Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected badly and stuck


  • Please log in to reply
13 replies to this topic

#1 Bagels

Bagels

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 03 January 2009 - 03:23 PM

i am running windows xp sp3 on a laptop. i can get on the internet now, bleepingcomputer does not work on firefox but does on ie.

I have run various scans and here is my most current full scan with malwarebytes.

Malwarebytes' Anti-Malware 1.31
Database version: 1602
Windows 5.1.2600 Service Pack 3

1/3/2009 2:17:40 PM
mbam-log-2009-01-03 (14-17-40).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 112742
Time elapsed: 31 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yiooft.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yiooft.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Dave\Local Settings\Temp\seneka27c1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP610\A0091924.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP610\A0091933.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekahqqamkjx.dll (Trojan.Seneka) -> Delete on reboot.
C:\WINDOWS\system32\senekapbrjlqbw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaujnsvmcp.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekabimrmyqm.sys (Trojan.Agent) -> Quarantined and deleted successfully.


I have run atf cleaner on my main and firefox tabs.

Every time i restart i still have viruses comming back. What should i do differently/more effectively.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:19 PM

Posted 03 January 2009 - 03:43 PM

ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Now SAS,may need an hour
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Bagels

Bagels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 03 January 2009 - 07:38 PM

just finished with the sas

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2009 at 06:22 PM

Application Version : 4.24.1004

Core Rules Database Version : 3694
Trace Rules Database Version: 1670

Scan type : Complete Scan
Total Scan Time : 02:46:42

Memory items scanned : 166
Memory threats detected : 0
Registry items scanned : 5930
Registry threats detected : 14
File items scanned : 68359
File threats detected : 12

Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1583069288-1825267718-888423931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKU\S-1-5-21-1583069288-1825267718-888423931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKU\S-1-5-21-1583069288-1825267718-888423931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com
HKU\S-1-5-21-1583069288-1825267718-888423931-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#*

Rogue.Component/Trace
HKLM\Software\Microsoft\68E73309
HKLM\Software\Microsoft\68E73309#68e73309
HKLM\Software\Microsoft\68E73309#Version
HKLM\Software\Microsoft\68E73309#68e79e89
HKLM\Software\Microsoft\68E73309#68e7f76c
HKU\S-1-5-21-1583069288-1825267718-888423931-1006\Software\Microsoft\CS41275
HKU\S-1-5-21-1583069288-1825267718-888423931-1006\Software\Microsoft\FIAS4018

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-1583069288-1825267718-888423931-1006\SOFTWARE\Microsoft\fias4013
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\fbk.sts

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\TDSSMTVE.DAT



It quarantined the files and then when i rebooted in normal mode i went into the quarantine folder and deleted it.

My start bar has changed colors and system is running sluggish- do i still have something? Should i run my anti virus software (i have f-secure)?

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 03 January 2009 - 07:44 PM

Hello Bagels.

SAS picked up a component of a rootkit infection.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Download and Run Avira AntiRootkit
Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit.zip on your Desktop. Right click it and select Extract All. Delete the .zip file after extraction.
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe, then Next.
  • Highlight the radio button to accept the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish You may now also delete the folder with the extracted files from the zip archive).
You successfully installed Avira AntiRootkit
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run. Be patient and the scan finishes.
  • Click View report and copy the entire contents into your next reply.
Do not choose to rename any items found yet. There may be false positives.

With Regards,
The Panda

#5 Bagels

Bagels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 04 January 2009 - 10:18 AM

Hi Panda,

I downloaded erunt and it made the backup, now i ran avira antirootkit. It didn't find anything? Here is the log:

Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started Sunday, January 04, 2009 - 9:08:57 AM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 52.72 GB
- Working disk free size : 31.39 GB (59 %)
--------------------------------------------------------------------------------------------------------

Scan task finished. No hidden objects detected!

--------------------------------------------------------------------------------------------------------
Files: 0/76964
Registry items: 0/283038
Processes: 0/45
Scan time: 00:05:23
--------------------------------------------------------------------------------------------------------
Active processes:
- xknievfl.exe (PID 3616) (Avira AntiRootkit Tool - Beta)
- freecell.exe (PID 3772)
- System (PID 4)
- smss.exe (PID 488)
- csrss.exe (PID 548)
- winlogon.exe (PID 844)
- services.exe (PID 888)
- lsass.exe (PID 900)
- ati2evxx.exe (PID 1060)
- svchost.exe (PID 1076)
- svchost.exe (PID 1160)
- svchost.exe (PID 1200)
- EvtEng.exe (PID 1248)
- S24EvMon.exe (PID 1272)
- WLKEEPER.exe (PID 1296)
- svchost.exe (PID 1336)
- svchost.exe (PID 1416)
- aawservice.exe (PID 1456)
- ati2evxx.exe (PID 1688)
- explorer.exe (PID 1752)
- ctfmon.exe (PID 1984)
- spoolsv.exe (PID 116)
- btwdins.exe (PID 240)
- CreativeLicensing.exe (PID 252)
- CTSVCCDA.EXE (PID 288)
- fsgk32st.exe (PID 316)
- FSMA32.EXE (PID 384)
- fsgk32.exe (PID 392)
- FSMB32.EXE (PID 512)
- RegSrvc.exe (PID 576)
- svchost.exe (PID 604)
- FCH32.EXE (PID 796)
- fssm32.exe (PID 1572)
- fsqh.exe (PID 1704)
- FAMEH32.EXE (PID 1736)
- fsorsp.exe (PID 1940)
- fsaua.exe (PID 1020)
- fspc.exe (PID 2172)
- fsdfwd.exe (PID 2256)
- alg.exe (PID 2420)
- fsus.exe (PID 2556)
- firefox.exe (PID 3896)
- rundll32.exe (PID 2472)
- fsav32.exe (PID 3480)
- avirarkd.exe (PID 3456)
========================================================================================================
- Scan finished Sunday, January 04, 2009 - 9:14:21 AM
========================================================================================================

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 04 January 2009 - 10:57 AM

Hello Bagels.

Please run MalwareBytes again. This time, do a Full Scan. We want to see which items remain.

With Regards,
The Panda

#7 Bagels

Bagels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 04 January 2009 - 11:33 AM

My adware ran before i could do the malwarebytes. So ill post that log while i do a malwarebytes scan. It did find 2 things that i removed.

Scan Results
Ad-Aware 2008 Free Edition
Log File Created on:2009-01-0409:45:50
Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name:FEYGELMAN
Name of user performing scan:SYSTEM
Name of user ordering scan:Dave
Scan completed successfully

System Information
File Version Information
Ad-Aware 2008 Settings
Extended Ad-Aware 2008 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:2
Processor type:Genuine Intel® CPU T2400 @ 1.83GHz
Memory Available:62%
Total Physical Memory:1072029696 Bytes
Available Physical Memory:661966848 Bytes
Total Page File Size:2581340160 Bytes
Available On Page File:2003566592 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1754324992 Bytes
OS:Microsoft Windows XP 5.1 (Build 2600)
[to top]
File Verion Information
File Version
CEAPI.dll 7,1,0,12
aawservice.exe 7,1,0,12
Ad-Aware.exe 7.1.0.11
[to top]
Ad-Aware 2008 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2008 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
[to top]
Database Info
Version number:143
Build Number:9
Build Date and Time:2008/12/2907:11:30
[to top]
Scan Statistics
Method:Full

Items Scanned:205649
Infections Detected:4
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 0 0
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 0 0
File Hash Scan 2 2
[to top]
Infections Found
Family Id Name Category TAI
352 FakeAlert Malware 5
[112456] File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0093170.sys
[112456] File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0093171.sys

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Dave\Recent Count: 86
[3] MRU Registry Key: S-1-5-21-1583069288-1825267718-888423931-1006\Software\Microsoft\Internet Explorer\TypedURLs Count: 5


Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
352 FakeAlert Malware 5
[112456] File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0093170.sys
[112456] File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP612\A0093171.sys

9999 MRU Object MRU Object 0
[1] MRU Path: C:\Documents and Settings\Dave\Recent Count: 86
[3] MRU Registry Key: S-1-5-21-1583069288-1825267718-888423931-1006\Software\Microsoft\Internet Explorer\TypedURLs Count: 5

[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msgina.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\program files\superantispyware\saswinlo.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ati2evxx.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\dimsntfy.dll
c:\program files\citrix\gotoassist\514\g2awinlogon.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\mpr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wgalogon.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\authz.dll
c:\windows\system32\oakley.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\pstorsvc.dll
c:\windows\system32\psbase.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dssenh.dll
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ati2edxx.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\eapolqec.dll
c:\windows\system32\atl.dll
c:\windows\system32\qutil.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\psapi.dll
c:\windows\system32\raschap.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\msidle.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\hidserv.dll
c:\windows\system32\hid.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\sens.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\w32time.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\browser.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\6to4svc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\upnp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\msi.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\unimdmat.dll
c:\windows\system32\modemui.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\ndptsp.tsp
c:\windows\system32\ipconf.tsp
c:\windows\system32\h323.tsp
c:\windows\system32\hidphone.tsp
c:\windows\system32\rasppp.dll
c:\windows\system32\ntlsapi.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\rasqec.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\catsrv.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\mpr.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\mlang.dll
c:\windows\system32\xmlprovi.dll
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\program files\intel\wireless\bin\evteng.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\intel\wireless\bin\psregapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\intel\wireless\bin\traceapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\program files\common files\system\ado\msado15.dll
c:\windows\system32\msdart.dll
c:\program files\common files\system\ole db\oledb32.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\program files\common files\system\ole db\msdasql.dll
c:\program files\common files\system\ole db\msdatl3.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\odbcint.dll
c:\program files\common files\system\ole db\msdasqlr.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\userenv.dll
c:\windows\system32\odbcjt32.dll
c:\windows\system32\msjet40.dll
c:\windows\system32\mswstr10.dll
c:\windows\system32\odbcji32.dll
c:\windows\system32\msjter40.dll
c:\windows\system32\msjint40.dll
c:\windows\system32\odbccp32.dll
c:\program files\common files\system\msadc\msadce.dll
c:\program files\common files\system\msadc\msadcer.dll
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\program files\intel\wireless\bin\s24evmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\program files\intel\wireless\bin\traceapi.dll
c:\program files\intel\wireless\bin\psregapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\atl.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\netapi32.dll
c:\program files\intel\wireless\bin\libeay32.dll
c:\windows\system32\wsock32.dll
c:\program files\intel\wireless\bin\intstngs.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\version.dll
c:\program files\intel\wireless\bin\iwmsprov.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\WLKEEPER.EXE
c:\program files\intel\wireless\bin\wlkeeper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\intel\wireless\bin\pfmgrapi.dll
c:\program files\intel\wireless\bin\traceapi.dll
c:\program files\intel\wireless\bin\psregapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\atl.dll
c:\windows\system32\version.dll
c:\program files\intel\wireless\bin\dbengine.dll
c:\program files\intel\wireless\bin\libeay32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\program files\intel\wireless\bin\intstngs.dll
c:\windows\system32\mfc42.dll
c:\program files\intel\wireless\bin\murocapi.dll
c:\program files\intel\wireless\bin\s24mudll.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\userenv.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rsaenh.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware\ceapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\program files\lavasoft\ad-aware\pkarchive85u.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ati2edxx.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\windows\system32\msctf.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\browseui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wmpshell.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msgina.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\samlib.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\onex.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\mydocs.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\browselc.dll
c:\windows\system32\duser.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\wzcdlg.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dsound.dll
c:\windows\system32\zipfldr.dll
c:\program files\superantispyware\sasctxmn.dll
c:\program files\charter security suite\common\fpshx.dll
c:\program files\charter security suite\common\fsma32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\common\fslapi.dll
c:\windows\system32\mfc42.dll
c:\program files\charter security suite\common\fpshx.eng
c:\program files\malwarebytes' anti-malware\mbamext.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\cabinet.dll
c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msutb.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\msctfime.ime
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\localspl.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\cnbjmon.dll
c:\windows\system32\cnbjmon2.dll
c:\windows\system32\bthcrp.dll
c:\windows\system32\widcommsdk.dll
c:\windows\system32\wbtapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\hptcpmon.dll
c:\windows\system32\hpzjrd01.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\hptcpmui.dll
c:\windows\system32\hptcpmib.dll
c:\windows\system32\mgmtapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsnmp32.dll
c:\windows\system32\hpzll43a.dll
c:\windows\system32\mdimon.dll
c:\windows\system32\pjlmon.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\spool\prtprocs\w32x86\hpzpp43a.dll
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\netrap.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\inetpp.dll
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\program files\widcomm\bluetooth software\bin\btwdins.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\hid.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
C:\PROGRAM FILES\COMMON FILES\CREATIVE LABS SHARED\SERVICE\CREATIVELICENSING.EXE
c:\program files\common files\creative labs shared\service\creativelicensing.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
c:\windows\system32\ctsvccda.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\ANTI-VIRUS\FSGK32ST.EXE
c:\program files\charter security suite\anti-virus\fsgk32st.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\apphelp.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\COMMON\FSMA32.EXE
c:\program files\charter security suite\common\fsma32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\program files\charter security suite\common\fsma32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\ANTI-VIRUS\FSGK32.EXE
c:\program files\charter security suite\anti-virus\fsgk32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\common\fsma32s.dll
c:\program files\charter security suite\anti-virus\avperf.dll
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msvcrt.dll
c:\program files\charter security suite\hips\fships.dll
c:\windows\system32\version.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\program files\charter security suite\common\fsma32.dll
c:\windows\system32\apphelp.dll
c:\program files\charter security suite\daas2\fsclm.dll
c:\windows\system32\userenv.dll
c:\program files\charter security suite\orsp client\orspapi.dll
c:\program files\charter security suite\orsp client\json_c.dll
c:\program files\charter security suite\anti-virus\ftrlib.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\COMMON\FSMB32.EXE
c:\program files\charter security suite\common\fsmb32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\program files\charter security suite\common\fsexc.dll
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\program files\intel\wireless\bin\regsrvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\atl.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wiaservc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\actxprxy.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\COMMON\FCH32.EXE
c:\program files\charter security suite\common\fch32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\program files\charter security suite\common\fsma32.dll
c:\windows\system32\imm32.dll
c:\program files\charter security suite\common\fsexc.dll
c:\program files\charter security suite\common\fspmeng.dll
c:\program files\charter security suite\daas2\fsclm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\ANTI-VIRUS\FSSM32.EXE
c:\program files\charter security suite\anti-virus\fssm32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\program files\charter security suite\anti-virus\fm4av.dll
c:\windows\system32\imm32.dll
c:\program files\charter security suite\anti-virus\avperf.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msvcrt.dll
c:\program files\charter security suite\anti-virus\avpproxy.dll
c:\program files\charter security suite\anti-virus\avpfpi0.dll
c:\program files\charter security suite\anti-virus\avp_iont.dll
c:\program files\charter security suite\anti-virus\avpfpi1.dll
c:\windows\system32\psapi.dll
c:\program files\charter security suite\gemini\fsgem.dll
c:\program files\charter security suite\gemini\fsgeme.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\program files\charter security suite\anti-virus\fsepx32.dll
c:\program files\charter security suite\daas2\fsclm.dll
c:\program files\charter security suite\anti-virus\fsecr32.dll
c:\program files\charter security suite\anti-virus\fsup32.dll
c:\program files\charter security suite\anti-virus\fsupwu32.dll
c:\program files\charter security suite\anti-virus\fsupnp32.dll
c:\program files\charter security suite\anti-virus\fsupfg32.dll
c:\program files\charter security suite\anti-virus\fsupux32.dll
c:\program files\charter security suite\anti-virus\fsupmw32.dll
c:\program files\charter security suite\anti-virus\fsupcx32.dll
c:\program files\charter security suite\anti-virus\fspe32.dll
c:\program files\charter security suite\pegasus\fpinor.dll
c:\program files\charter security suite\anti-virus\fsuss.dll
c:\windows\system32\netapi32.dll
c:\program files\charter security suite\pegasus\nse_w32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ole32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\program files\charter security suite\spam control\fspl58.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\rsvpsp.dll
c:\program files\charter security suite\anti-virus\fsusscr.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\xpsp2res.dll
c:\program files\charter security suite\spam control\fsas.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\ANTI-VIRUS\FSQH.EXE
c:\program files\charter security suite\anti-virus\fsqh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
c:\program files\charter security suite\common\fsma32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\anti-virus\qrt.dll
c:\windows\system32\version.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\COMMON\FAMEH32.EXE
c:\program files\charter security suite\common\fameh32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\program files\charter security suite\common\fslapi.dll
c:\program files\charter security suite\common\fsma32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\program files\charter security suite\common\fsexc.dll
c:\program files\charter security suite\common\amehevn.dll
c:\program files\charter security suite\common\amehlog.dll
c:\program files\charter security suite\common\amehsmt.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\program files\charter security suite\common\amehtvl.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\ORSP CLIENT\FSORSP.EXE
c:\program files\charter security suite\orsp client\fsorsp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\program files\charter security suite\orsp client\orspplug.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\program files\charter security suite\orsp client\json_c.dll
c:\program files\charter security suite\daas2\fsclm.dll
c:\program files\charter security suite\daas2\daas2.dll
c:\windows\system32\rsaenh.dll
c:\program files\charter security suite\common\fsma32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\FSAUA\PROGRAM\FSAUA.EXE
c:\program files\charter security suite\fsaua\program\fsaua.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\common\fsma32.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\FSPC\FSPC.EXE
c:\program files\charter security suite\fspc\fspc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\pdh.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\odbcbcp.dll
c:\windows\system32\version.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\odbcint.dll
c:\program files\charter security suite\common\fsma32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
c:\program files\charter security suite\tnb\fstnb.dll
c:\program files\charter security suite\common\fslapi.dll
c:\program files\charter security suite\fsaua\program\fsaua_api_dll.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\FWES\PROGRAM\FSDFWD.EXE
c:\program files\charter security suite\fwes\program\fsdfwd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\program files\charter security suite\common\fsma32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\tnb\fstnb.dll
c:\windows\system32\shlwapi.dll
c:\program files\charter security suite\common\fslapi.dll
c:\program files\charter security suite\fwes\program\fsmirror.dll
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
c:\program files\charter security suite\fwes\program\fsesperf.dll
c:\program files\charter security suite\common\fsdfwres.eng
c:\windows\system32\rsaenh.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\userenv.dll
c:\program files\charter security suite\common\fswscs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp60.dll
c:\program files\charter security suite\fsaua\program\fsaua_api_dll.dll
c:\program files\charter security suite\fwes\program\fsfwperf.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wship6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\hnetcfg.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\FSAUA\PROGRAM\FSUS.EXE
c:\program files\charter security suite\fsaua\program\fsus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\charter security suite\fsaua\program\fsbwups_.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\common\fsma32.dll
c:\program files\charter security suite\tnb\fstnb.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\xul.dll
c:\program files\mozilla firefox\sqlite3.dll
c:\program files\mozilla firefox\mozcrt19.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\js3250.dll
c:\program files\mozilla firefox\nspr4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\program files\mozilla firefox\smime3.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\nssutil3.dll
c:\program files\mozilla firefox\plc4.dll
c:\program files\mozilla firefox\plds4.dll
c:\program files\mozilla firefox\ssl3.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\program files\mozilla firefox\xpcom.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msctf.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\program files\mozilla firefox\components\browserdirprovider.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\xpsp2res.dll
c:\program files\mozilla firefox\components\brwsrcmp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\nssdbm3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\program files\mozilla firefox\nssckbi.dll
c:\program files\mozilla firefox\plugins\npnul32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rsvpsp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\urlmon.dll
c:\program files\superantispyware\sasseh.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\cabinet.dll
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
C:\PROGRAM FILES\CHARTER SECURITY SUITE\ANTI-VIRUS\FSAV32.EXE
c:\program files\charter security suite\anti-virus\fsav32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\program files\charter security suite\anti-virus\fsched.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\program files\charter security suite\anti-virus\fstsm.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\comctl32.dll
c:\program files\charter security suite\common\fsma32s.dll
c:\program files\charter security suite\common\fspmapi.dll
c:\program files\charter security suite\common\fswscs.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp60.dll
c:\program files\charter security suite\tnb\fstnb.dll
c:\program files\charter security suite\common\fslapi.dll
c:\program files\charter security suite\anti-virus\fsavhres.eng
c:\program files\charter security suite\fsaua\program\fsaua_api_dll.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\program files\charter security suite\common\fsma32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\windows\system32\mstask.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AD-AWARE.EXE
c:\program files\lavasoft\ad-aware\ad-aware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\program files\lavasoft\ad-aware\lavalicense.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\olepro32.dll
c:\program files\lavasoft\ad-aware\lavamessage.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rasadhlp.dll
c:\program files\charter security suite\fsps\program\fslsp.dll
c:\program files\charter security suite\scanner-interface\fsgkiapi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wshtcpip.dll
[to top]


I'm running the malwarebytes right now. Ill post that when its done. Thanks so much for your help.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 04 January 2009 - 11:49 AM

Hello.

The Ad-Aware scan only found two items in your system restore, which is a great sign.

With Regards,
The Panda

#9 Bagels

Bagels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 04 January 2009 - 12:03 PM

My antivirus had a warning that popped up:
C:windows\system32\k9261108.exe
Trojan Dropper.win32.agent.endlap
Action: None

Malwarebytes just finished again:
Malwarebytes' Anti-Malware 1.31
Database version: 1602
Windows 5.1.2600 Service Pack 3

1/4/2009 11:00:35 AM
mbam-log-2009-01-04 (11-00-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 111441
Time elapsed: 50 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 04 January 2009 - 12:06 PM

Hello Bagels.

My antivirus had a warning that popped up:
C:windows\system32\k9261108.exe
Trojan Dropper.win32.agent.endlap
Action: None

Please have your antivirus remove that along with any other items it flags.

I really hope that file was not active. If it was, we are probably back where we started.

F-Secure Online Scan
Let's see what F-Secure can pick up. This scan can take some time.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.
With Regards,
The Panda

#11 Bagels

Bagels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 04 January 2009 - 04:46 PM

Panda

Alright I did the f-secure online scan It found 7 things, one of which is the vundo I have had for the past 2 weeks. I had it auto clean what it found.

My antivirus (charter security suite (my isp) which is f-secure) did not allow me to remove the virus, it doesn't even show it ever found that message that it displayed? In other words I couldn't delete it like you told me to.


Here is the report,

Scanning Report
Sunday, January 04, 2009 14:59:39 - 15:43:59

Computer name: FEYGELMAN
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 7 malware found
INI/Vundo.A (virus)

* C:\WINDOWS\SYSTEM32\AGFGQQRU.INI (Submitted)

Trojan-Dropper.Win32.Agent (virus)

* System

Trojan-Dropper.Win32.Agent.adhp (virus)

* C:\WINDOWS\SYSTEM32\K9261108.EXE

Vundo.FBW (virus)

* C:\WINDOWS\SYSTEM32\AGABEKIH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\GYONTWNH.INI (Submitted)
* C:\WINDOWS\SYSTEM32\IPIWUFEN.INI (Submitted)
* C:\WINDOWS\SYSTEM32\UVEFOFOB.INI (Submitted)

Statistics
Scanned:

* Files: 39025
* System: 3340
* Not scanned: 8

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 7
* Submitted: 5

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\DAVE\LOCAL SETTINGS\TEMP\ETILQS_W7NGCNKQ2PAVDI3ZSLHY

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2009-01-04
* F-Secure AVP: 7.0.171, 2009-01-04
* F-Secure Pegasus: 1.20.0, 2008-11-17
* F-Secure Blacklight: 0.0.0

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Are we back where we started?



Thanks with all your help.

David

Edited by Bagels, 04 January 2009 - 04:47 PM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 04 January 2009 - 05:00 PM

Nope, looks good :thumbsup: .

Let's remove the Vundo leftovers.

Create and Run Batch Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    @ECHO OFF
    for %%a in (
    C:\WINDOWS\SYSTEM32\AGFGQQRU.INI
    C:\WINDOWS\SYSTEM32\AGABEKIH.INI
    C:\WINDOWS\SYSTEM32\GYONTWNH.INI
    C:\WINDOWS\SYSTEM32\IPIWUFEN.INI
    C:\WINDOWS\SYSTEM32\UVEFOFOB.INI
    ) do (
    IF exist "%%~a" (
    attrib -s -r -h "%%~a"
    del /q /f "%%~a"
    if not exist "%%~a" (
    ECHO %%~a -Deleted.>>Report.txt
    ) ELSE (
    ECHO %%~a -Failed to delete.>>Report.txt
    )
    ) ELSE (
    ECHO %%~a -Not found.>>Report.txt
    )
    )
    start notepad report
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.bat
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click Fix.bat. You will see a command prompt window open, followed by a notepad. Post back the contents of the log.

With Regards,
The Panda

#13 Bagels

Bagels
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 04 January 2009 - 05:04 PM

Thanks Panda,

Made the file, ran it, here is the log:
C:\WINDOWS\SYSTEM32\AGFGQQRU.INI -Deleted.
C:\WINDOWS\SYSTEM32\AGABEKIH.INI -Deleted.
C:\WINDOWS\SYSTEM32\GYONTWNH.INI -Deleted.
C:\WINDOWS\SYSTEM32\IPIWUFEN.INI -Deleted.
C:\WINDOWS\SYSTEM32\UVEFOFOB.INI -Deleted.


Any next steps?

Thanks,

David

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:19 PM

Posted 04 January 2009 - 07:13 PM

Hello David.

Looks clean. Unless you have any further problems, we can clear out and wrap up.

Remove ERUNT Backups
You should remove all the backups that ERUNT has made. Those backups may contain old registry keys, possibly those created by malware.

Delete everything under:
C:\WINDOWS\erdnt\

ERUNT will automatically remove backups older than 30 days, so there is no need to clear that folder manually in the future.

It is a good idea to have ERUNT installed, even when you are not infected. Tasks like installing programs and changing settings, which involve working with the registry, can cause problems that can be quickly undone by reverting to a backup. However, if you wish to uninstall the program, do so using Add/Remove Programs.

Set New System Restore Point
Now you should set a Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, tools cannot access it to delete these bad files, which sometimes can reinfect your system. Setting a new restore point after cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restore.
  • Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name then click Create.
  • Then, click on Start > Run and type:
    cleanmgr
  • Click OK > More Options tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users