bpl
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\temp\mta79214.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\iertutil.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\rasadhlp.dll
• C:\WINDOWS\EXPLORER.EXE
o c:\windows\explorer.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\browseui.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\shdocvw.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\cryptui.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\apphelp.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\cscui.dll
o c:\windows\system32\cscdll.dll
o c:\windows\system32\themeui.dll
o c:\windows\system32\msimg32.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\msutb.dll
o c:\windows\system32\msctf.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\linkinfo.dll
o c:\windows\system32\ntshrui.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\ieframe.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\netshell.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\credui.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\urlmon.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\mlang.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\webcheck.dll
o c:\windows\system32\stobject.dll
o c:\windows\system32\batmeter.dll
o c:\windows\system32\powrprof.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\upnpui.dll
o c:\windows\system32\upnp.dll
o c:\windows\system32\winhttp.dll
o c:\windows\system32\ssdpapi.dll
o c:\windows\system32\wdmaud.drv
o c:\windows\system32\msacm32.drv
o c:\windows\system32\midimap.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\drprov.dll
o c:\windows\system32\ntlanman.dll
o c:\windows\system32\netui0.dll
o c:\windows\system32\netui1.dll
o c:\windows\system32\netrap.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\davclnt.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\browselc.dll
o c:\progra~1\spybot~1\sdhelper.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\faultrep.dll
o c:\windows\system32\olepro32.dll
o c:\windows\system32\jsproxy.dll
o c:\windows\system32\msgina.dll
o c:\windows\system32\odbc32.dll
o c:\windows\system32\odbcint.dll
o c:\windows\system32\duser.dll
o c:\windows\system32\cfgmgr32.dll
o c:\windows\system32\rasapi32.dll
o c:\windows\system32\rasman.dll
o c:\windows\system32\tapi32.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\sensapi.dll
o c:\windows\system32\jscript.dll
o c:\windows\system32\mscoree.dll
o c:\windows\microsoft.net\framework\v1.1.4322\shfusion.dll
o c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll
o c:\windows\system32\printui.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
• C:\WINDOWS\SYSTEM32\INF\SVCHOCT.EXE
o c:\windows\system32\inf\svchoct.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\ole32.dll
o c:\windows\system32\msctf.dll
• C:\WINDOWS\SYSTEM32\HKCMD.EXE
o c:\windows\system32\hkcmd.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\hccutils.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\version.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\igfxsrvc.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\igfxres.dll
o c:\windows\system32\msctf.dll
• C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
o c:\windows\system32\igfxpers.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\version.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\igfxsrvc.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\msctf.dll
• C:\PROGRAM FILES\INTEL AUDIO STUDIO\INTELAUDIOSTUDIO.EXE
o c:\program files\intel audio studio\intelaudiostudio.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvbvm60.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\version.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\sfidlock.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\msctf.dll
o c:\windows\system32\iasdll.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\winspool.drv
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\stacapi.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\wdmaud.drv
o c:\windows\system32\msacm32.drv
o c:\windows\system32\msacm32.dll
o c:\windows\system32\midimap.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\sfimlark.dll
o c:\windows\system32\dsound.dll
o c:\windows\system32\ksuser.dll
o c:\windows\system32\iasmxdll.dll
o c:\windows\system32\iasbb.dll
• C:\PROGRAM FILES\MICROSOFT INTELLITYPE PRO\TYPE32.EXE
o c:\program files\microsoft intellitype pro\type32.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\shlwapi.dll
o c:\program files\microsoft intellitype pro\type32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\hid.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\msi.dll
o c:\program files\microsoft intellitype pro\dpgmkb.dll
o c:\windows\system32\version.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\oleacc.dll
o c:\windows\system32\msvcp60.dll
o c:\program files\microsoft intellitype pro\dpgcmd.dll
o c:\windows\system32\msimg32.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctfime.ime
o c:\program files\microsoft intellitype pro\srres.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\msctf.dll
• C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\POINT32.EXE
o c:\program files\microsoft intellipoint\point32.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\program files\microsoft intellipoint\point32.dll
o c:\windows\system32\hid.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\msi.dll
o c:\program files\microsoft intellipoint\dpgmkb.dll
o c:\windows\system32\version.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\oleacc.dll
o c:\windows\system32\msvcp60.dll
o c:\program files\microsoft intellipoint\dpgcmd.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\msimg32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctfime.ime
o c:\program files\microsoft intellipoint\srres.dll
o c:\program files\microsoft intellipoint\ipres.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\msctf.dll
• C:\WINDOWS\SYSTEM32\SOXPECA.EXE
o c:\windows\system32\soxpeca.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\rtl60.bpl
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\temp\mta51968.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\iertutil.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\rasadhlp.dll
• C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPTD40NT.EXE
o c:\program files\scansoft\paperport\pptd40nt.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\program files\scansoft\paperport\maxutil.dll
o c:\program files\scansoft\paperport\pperr.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shfolder.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\msvcp60.dll
o c:\program files\scansoft\paperport\blicectr.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\ole32.dll
o c:\windows\system32\msctf.dll
• C:\PROGRAM FILES\BROTHER\CONTROLCENTER2\BRCTRCEN.EXE
o c:\program files\brother\controlcenter2\brctrcen.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\program files\brother\controlcenter2\ltdis12n.dll
o c:\program files\brother\controlcenter2\ltkrn12n.dll
o c:\program files\brother\controlcenter2\ltfil12n.dll
o c:\program files\brother\controlcenter2\brccfile.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\program files\brother\controlcenter2\brcncusa.dll
o c:\program files\brother\controlcenter2\brcncimg.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\msctfime.ime
o c:\program files\brother\controlcenter2\brcctwn.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\linkinfo.dll
o c:\windows\system32\ntshrui.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\msctf.dll
• C:\WINDOWS\SYSTEM32\SVCHOST.EXE
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\wiaservc.dll
o c:\windows\system32\cfgmgr32.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\mscms.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\winsta.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\brwia04b.dll
o c:\windows\system32\brusi04b.dll
o c:\windows\system32\actxprxy.dll
o c:\windows\system32\sti.dll
• C:\PROGRAM FILES\EFAX MESSENGER 4.3\J2GDLLCMD.EXE
o c:\program files\efax messenger 4.3\j2gdllcmd.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleacc.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\uxtheme.dll
o c:\program files\efax messenger 4.3\j2gsdk43.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\version.dll
o c:\windows\system32\urlmon.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\program files\efax messenger 4.3\j2gres_enu.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\msctf.dll
• C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
o c:\program files\java\jre1.6.0_07\bin\jusched.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\uxtheme.dll
• C:\PROGRA~1\AVG\AVG8\AVGTRAY.EXE
o c:\progra~1\avg\avg8\avgtray.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvfw32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
o c:\windows\system32\ole32.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80enu.dll
o c:\program files\avg\avg8\avglogx.dll
o c:\program files\avg\avg8\avgcfgx.dll
o c:\program files\avg\avg8\avglngx.dll
o c:\program files\avg\avg8\avgabout.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctf.dll
o c:\program files\avg\avg8\avguires.dll
o c:\windows\system32\msctfime.ime
o c:\program files\avg\avg8\avgsrmx.dll
o c:\program files\avg\avg8\avgvvx.dll
• C:\WINDOWS\SYSTEM32\TDYDOWKC.EXE
o c:\windows\system32\tdydowkc.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\temp\mta63579.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\iertutil.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\rasadhlp.dll
• C:\WINDOWS\SYSTEM32\CTFMON.EXE
o c:\windows\system32\ctfmon.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\msctf.dll
o c:\windows\system32\msutb.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\msctfime.ime
• C:\PROGRAM FILES\AIM6\AIM6.EXE
o c:\program files\aim6\aim6.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\program files\aim6\xprt5.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\imm32.dll
o c:\program files\aim6\aolsvcmgr.dll
o c:\program files\aim6\xprt6.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctf.dll
o c:\program files\common files\aol\aoldiag\tbdiag.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\version.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\msctfime.ime
o c:\program files\aim6\services\notification\ver6_4_1_1\notify.dll
o c:\program files\aim6\services\imapp\ver6_8_12_4\imappservice.dll
o c:\windows\system32\dsound.dll
o c:\windows\system32\winmm.dll
o c:\program files\aim6\acccore.dll
o c:\program files\aim6\coolcore52.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\sensapi.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\shell32.dll
o c:\program files\aim6\msvcr71.dll
o c:\windows\system32\msvfw32.dll
o c:\windows\system32\urlmon.dll
o c:\program files\aim6\services\localstorage\ver7_3_2_1\clssvc.dll
o c:\program files\aim6\services\boxelyrenderer\ver3_1_3_4\boxelyrenderer.dll
o c:\windows\system32\riched20.dll
o c:\windows\system32\msimg32.dll
o c:\windows\system32\oleacc.dll
o c:\windows\system32\msvcp60.dll
o c:\program files\aim6\services\preferences\ver5_2_1_1\preferences.dll
o c:\windows\system32\dbghelp.dll
o c:\windows\system32\jscript.dll
o c:\windows\system32\msftedit.dll
o c:\windows\system32\msi.dll
• C:\PROGRAM FILES\VIEWPOINT\COMMON\VIEWPOINTSERVICE.EXE
o c:\program files\viewpoint\common\viewpointservice.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\xpsp2res.dll
• C:\PROGRAM FILES\EFAX MESSENGER 4.3\J2GTRAY.EXE
o c:\program files\efax messenger 4.3\j2gtray.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\program files\efax messenger 4.3\j2gsdk43.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\urlmon.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\oledlg.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\msimg32.dll
o c:\program files\efax messenger 4.3\j2gres_enu.dll
o c:\windows\system32\msctf.dll
o c:\windows\system32\msctfime.ime
• C:\WINDOWS\SYSTEM32\ALG.EXE
o c:\windows\system32\alg.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
• C:\PROGRAM FILES\AIM6\AOLSOFTWARE.EXE
o c:\program files\aim6\aolsoftware.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\msvcrt.dll
o c:\program files\aim6\aolsvcmgr.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\program files\aim6\xprt6.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctf.dll
o c:\program files\common files\aol\aoldiag\tbdiag.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\version.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\msi.dll
o c:\program files\aim6\services\os\ver5_2_1_1\os.dll
o c:\program files\aim6\xprt5.dll
o c:\program files\aim6\services\os\ver5_2_1_1\aolidlemon.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\rasapi32.dll
o c:\windows\system32\rasman.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\tapi32.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\winmm.dll
o c:\program files\aim6\services\notification\ver6_4_1_1\notify.dll
o c:\program files\aim6\services\localstorage\ver7_3_2_1\clssvc.dll
o c:\windows\system32\mprapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\setupapi.dll
• C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
o c:\windows\system32\wuauclt.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\wucltui.dll
o c:\windows\system32\msimg32.dll
o c:\windows\system32\cabinet.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\msctf.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\wups2.dll
• C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AD-AWARE.EXE
o c:\program files\lavasoft\ad-aware\ad-aware.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\comdlg32.dll
o c:\program files\lavasoft\ad-aware\lavalicense.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\oleacc.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\shfolder.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctf.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\setupapi.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\olepro32.dll
o c:\windows\system32\rsaenh.dll
o c:\program files\lavasoft\ad-aware\lavamessage.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
[to top]

Edited by Orange Blossom, 24 September 2008 - 04:44 PM.
As the log contained is from an AVG scan, I have moved topic to the Am I Infected forum from the HJT forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 24 September 2008 - 04:50 PM

Try this scan:

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 shoulda

shoulda
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 25 September 2008 - 11:54 AM

Budapest
Thank you for your reply. I did as you suggested, saved the log then rebooted. Details follow but short version is initial scan found reg key infected, Malwarebytes quarantined, deleted. Upon program end, rebooted got various messages and log was changed! As receiving popup saying that firewall is off, I turned on AVG and ran another Malwarebytes. So, did 2 scans but have three logs and plenty of error messages. Here are logs/messages in order received. Please tell me next step to cure. TY! :


Initial Mawarebytes scan:

Malwarebytes' Anti-Malware 1.28
Database version: 1204
Windows 5.1.2600 Service Pack 2

9/25/2008 11:21:47 AM
mbam-log-2008-09-25 (11-21-47).txt

Scan type: Quick Scan
Objects scanned: 63328
Time elapsed: 22 minute(s), 45 second(s)

Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messager (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\minyust (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\inf\svchoct.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Rebooted computer, got these messages:

1- Firewall off

Tried to turn back on got:

2- Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall Internet Connection Sharing (ICS) Service?

3 - Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability windows must restore the original versions of these files. Insert your Windows XP Professional Service Pack CD.

Inserted XP CD but was not same version so rejected. I didnt choose anything just tried to close program got message which stays on screen even if I try to close:

4 - You chose not to restore the original versions of the files. This may affect Windows stability. Are you sure you want to keep the unrecognized files?

Thinking these might be part of virus, logged onto BC to post. Went into my docs file to copy log to post here, found it changed to:

Malwarebytes' Anti-Malware 1.28
Database version: 1204
Windows 5.1.2600 Service Pack 2

9/25/2008 11:21:35 AM
mbam-log-2008-09-25 (11-21-24).txt

Scan type: Quick Scan
Objects scanned: 63328
Time elapsed: 22 minute(s), 45 second(s)

Memory Processes Infected: 7
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messager (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\minyust (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\inf\svchoct.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\noytcyr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\roytctm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\soxpeca.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdydowkc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wsldoekd.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.

Ran another scan got this:

Malwarebytes' Anti-Malware 1.28
Database version: 1204
Windows 5.1.2600 Service Pack 2

9/25/2008 12:17:50 PM
mbam-log-2008-09-25 (12-17-50).txt

Scan type: Quick Scan
Objects scanned: 63168
Time elapsed: 21 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Has the virus spread to now reject Malwarebytes? Please let me know next step to take to cure infection. Thank you!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 25 September 2008 - 03:58 PM

Are you still experiencing problems?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users