cmdservice [Archive] - Safer-Networking Forums

View Full Version : cmdservice

beta7

2007-04-18, 17:31

Hello! I have been running Spybot S&D over the course of a week trying to get rid of cmdService, however it is never able to remove it. I have run spybot in regular mode and safemode, and on startup. I have tried deleting the cmdservice registry keys manually, and was unsuccessful - I got an error.

I ran the Trend Micro online anti virus, which detected a few things, but was only unable to clean troj_puritysc.am.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:29:53 AM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\{588EB9E2-0AE9-1033-0525-050112050001}\Update.exe
C:\WINDOWS\WNSXS~1\ping.exe
C:\Documents and Settings\Company Personnel\My Documents\s?curity\n?tepad.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\HJTold\analyze.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {60E7A664-69F4-192A-F241-69E33FECA89E} - C:\WINDOWS\system32\bdm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ICQ Lite] "C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\WNSXS~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Eiqld] "C:\Documents and Settings\Company Personnel\My Documents\s?curity\n?tepad.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Launcher 100.lnk = C:\Lasershot\100 Series Camera\Launcher100.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Administrator\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Any help is appreciated!

Angelfire777

2007-04-18, 18:13

Hi, welcome to Safer Networking forums!

*I noticed that you are not running any AntiVirus application. You could get infected immediately after we clean you up. Please download and install ONE of these:

» Avast! (http://www.asw.cz/eng/avast_4_home.html)
» AVG AntiVirus (http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-virus-free)
» AntiVir (http://www.free-av.com/)

*Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

*install MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm), please read more about what we are doing.

*Download and unzip hosts.zip from HERE (http://www.mvps.org/winhelp2002/hosts.zip) to a folder (hosts).

*Open up the hosts folder and double-click on the mvps.bat file, it will rename your present HOSTS file to HOSTS.MVP, then it will copy the new HOSTS file to the correct location on your machine.

*Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga

*Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed (http://www.outerinfo.com/howto.html)

Reboot when done.

_____________________________

Download combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

1. Double click combofix.exe & follow the prompts.
2. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

On your next reply, please post a fresh HijackThis log, SDFix log and combfix log.

beta7

2007-04-19, 07:32

Thanks for the help!

I was not able to install the OIN uninstaller. Every time I clicked on it, it said my browser settings wouldn't allow it. When I tried to lower the security, it wouldn't let me drop it below medium...any suggestions?

The reports don't all fit on the same post, so I'll have to break them up:

COMBOFIX

"Company Personnel" - 07-04-18 14:12:23 Service Pack 2
ComboFix 07-04-18.2V - Running from: C:\Documents and Settings\Company Personnel\Desktop\

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\{388EB~1\Bar888.dll
C:\Program Files\Common Files\{388EB~1\UnInstall.exe
C:\Program Files\Common Files\{588EB~1\Update.exe
C:\Program Files\Common Files\{388EB~1
C:\Program Files\Common Files\{588EB~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\COMPAN~1
C:\qoobox\purity\C\DOCUME~1\COMPAN~1\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\COMPAN~1\MYDOCU~1\SCURIT~1
C:\qoobox\purity\C\DOCUME~1\COMPAN~1\MYDOCU~1\SKS~1
C:\qoobox\purity\C\DOCUME~1\COMPAN~1\MYDOCU~1\SCURIT~1\n?tepad.exe
C:\qoobox\purity\C\WINDOWS\WNSXS~1
C:\qoobox\purity\C\WINDOWS\WNSXS~1\ping.exe
C:\qoobox\purity\C\WINDOWS\WNSXS~1\W?nSxS

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\cmdService
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR

((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))

2007-04-18 13:52 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-18 13:52 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-18 13:52 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-18 13:52 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-18 13:52 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-18 13:51 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-18 13:51 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-18 13:51 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-18 11:28 <DIR> d-------- C:\HJTold
2007-04-11 03:21 60,928 --a------ C:\WINDOWS\system32\bdm.dll
2007-04-07 13:13 <DIR> d-------- C:\WINDOWS\zmfu
2007-04-07 13:13 <DIR> d-------- C:\Program Files\Common Files\zmfu
2007-04-07 12:37 <DIR> d--hs---- C:\WINDOWS\Q29tcGFueSBQZXJzb25uZWw
2007-04-02 16:13 <DIR> dr-h----- C:\DOCUME~1\COMPAN~1\APPLIC~1\SecuROM
2007-04-02 16:13 <DIR> d-------- C:\DOCUME~1\COMPAN~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-02 16:11 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-02 13:54 <DIR> d-------- C:\Program Files\EA Games
2007-04-02 13:05 <DIR> d-------- C:\Program Files\Skype
2007-04-02 13:05 <DIR> d-------- C:\DOCUME~1\COMPAN~1\APPLIC~1\Skype
2007-04-02 13:04 <DIR> d-------- C:\WINDOWS\LastGood(2)
2007-04-02 13:04 <DIR> d-------- C:\Program Files\Logitech
2007-04-02 13:04 <DIR> d-------- C:\DOCUME~1\Force\APPLIC~1\Logitech
2007-04-02 13:04 <DIR> d-------- C:\DOCUME~1\COMPAN~1\APPLIC~1\Logitech
2007-04-02 00:15 <DIR> d-------- C:\Program Files\SpeedFan
2007-04-01 23:35 <DIR> d-------- C:\WINDOWS\pss
2007-04-01 21:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-01 21:44 <DIR> d-------- C:\DOCUME~1\COMPAN~1\.housecall6.6
2007-04-01 21:41 <DIR> d-------- C:\hijackthis
2007-04-01 18:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-09 12:26 56 -r-hs---- C:\WINDOWS\system32\2c19a05e10.sys
2007-04-09 12:26 1890 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-04-07 19:22 2476 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-04-02 15:59 -------- d-------- C:\Program Files\electronic arts
2007-04-02 13:59 977 --a------ C:\WINDOWS\ereg.dat
2007-04-02 13:18 -------- d--h----- C:\Program Files\installshield installation information
2007-04-02 10:22 -------- d-------- C:\Program Files\Common Files\logitech
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-04 22:50 -------- d-------- C:\DOCUME~1\COMPAN~1\APPLIC~1\cyberlink

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{60E7A664-69F4-192A-F241-69E33FECA89E} C:\WINDOWS\system32\bdm.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""
"EA Core"="C:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe -silent"
"Sen"="\"C:\\WINDOWS\\WNSXS~1\\ping.exe\" -vt yazb"
"Eiqld"="\"C:\\Documents and Settings\\Company Personnel\\My Documents\\s?curity\\n?tepad.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetHood"=hex:00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AAVMKER4
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ASWRDR
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ASWTDI
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVAST!_MAIL_SCANNER
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVAST!_WEB_SCANNER

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-18 14:13:59
C:\ComboFix-quarantined-files.txt ... 07-04-18 14:13

beta7

2007-04-19, 07:34

SDFix: Version 1.79

Run by Company Personnel - Wed 04/18/2007 - 13:55:57.85

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX

ImagePath:
"" -e te-110-12-0000213

Client IP-IPX - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Steam\\SteamApps\\beta7\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\beta7\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\beta7\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\beta7\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\beta7\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\beta7\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Roger Wilco\\roger.exe"="C:\\Program Files\\Roger Wilco\\roger.exe:*:Enabled:Roger Wilco"
"C:\\Program Files\\Roger Wilco\\rwbs\\rwbs.exe"="C:\\Program Files\\Roger Wilco\\rwbs\\rwbs.exe:*:Enabled:rwbs"
"C:\\Lasershot\\ShootersChallenge\\Boar\\Boar.exe"="C:\\Lasershot\\ShootersChallenge\\Boar\\Boar.exe:*:Enabled:Boar"
"C:\\Lasershot\\ShootersChallenge\\Whitetail\\Deer.exe"="C:\\Lasershot\\ShootersChallenge\\Whitetail\\Deer.exe:*:Enabled:Deer"
"C:\\Lasershot\\ShootersChallenge\\Grouse\\Grouse.exe"="C:\\Lasershot\\ShootersChallenge\\Grouse\\Grouse.exe:*:Enabled:Grouse"
"C:\\Program Files\\Steam\\SteamApps\\beta7\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\beta7\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\beta7\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\beta7\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Lasershot\\ShootersChallenge\\QuailHunt\\Quail.exe"="C:\\Lasershot\\ShootersChallenge\\QuailHunt\\Quail.exe:*:Enabled:Quail"
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Documents and Settings\\Administrator\\BF2\\BF2.exe"="C:\\Documents and Settings\\Administrator\\BF2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Documents and Settings\\Administrator\\ICQLite\\ICQLite.exe"="C:\\Documents and Settings\\Administrator\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Documents and Settings\\Administrator\\AIM\\aim.exe"="C:\\Documents and Settings\\Administrator\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Company Personnel\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\\Documents and Settings\\Company Personnel\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Company Personnel\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Documents and Settings\\Company Personnel\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Company Personnel\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\\Documents and Settings\\Company Personnel\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------

Checking For Files with Hidden Attributes:

C:\i386\chcp.com
C:\i386\command.com
C:\i386\diskcomp.com
C:\i386\diskcopy.com
C:\i386\edit.com
C:\i386\format.com
C:\i386\graftabl.com
C:\i386\graphics.com
C:\i386\kb16.com
C:\i386\loadfix.com
C:\i386\mode.com
C:\i386\more.com
C:\i386\MSN.com.url
C:\i386\Real.com Radio Tuner.url
C:\i386\Support.Dell.com.url
C:\i386\tree.com
C:\i386\win.com
C:\DRIVERS\AUDIO\ADDON\A3D.DLL
C:\DRIVERS\AUDIO\ADDON\CTDVINST.DLL
C:\DRIVERS\AUDIO\ADDON\P17.DLL
C:\DRIVERS\AUDIO\ADDON\P17CPI.DLL
C:\DRIVERS\AUDIO\ADDON\P17RES.DLL
C:\DRIVERS\AUDIO\ADDON\SFMAN32.DLL
C:\DRIVERS\AUDIO\ADDON\SFMS32.DLL
C:\DRIVERS\AUDIO\ONBOARD\STACAPI.DLL
C:\DRIVERS\AUDIO\ONBOARD\STACO.DLL
C:\DRIVERS\AUDIO\ONBOARD\STACO64.DLL
C:\DRIVERS\MODEM\Addon\HSFCI008.dll
C:\DRIVERS\MODEM\Addon\MdmXSdk.dll
C:\DRIVERS\NETWORK\ONBOARD\ASFSTUP.DLL
C:\DRIVERS\NETWORK\ONBOARD\E100BMSG.DLL
C:\DRIVERS\NETWORK\ONBOARD\INTELNIC.DLL
C:\DRIVERS\NETWORK\ONBOARD\NCS2SETP.DLL
C:\DRIVERS\VIDEO\ONBOARD\HCCUTILS.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMCOIN.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMDD5.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMDEV5.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMDNT5.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMGDEV.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMGICD.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMREM.DLL
C:\DRIVERS\VIDEO\ONBOARD\IALMRNT5.DLL
C:\DRIVERS\VIDEO\ONBOARD\IGFXDEV.DLL
C:\DRIVERS\VIDEO\ONBOARD\IGFXDO.DLL
C:\DRIVERS\VIDEO\ONBOARD\IGFXEXPS.DLL
C:\DRIVERS\VIDEO\ONBOARD\IGFXPPH.DLL
C:\DRIVERS\VIDEO\ONBOARD\IGFXRESS.DLL
C:\DRIVERS\VIDEO\ONBOARD\IGFXSRVC.DLL
C:\DRIVERS\VIDEO\ONBOARD\OEMDSPIF.DLL
C:\i386\6to4svc.dll
C:\i386\A3d.dll
C:\i386\aaaamon.dll
C:\i386\AC3API.DLL
C:\i386\Accesor.dll
C:\i386\acctres.dll
C:\i386\AcGenral.dll
C:\i386\AcLayers.dll
C:\i386\acledit.dll
C:\i386\AcLua.dll
C:\i386\aclui.dll
C:\i386\acpdf207.dll
C:\i386\acpdfui207.dll
C:\i386\AcSpecfc.dll
C:\i386\activeds.dll
C:\i386\actxprxy.dll
C:\i386\AcXtrnal.dll
C:\i386\admparse.dll
C:\i386\adptif.dll
C:\i386\adsldp.dll
C:\i386\adsldpc.dll
C:\i386\adsmsext.dll
C:\i386\adsnt.dll
C:\i386\advapi32.dll
C:\i386\advpack.dll
C:\i386\agentanm.dll
C:\i386\agentctl.dll
C:\i386\agentdp2.dll
C:\i386\agentdpv.dll
C:\i386\agentmpx.dll
C:\i386\agentpsh.dll
C:\i386\agentsr.dll
C:\i386\agt0405.dll
C:\i386\agt0406.dll
C:\i386\agt0407.dll
C:\i386\agt0408.dll
C:\i386\agt0409.dll
C:\i386\agt040b.dll
C:\i386\agt040c.dll
C:\i386\agt040e.dll
C:\i386\agt0410.dll
C:\i386\agt0413.dll
C:\i386\agt0414.dll
C:\i386\agt0415.dll
C:\i386\agt0416.dll
C:\i386\agt0419.dll
C:\i386\agt041d.dll
C:\i386\agt041f.dll
C:\i386\agt0816.dll
C:\i386\agt0c0a.dll
C:\i386\agtintl.dll
C:\i386\alrsvc.dll
C:\i386\amstream.dll
C:\i386\apcups.dll
C:\i386\apphelp.dll
C:\i386\asferror.dll
C:\i386\asycfilt.dll
C:\i386\atkctrs.dll
C:\i386\atl.dll
C:\i386\atl70.dll
C:\i386\atmfd.dll
C:\i386\atmlib.dll
C:\i386\atmpvcno.dll
C:\i386\atrace.dll
C:\i386\Audiodev.dll
C:\i386\audiosrv.dll
C:\i386\authz.dll
C:\i386\autodisc.dll
C:\i386\AVICAP.DLL
C:\i386\avicap32.dll
C:\i386\avifil32.dll
C:\i386\AVIFILE.DLL
C:\i386\avmeter.dll
C:\i386\avtapi.dll
C:\i386\avwav.dll
C:\i386\basesrv.dll
C:\i386\batmeter.dll
C:\i386\batt.dll
C:\i386\bidispl.dll
C:\i386\bitsprx2.dll
C:\i386\bitsprx3.dll
C:\i386\blackbox.dll
C:\i386\bnts.dll
C:\i386\bootvid.dll
C:\i386\browselc.dll
C:\i386\browser.dll
C:\i386\browseui.dll
C:\i386\browsewm.dll
C:\i386\BSZIP.DLL
C:\i386\bthci.dll
C:\i386\bthserv.dll
C:\i386\btpanui.dll
C:\i386\cabinet.dll
C:\i386\cabview.dll
C:\i386\callcont.dll
C:\i386\camocx.dll
C:\i386\capesnpn.dll
C:\i386\cards.dll
C:\i386\catsrv.dll
C:\i386\catsrvps.dll
C:\i386\catsrvut.dll
C:\i386\ccfgnt.dll
C:\i386\cdfview.dll
C:\i386\cdintf.dll
C:\i386\cdm.dll
C:\i386\cdmodem.dll
C:\i386\cdosys.dll
C:\i386\certcli.dll
C:\i386\certmgr.dll
C:\i386\cewmdm.dll
C:\i386\cfgbkend.dll
C:\i386\cfgmgr32.dll
C:\i386\ciadmin.dll
C:\i386\cic.dll
C:\i386\cimwin32.dll
C:\i386\ciodm.dll
C:\i386\clb.dll
C:\i386\clbcatex.dll
C:\i386\clbcatq.dll
C:\i386\cliconfg.dll
C:\i386\clusapi.dll
C:\i386\cmcfg32.dll
C:\i386\cmdial32.dll
C:\i386\cmpbk32.dll
C:\i386\cmprops.dll
C:\i386\cmsetACL.dll
C:\i386\cmutil.dll
C:\i386\cnbjmon.dll
C:\i386\cnetcfg.dll
C:\i386\cnvfat.dll
C:\i386\colbact.dll
C:\i386\comaddin.dll
C:\i386\comadmin.dll
C:\i386\comcat.dll
C:\i386\comctl32.dll
C:\i386\comdlg32.dll
C:\i386\COMMDLG.DLL
C:\i386\compatUI.dll
C:\i386\COMPLINC.DLL
C:\i386\compobj.dll
C:\i386\compstui.dll
C:\i386\comrepl.dll
C:\i386\comres.dll
C:\i386\comsetup.dll
C:\i386\comsnap.dll
C:\i386\comsvcs.dll
C:\i386\comuid.dll
C:\i386\confmrsl.dll
C:\i386\confmsp.dll
C:\i386\console.dll
C:\i386\corpol.dll
C:\i386\credui.dll
C:\i386\crtdll.dll
C:\i386\crypt32.dll
C:\i386\cryptdlg.dll
C:\i386\cryptdll.dll
C:\i386\cryptext.dll
C:\i386\cryptnet.dll
C:\i386\cryptsvc.dll
C:\i386\cryptui.dll
C:\i386\cscdll.dll
C:\i386\cscui.dll
C:\i386\csrsrv.dll
C:\i386\csseqchk.dll
C:\i386\CTDetres.dll
C:\i386\CtDvInst.dll
C:\i386\CTL3D.DLL
C:\i386\ctl3d32.dll
C:\i386\ctl3dv2.dll
C:\i386\CTMEDENG.DLL
C:\i386\CTMERes.DLL
C:\i386\CTWFLT32.DLL
C:\i386\custsat.dll
C:\i386\d3d8.dll
C:\i386\d3d8thk.dll
C:\i386\d3d9.dll
C:\i386\d3dim.dll
C:\i386\d3dim700.dll
C:\i386\d3dpmesh.dll
C:\i386\d3dramp.dll
C:\i386\d3drm.dll
C:\i386\d3dxof.dll
C:\i386\danim.dll
C:\i386\dao360.dll
C:\i386\dataclen.dll
C:\i386\datime.dll
C:\i386\davclnt.dll
C:\i386\dbgeng.dll
C:\i386\dbghelp.dll
C:\i386\dbmsrpcn.dll
C:\i386\dbnetlib.dll
C:\i386\dbnmpntw.dll
C:\i386\dcap32.dll
C:\i386\dciman32.dll
C:\i386\ddeml.dll
C:\i386\ddraw.dll
C:\i386\ddrawex.dll
C:\i386\DellSys.dll
C:\i386\deskadp.dll
C:\i386\deskmon.dll
C:\i386\deskperf.dll
C:\i386\devenum.dll
C:\i386\devmgr.dll
C:\i386\dfrgres.dll
C:\i386\dfrgsnap.dll
C:\i386\dfrgui.dll
C:\i386\dfsshlex.dll
C:\i386\dgnet.dll
C:\i386\dgrpsetu.dll
C:\i386\dgsetup.dll
C:\i386\dhcpcsvc.dll
C:\i386\dhcpmon.dll
C:\i386\dhcpsapi.dll
C:\i386\diactfrm.dll
C:\i386\digest.dll
C:\i386\dimap.dll
C:\i386\dinput.dll
C:\i386\dinput8.dll
C:\i386\directdb.dll
C:\i386\diskcopy.dll
C:\i386\dispex.dll
C:\i386\dmband.dll
C:\i386\dmcompos.dll
C:\i386\dmconfig.dll
C:\i386\dmdlgs.dll
C:\i386\dmdskmgr.dll
C:\i386\dmdskres.dll
C:\i386\dmime.dll
C:\i386\dmintf.dll
C:\i386\dmloader.dll
C:\i386\dmocx.dll
C:\i386\dmscript.dll
C:\i386\dmserver.dll
C:\i386\dmstyle.dll
C:\i386\dmsynth.dll
C:\i386\dmusic.dll
C:\i386\dmutil.dll
C:\i386\dnsapi.dll
C:\i386\dnsrslvr.dll
C:\i386\docprop.dll
C:\i386\docprop2.dll
C:\i386\dpcdll.dll
C:\i386\dplay.dll
C:\i386\dplayx.dll
C:\i386\dpmodemx.dll
C:\i386\dpnaddr.dll
C:\i386\dpnet.dll
C:\i386\dpnhpast.dll
C:\i386\dpnhupnp.dll
C:\i386\dpnlobby.dll
C:\i386\dpnmodem.dll
C:\i386\dpnwsock.dll
C:\i386\dpserial.dll
C:\i386\dpvacm.dll
C:\i386\dpvoice.dll
C:\i386\dpvvox.dll
C:\i386\dpwsock.dll
C:\i386\dpwsockx.dll
C:\i386\drmclien.dll
C:\i386\drmstor.dll
C:\i386\drmv2clt.dll
C:\i386\drprov.dll
C:\i386\ds16gt.dLL
C:\i386\ds32gt.dll
C:\i386\dsauth.dll
C:\i386\dsdmo.dll
C:\i386\dsdmoprp.dll
C:\i386\dskquota.dll
C:\i386\dskquoui.dll
C:\i386\dsound.dll
C:\i386\dsound3d.dll
C:\i386\dsprop.dll
C:\i386\dsprov.dll
C:\i386\dsprpres.dll
C:\i386\dsquery.dll
C:\i386\dssec.dll
C:\i386\dssenh.dll
C:\i386\dsuiext.dll
C:\i386\dswave.dll
C:\i386\duser.dll
C:\i386\dwintl.dll
C:\i386\dx7vb.dll
C:\i386\dx8vb.dll
C:\i386\dxdiagn.dll
C:\i386\dxmasf.dll
C:\i386\dxtmsft.dll
C:\i386\dxtrans.dll
C:\i386\e100bmsg.dll
C:\i386\EAX.DLL
C:\i386\els.dll
C:\i386\encapi.dll
C:\i386\encdec.dll
C:\i386\EqnClass.Dll
C:\i386\ersvc.dll
C:\i386\es.dll
C:\i386\esent.dll
C:\i386\esent97.dll
C:\i386\esentprf.dll
C:\i386\esscli.dll
C:\i386\eventcls.dll
C:\i386\eventlog.dll
C:\i386\evntrprv.dll
C:\i386\expsrv.dll
C:\i386\extmgr.dll
C:\i386\exts.dll
C:\i386\fastprox.dll
C:\i386\faultrep.dll
C:\i386\feclient.dll
C:\i386\filemgmt.dll
C:\i386\fldrclnr.dll
C:\i386\fltlib.dll
C:\i386\fmifs.dll
C:\i386\fontext.dll
C:\i386\fontsub.dll
C:\i386\fp40ext.dll
C:\i386\fp4autl.dll
C:\i386\FP4AWEC.DLL
C:\i386\framebuf.dll
C:\i386\framedyn.dll
C:\i386\fsconins.dll
C:\i386\fsusd.dll
C:\i386\ftsrch.dll
C:\i386\fusion.dll
C:\i386\fwcfg.dll
C:\i386\fwdprov.dll
C:\i386\FXAB32.DLL
C:\i386\Fxdb.dll
C:\i386\fxsapi.dll
C:\i386\fxscfgwz.dll
C:\i386\fxsclntR.dll
C:\i386\fxscom.dll
C:\i386\fxscomex.dll
C:\i386\fxsdrv.dll
C:\i386\fxsevent.dll
C:\i386\fxsext32.dll
C:\i386\fxsmon.dll
C:\i386\fxsocm.dll
C:\i386\fxsperf.dll
C:\i386\fxsres.dll
C:\i386\fxsroute.dll
C:\i386\fxsst.dll
C:\i386\fxst30.dll
C:\i386\fxstiff.dll
C:\i386\fxsui.dll
C:\i386\fxswzrd.dll
C:\i386\fxsxp32.dll
C:\i386\gcdef.dll
C:\i386\gdi32.dll
C:\i386\getuname.dll
C:\i386\glmf32.dll
C:\i386\glu32.dll
C:\i386\gpkcsp.dll
C:\i386\gpkrsrc.dll
C:\i386\guitrn.dll
C:\i386\guitrn_a.dll
C:\i386\GWSEH.dll
C:\i386\h323cc.dll
C:\i386\h323msp.dll
C:\i386\hal.dll
C:\i386\HALACPI.DLL
C:\i386\hccoin.dll
C:\i386\Hdaudprop.dll
C:\i386\Hdaudpropres.dll
C:\i386\hhctrlui.dll
C:\i386\hhsetup.dll
C:\i386\hid.dll
C:\i386\hidserv.dll
C:\i386\hlink.dll
C:\i386\hnetcfg.dll
C:\i386\hnetmon.dll
C:\i386\hnetwiz.dll
C:\i386\hotplug.dll
C:\i386\HSFCI008.dll
C:\i386\hticons.dll
C:\i386\httpapi.dll
C:\i386\htui.dll
C:\i386\HWDB.DLL
C:\i386\hypertrm.dll
C:\i386\iasacct.dll
C:\i386\iasads.dll
C:\i386\iashlpr.dll
C:\i386\iasnap.dll
C:\i386\iaspolcy.dll
C:\i386\iasrad.dll
C:\i386\iasrecst.dll
C:\i386\iassam.dll
C:\i386\iassdo.dll
C:\i386\iassvcs.dll
C:\i386\icaapi.dll
C:\i386\iccvid.dll
C:\i386\icfgnt5.dll
C:\i386\icm32.dll
C:\i386\icmp.dll
C:\i386\icmui.dll
C:\i386\iconlib.dll
C:\i386\icwconn.dll
C:\i386\icwdial.dll
C:\i386\icwdl.dll
C:\i386\icwhelp.dll
C:\i386\icwphbk.dll
C:\i386\icwres.dll
C:\i386\icwutil.dll
C:\i386\idq.dll
C:\i386\ieakeng.dll
C:\i386\ieaksie.dll
C:\i386\ieakui.dll
C:\i386\iedkcs32.dll
C:\i386\ieencode.dll
C:\i386\iepeers.dll
C:\i386\iernonce.dll
C:\i386\iesetup.dll
C:\i386\ifmon.dll
C:\i386\ifsutil.dll
C:\i386\igmpagnt.dll
C:\i386\iis.dll
C:\i386\ils.dll
C:\i386\imagehlp.dll
C:\i386\imeshare.dll
C:\i386\imgutil.dll
C:\i386\imm32.dll
C:\i386\imsinsnt.dll
C:\i386\inetcfg.dll
C:\i386\InetClnt.dll
C:\i386\inetcomm.dll
C:\i386\inetcplc.dll
C:\i386\inetmib1.dll
C:\i386\inetpp.dll
C:\i386\inetppui.dll
C:\i386\inetres.dll
C:\i386\INETWH32.DLL
C:\i386\infosoft.dll
C:\i386\initpki.dll
C:\i386\input.dll
C:\i386\inseng.dll
C:\i386\IntelNic.dll
C:\i386\iologmsg.dll
C:\i386\iphlpapi.dll
C:\i386\ipmontr.dll
C:\i386\ipnathlp.dll
C:\i386\ippromon.dll
C:\i386\iprop.dll
C:\i386\iprtprio.dll
C:\i386\iprtrmgr.dll
C:\i386\ipsecsnp.dll
C:\i386\ipsecsvc.dll
C:\i386\ipsmsnap.dll
C:\i386\ipv6mon.dll
C:\i386\ipxmontr.dll
C:\i386\ipxpromn.dll
C:\i386\ipxrip.dll
C:\i386\ipxrtmgr.dll
C:\i386\ipxsap.dll
C:\i386\ipxwan.dll
C:\i386\ir32_32.dll
C:\i386\ir41_qc.dll
C:\i386\ir41_qcx.dll
C:\i386\ir50_32.dll
C:\i386\ir50_qc.dll
C:\i386\ir50_qcx.dll
C:\i386\irclass.dll
C:\i386\isign32.dll
C:\i386\isrdbg32.dll
C:\i386\itircl.dll
C:\i386\itss.dll
C:\i386\iuengine.dll
C:\i386\ixsso.dll
C:\i386\iyuv_32.dll
C:\i386\jet500.dll
C:\i386\jgaw400.dll
C:\i386\jgdw400.dll
C:\i386\jgmd400.dll
C:\i386\jgpl400.dll
C:\i386\jgsd400.dll
C:\i386\jgsh400.dll
C:\i386\jobexec.dll
C:\i386\jscript.dll
C:\i386\jsproxy.dll
C:\i386\KBDA1.DLL
C:\i386\KBDA2.DLL
C:\i386\KBDA3.DLL
C:\i386\KBDAL.DLL
C:\i386\KBDARME.DLL
C:\i386\KBDARMW.DLL
C:\i386\kbdaze.dll
C:\i386\kbdazel.dll
C:\i386\kbdbe.dll
C:\i386\kbdbene.dll
C:\i386\kbdblr.dll
C:\i386\kbdbr.dll
C:\i386\kbdbu.dll
C:\i386\kbdca.dll
C:\i386\kbdcan.dll
C:\i386\kbdcr.dll
C:\i386\kbdcz.dll
C:\i386\kbdcz1.dll
C:\i386\kbdcz2.dll
C:\i386\kbdda.dll
C:\i386\KBDDIV1.DLL
C:\i386\KBDDIV2.DLL
C:\i386\kbddv.dll
C:\i386\kbdes.dll
C:\i386\kbdest.dll
C:\i386\KBDFA.DLL
C:\i386\kbdfc.dll
C:\i386\kbdfi.dll
C:\i386\kbdfi1.dll
C:\i386\kbdfo.dll
C:\i386\kbdfr.dll
C:\i386\kbdgae.dll
C:\i386\KBDGEO.DLL
C:\i386\kbdgkl.dll
C:\i386\kbdgr.dll
C:\i386\kbdgr1.dll
C:\i386\kbdhe.dll
C:\i386\kbdhe220.dll
C:\i386\kbdhe319.dll
C:\i386\KBDHEB.DLL
C:\i386\kbdhela2.dll
C:\i386\kbdhela3.dll
C:\i386\kbdhept.dll
C:\i386\kbdhu.dll
C:\i386\kbdhu1.dll
C:\i386\kbdic.dll
C:\i386\kbdinbe1.dll
C:\i386\kbdinben.dll
C:\i386\KBDINDEV.DLL
C:\i386\KBDINGUJ.DLL
C:\i386\KBDINHIN.DLL
C:\i386\KBDINKAN.DLL
C:\i386\kbdinmal.dll
C:\i386\KBDINMAR.DLL
C:\i386\KBDINPUN.DLL
C:\i386\KBDINTAM.DLL
C:\i386\KBDINTEL.DLL
C:\i386\kbdir.dll
C:\i386\kbdit.dll
C:\i386\kbdit142.dll
C:\i386\kbdkaz.dll
C:\i386\kbdkyr.dll
C:\i386\kbdla.dll
C:\i386\kbdlt.dll
C:\i386\kbdlt1.dll
C:\i386\kbdlv.dll
C:\i386\kbdlv1.dll
C:\i386\kbdmac.dll
C:\i386\kbdmaori.dll
C:\i386\kbdmlt47.dll
C:\i386\kbdmlt48.dll
C:\i386\kbdmon.dll
C:\i386\kbdne.dll
C:\i386\kbdnec.dll
C:\i386\kbdno.dll
C:\i386\kbdno1.dll
C:\i386\kbdpl.dll
C:\i386\kbdpl1.dll
C:\i386\kbdpo.dll
C:\i386\kbdro.dll
C:\i386\kbdru.dll
C:\i386\kbdru1.dll
C:\i386\kbdsf.dll
---
continued at next post

beta7

2007-04-19, 07:36

C:\i386\kbdsg.dll
C:\i386\kbdsl.dll
C:\i386\kbdsl1.dll
C:\i386\kbdsmsfi.dll
C:\i386\kbdsmsno.dll
C:\i386\kbdsp.dll
C:\i386\kbdsw.dll
C:\i386\KBDSYR1.DLL
C:\i386\KBDSYR2.DLL
C:\i386\kbdtat.dll
C:\i386\KBDTH0.DLL
C:\i386\KBDTH1.DLL
C:\i386\KBDTH2.DLL
C:\i386\KBDTH3.DLL
C:\i386\kbdtuf.dll
C:\i386\kbdtuq.dll
C:\i386\kbduk.dll
C:\i386\kbdukx.dll
C:\i386\kbdur.dll
C:\i386\KBDURDU.DLL
C:\i386\kbdus.dll
C:\i386\kbdusl.dll
C:\i386\kbdusr.dll
C:\i386\kbdusx.dll
C:\i386\kbduzb.dll
C:\i386\KBDVNTC.DLL
C:\i386\kbdycc.dll
C:\i386\kbdycl.dll
C:\i386\kd1394.dll
C:\i386\kdcom.dll
C:\i386\kerberos.dll
C:\i386\kernel32.dll
C:\i386\keymgr.dll
C:\i386\krnlprov.dll
C:\i386\ksuser.dll
C:\i386\langwrbk.dll
C:\i386\laprxy.dll
C:\i386\LEARN32.DLL
C:\i386\lfbmp11n.dll
C:\i386\LFCMP11n.DLL
C:\i386\lfeps11n.dll
C:\i386\lffax11n.dll
C:\i386\lfgif11n.dll
C:\i386\lfpcd11n.dll
C:\i386\lfpcx11n.dll
C:\i386\Lfpng11n.dll
C:\i386\lfpsd11n.dll
C:\i386\lftga11n.dll
C:\i386\lftif11n.dll
C:\i386\lfwmf11n.dll
C:\i386\licdll.dll
C:\i386\licmgr10.dll
C:\i386\licwmi.dll
C:\i386\linkinfo.dll
C:\i386\lmhsvc.dll
C:\i386\lmrt.dll
C:\i386\loadperf.dll
C:\i386\localsec.dll
C:\i386\localspl.dll
C:\i386\localui.dll
C:\i386\log.dll
C:\i386\loghours.dll
C:\i386\lpk.dll
C:\i386\lprhelp.dll
C:\i386\lprmonui.dll
C:\i386\lsasrv.dll
C:\i386\LTDIS11n.dll
C:\i386\ltfil11n.DLL
C:\i386\ltimg11n.dll
C:\i386\ltkrn11n.dll
C:\i386\Ltwvc11n.dll
C:\i386\lz32.dll
C:\i386\LZEXPAND.DLL
C:\i386\mag_hook.dll
C:\i386\mapi32.dll
C:\i386\mapistub.dll
C:\i386\mcastmib.dll
C:\i386\mcd32.dll
C:\i386\mcdsrv32.dll
C:\i386\mchgrcoi.dll
C:\i386\mciavi32.dll
C:\i386\mcicda.dll
C:\i386\mciole16.dll
C:\i386\mciole32.dll
C:\i386\mciqtz32.dll
C:\i386\mciseq.dll
C:\i386\mciwave.dll
C:\i386\mdhcp.dll
C:\i386\mdminst.dll
C:\i386\mdmxsdk.dll
C:\i386\mdwmdmsp.dll
C:\i386\mf3216.dll
C:\i386\mfc40.dll
C:\i386\mfc40u.dll
C:\i386\mfc42.dll
C:\i386\mfc42u.dll
C:\i386\mfc70.dll
C:\i386\mfc70u.dll
C:\i386\mfc71.dll
C:\i386\mfc71u.dll
C:\i386\MFCANS32.DLL
C:\i386\mfcsubs.dll
C:\i386\mfcuia32.dll
C:\i386\mgmtapi.dll
C:\i386\midimap.dll
C:\i386\migism.dll
C:\i386\migism_a.dll
C:\i386\miglibnt.dll
C:\i386\mimefilt.dll
C:\i386\mlang.dll
C:\i386\mll_hp.dll
C:\i386\mll_mtf.dll
C:\i386\mll_qic.dll
C:\i386\mmcbase.dll
C:\i386\mmcndmgr.dll
C:\i386\mmcshext.dll
C:\i386\mmdrv.dll
C:\i386\mmfutil.dll
C:\i386\MMSYSTEM.DLL
C:\i386\mmutilse.dll
C:\i386\mnmdd.dll
C:\i386\mobsync.dll
C:\i386\modemui.dll
C:\i386\modex.dll
C:\i386\mofd.dll
C:\i386\moricons.dll
C:\i386\mp43dmod.dll
C:\i386\mp4sdmod.dll
C:\i386\mpg4dmod.dll
C:\i386\mpr.dll
C:\i386\mprapi.dll
C:\i386\mprddm.dll
C:\i386\mprdim.dll
C:\i386\mprmsg.dll
C:\i386\mprui.dll
C:\i386\mpvis.dll
C:\i386\msaatext.dll
C:\i386\msacm.dll
C:\i386\msacm32.dll
C:\i386\msadce.dll
C:\i386\msadcer.dll
C:\i386\msadcf.dll
C:\i386\msadcfr.dll
C:\i386\msadco.dll
C:\i386\msadcor.dll
C:\i386\msadcs.dll
C:\i386\msadds.dll
C:\i386\msaddsr.dll
C:\i386\msader15.dll
C:\i386\msado15.dll
C:\i386\msadomd.dll
C:\i386\msador15.dll
C:\i386\msadox.dll
C:\i386\msadrh15.dll
C:\i386\msafd.dll
C:\i386\msapsspc.dll
C:\i386\msasn1.dll
C:\i386\msaudite.dll
C:\i386\mscat32.dll
C:\i386\mscms.dll
C:\i386\msconf.dll
C:\i386\msconv97.dll
C:\i386\mscoree.dll
C:\i386\mscoree.dll.local
C:\i386\mscoreer.dll
C:\i386\mscorier.dll
C:\i386\mscories.dll
C:\i386\mscorsn.dll
C:\i386\mscorwks.dll
C:\i386\mscpx32r.dLL
C:\i386\mscpxl32.dLL
C:\i386\MSCTF.dll
C:\i386\MSCTFP.dll
C:\i386\msdadc.dll
C:\i386\msdadiag.dll
C:\i386\msdaenum.dll
C:\i386\msdaer.dll
C:\i386\MSDAIPP.DLL
C:\i386\msdaora.dll
C:\i386\msdaorar.dll
C:\i386\msdaosp.dll
C:\i386\MSDAPML.DLL
C:\i386\msdaprsr.dll
C:\i386\msdaprst.dll
C:\i386\msdaps.dll
C:\i386\msdarem.dll
C:\i386\msdaremr.dll
C:\i386\msdart.dll
C:\i386\msdasc.dll
C:\i386\msdasql.dll
C:\i386\msdasqlr.dll
C:\i386\msdatl3.dll
C:\i386\msdatt.dll
C:\i386\msdaurl.dll
C:\i386\msdfmap.dll
C:\i386\msdmo.dll
C:\i386\msdtclog.dll
C:\i386\msdtcprx.dll
C:\i386\msdtcstp.dll
C:\i386\msdtctm.dll
C:\i386\msdtcuiu.dll
C:\i386\msdxmlc.dll
C:\i386\msencode.dll
C:\i386\msexch40.dll
C:\i386\msexcl40.dll
C:\i386\msftedit.dll
C:\i386\msgina.dll
C:\i386\msgrocm.dll
C:\i386\msgsvc.dll
C:\i386\mshtml.dll
C:\i386\mshtmled.dll
C:\i386\mshtmler.dll
C:\i386\msi.dll
C:\i386\msident.dll
C:\i386\msidle.dll
C:\i386\msidntld.dll
C:\i386\msieftp.dll
C:\i386\msihnd.dll
C:\i386\msimg32.dll
C:\i386\msimsg.dll
C:\i386\MSIMTF.dll
C:\i386\msiprov.dll
C:\i386\msisip.dll
C:\i386\msjet40.dll
C:\i386\msjetoledb40.dll
C:\i386\msjint40.dll
C:\i386\msjro.dll
C:\i386\msjter40.dll
C:\i386\msjtes40.dll
C:\i386\mslbui.dll
C:\i386\msls31.dll
C:\i386\msltus40.dll
C:\i386\mslwvtts.dll
C:\i386\msnetobj.dll
C:\i386\msnsspc.dll
C:\i386\msobcomm.dll
C:\i386\msobdl.dll
C:\i386\msobjs.dll
C:\i386\msobmain.dll
C:\i386\msobshel.dll
C:\i386\msobweb.dll
C:\i386\msoe.dll
C:\i386\msoeacct.dll
C:\i386\msoeres.dll
C:\i386\msoert2.dll
C:\i386\MSONSEXT.DLL
C:\i386\msoobci.dll
C:\i386\msorc32r.dll
C:\i386\msorcl32.dll
C:\i386\MSOWS409.DLL
C:\i386\mspatcha.dll
C:\i386\mspbde40.dll
C:\i386\mspmsnsv.dll
C:\i386\mspmsp.dll
C:\i386\msports.dll
C:\i386\msprivs.dll
C:\i386\msr2c.dll
C:\i386\msr2cenu.dll
C:\i386\msratelc.dll
C:\i386\msrating.dll
C:\i386\msrclr40.dll
C:\i386\msrd2x40.dll
C:\i386\msrd3x40.dll
C:\i386\msrecr40.dll
C:\i386\msrepl40.dll
C:\i386\msrle32.dll
C:\i386\Mssap.dll
C:\i386\msscp.dll
C:\i386\mssign32.dll
C:\i386\mssip32.dll
C:\i386\msstkprp.dll
C:\i386\msswch.dll
C:\i386\MST120.DLL
C:\i386\MST123.DLL
C:\i386\mstask.dll
C:\i386\mstext40.dll
C:\i386\mstime.dll
C:\i386\mstlsapi.dll
C:\i386\mstscax.dll
C:\i386\msutb.dll
C:\i386\msv1_0.dll
C:\i386\msvbvm50.dll
C:\i386\msvbvm60.dll
C:\i386\msvci70.dll
C:\i386\msvcirt.dll
C:\i386\msvcp50.dll
C:\i386\msvcp60.dll
C:\i386\msvcp70.dll
C:\i386\msvcp71.dll
C:\i386\msvcr70.dll
C:\i386\msvcr71.dll
C:\i386\msvcrt.dll
C:\i386\msvcrt20.dll
C:\i386\msvcrt40.dll
C:\i386\msvfw32.dll
C:\i386\msvidc32.dll
C:\i386\msvidctl.dll
C:\i386\MSVIDEO.DLL
C:\i386\msw3prt.dll
C:\i386\mswdat10.dll
C:\i386\mswebdvd.dll
C:\i386\mswmdm.dll
C:\i386\mswsock.dll
C:\i386\mswstr10.dll
C:\i386\msxactps.dll
C:\i386\msxbde40.dll
C:\i386\msxml.dll
C:\i386\msxml2.dll
C:\i386\msxml2r.dll
C:\i386\msxml3.dll
C:\i386\msxml3r.dll
C:\i386\msxml4.dll
C:\i386\msxml4r.dll
C:\i386\msxmlr.dll
C:\i386\msyuv.dll
C:\i386\mtxclu.dll
C:\i386\mtxdm.dll
C:\i386\mtxex.dll
C:\i386\mtxlegih.dll
C:\i386\mtxoci.dll
C:\i386\mycomput.dll
C:\i386\mydocs.dll
C:\i386\nac.dll
C:\i386\narrhook.dll
C:\i386\ncobjapi.dll
C:\i386\ncprov.dll
C:\i386\Ncs2DMIX.dll
C:\i386\Ncs2InstUtility.dll
C:\i386\NcsCoLib.dll
C:\i386\ncxpnt.dll
C:\i386\nddeapi.dll
C:\i386\nddenb32.dll
C:\i386\ndisnpp.dll
C:\i386\netapi.dll
C:\i386\netapi32.dll
C:\i386\netcfgx.dll
C:\i386\netevent.dll
C:\i386\netfxperf.dll
C:\i386\neth.dll
C:\i386\netid.dll
C:\i386\netlogon.dll
C:\i386\netman.dll
C:\i386\netmsg.dll
C:\i386\netoc.dll
C:\i386\netplwiz.dll
C:\i386\netrap.dll
C:\i386\netshell.dll
C:\i386\netui0.dll
C:\i386\netui1.dll
C:\i386\netui2.dll
C:\i386\newdev.dll
C:\i386\nlhtml.dll
C:\i386\nmas.dll
C:\i386\nmasnt.dll
C:\i386\nmchat.dll
C:\i386\nmcom.dll
C:\i386\nmevtmsg.dll
C:\i386\nmft.dll
C:\i386\nmmkcert.dll
C:\i386\nmoldwb.dll
C:\i386\nmwb.dll
C:\i386\npdrmv2.dll
C:\i386\npdsplay.dll
C:\i386\npptools.dll
C:\i386\npwmsdrm.dll
C:\i386\ntdll.dll
C:\i386\ntdsapi.dll
C:\i386\ntevt.dll
C:\i386\ntlanman.dll
C:\i386\ntlanui.dll
C:\i386\ntlanui2.dll
C:\i386\ntlsapi.dll
C:\i386\ntmarta.dll
C:\i386\ntmsapi.dll
C:\i386\ntmsdba.dll
C:\i386\ntmsevt.dll
C:\i386\ntmsmgr.dll
C:\i386\ntmssvc.dll
C:\i386\ntoc.dll
C:\i386\ntprint.dll
C:\i386\ntsdexts.dll
C:\i386\ntshrui.dll
C:\i386\ntvdmd.dll
C:\i386\nv4_disp.dll
C:\i386\nvcod.dll
C:\i386\nvcodins.dll
C:\i386\nvcpl.dll
C:\i386\nvhwvid.dll
C:\i386\nview.dll
C:\i386\nvmctray.dll
C:\i386\nvnt4cpl.dll
C:\i386\nvoglnt.dll
C:\i386\nvshell.dll
C:\i386\nvwddi.dll
C:\i386\nvwdmcpl.dll
C:\i386\nvwimg.dll
C:\i386\nwprovau.dll
C:\i386\oakley.dll
C:\i386\objsel.dll
C:\i386\occache.dll
C:\i386\ocgen.dll
C:\i386\ocmanage.dll
C:\i386\ocmsn.dll
C:\i386\odbc16gt.dll
C:\i386\odbc32.dll
C:\i386\odbc32gt.dll
C:\i386\odbcbcp.dll
C:\i386\odbcconf.dll
C:\i386\odbccp32.dll
C:\i386\odbccr32.dll
C:\i386\odbccu32.dll
C:\i386\odbcint.dll
C:\i386\odbcji32.dll
C:\i386\odbcjt32.dll
C:\i386\odbcp32r.dll
C:\i386\odbctrac.dll
C:\i386\oddbse32.dll
C:\i386\odexl32.dll
C:\i386\odfox32.dll
C:\i386\odpdx32.dll
C:\i386\odtext32.dll
C:\i386\oeimport.dll
C:\i386\oemiglib.dll
C:\i386\offfilt.dll
C:\i386\ole2.dll
C:\i386\ole2disp.dll
C:\i386\ole2nls.dll
C:\i386\ole32.dll
C:\i386\oleacc.dll
C:\i386\oleaccrc.dll
C:\i386\oleaut32.dll
C:\i386\OLECLI.DLL
C:\i386\olecli32.dll
C:\i386\olecnv32.dll
C:\i386\oledb32.dll
C:\i386\oledb32r.dll
C:\i386\oledlg.dll
C:\i386\oleprn.dll
C:\i386\olepro32.dll
C:\i386\OLESVR.DLL
C:\i386\olesvr32.dll
C:\i386\olethk32.dll
C:\i386\OPENAL32.DLL
C:\i386\opengl32.dll
C:\i386\osuninst.dll
C:\i386\P17.dll
C:\i386\P17CPI.dll
C:\i386\P17res.dll
C:\i386\p2p.dll
C:\i386\p2pgasvc.dll
C:\i386\p2pgraph.dll
C:\i386\p2pnetsh.dll
C:\i386\p2psvc.dll
C:\i386\panmap.dll
C:\i386\paqsp.dll
C:\i386\pautoenr.dll
C:\i386\PCDLIB32.DLL
C:\i386\PCTREE32.DLL
C:\i386\pdh.dll
C:\i386\perfctrs.dll
C:\i386\perfdisk.dll
C:\i386\perfnet.dll
C:\i386\perfos.dll
C:\i386\perfproc.dll
C:\i386\perfts.dll
C:\i386\photowiz.dll
C:\i386\pid.dll
C:\i386\pidgen.dll
C:\i386\pifmgr.dll
C:\i386\pjlmon.dll
C:\i386\plustab.dll
C:\i386\pmspl.dll
C:\i386\pncrt.dll
C:\i386\pndx5016.dll
C:\i386\pndx5032.dll
C:\i386\pngfilt.dll
C:\i386\pnrpnsp.dll
C:\i386\polstore.dll
C:\i386\powrprof.dll
C:\i386\prflbmsg.dll
C:\i386\printui.dll
C:\i386\profmap.dll
C:\i386\provthrd.dll
C:\i386\psapi.dll
C:\i386\psbase.dll
C:\i386\pschdprf.dll
C:\i386\psnppagn.dll
C:\i386\pspascrrc5.dll
C:\i386\pstorec.dll
C:\i386\pstorsvc.dll
C:\i386\Px.dll
C:\i386\pxdrv.dll
C:\i386\PxMas.dll
C:\i386\PxSFS.DLL
C:\i386\PxWave.dll
C:\i386\PXWMA.dll
C:\i386\qasf.dll
C:\i386\qcap.dll
C:\i386\qdv.dll
C:\i386\qdvd.dll
C:\i386\qedit.dll
C:\i386\qedwipes.dll
C:\i386\qmgr.dll
C:\i386\qmgrprxy.dll
C:\i386\qosname.dll
C:\i386\QTUninst.dll
C:\i386\quartz.dll
C:\i386\query.dll
C:\i386\racpldlg.dll
C:\i386\rasadhlp.dll
C:\i386\rasapi32.dll
C:\i386\rasauto.dll
C:\i386\raschap.dll
C:\i386\rasctrs.dll
C:\i386\rasdlg.dll
C:\i386\rasman.dll
C:\i386\rasmans.dll
C:\i386\rasmontr.dll
C:\i386\rasmxs.dll
C:\i386\rasppp.dll
C:\i386\rasrad.dll
C:\i386\rassapi.dll
C:\i386\rasser.dll
C:\i386\rastapi.dll
C:\i386\rastls.dll
C:\i386\rcbdyctl.dll
C:\i386\rdchost.dll
C:\i386\rdpcfgex.dll
C:\i386\rdpdd.dll
C:\i386\rdpsnd.dll
C:\i386\rdpwsx.dll
C:\i386\regapi.dll
C:\i386\regsvc.dll
C:\i386\regwizc.dll
C:\i386\remotepg.dll
C:\i386\rend.dll
C:\i386\repdrvfs.dll
C:\i386\resutils.dll
C:\i386\riched20.dll
C:\i386\riched32.dll
C:\i386\rmoc3260.dll
C:\i386\rnr20.dll
C:\i386\roboex32.dll
C:\i386\routetab.dll
C:\i386\rpcns4.dll
C:\i386\rpcrt4.dll
C:\i386\rpcss.dll
C:\i386\rrcm.dll
C:\i386\rsaenh.dll
C:\i386\rshx32.dll
C:\i386\rsmps.dll
C:\i386\rsvpmsg.dll
C:\i386\rsvpperf.dll
C:\i386\rsvpsp.dll
C:\i386\rtipxmib.dll
C:\i386\rtm.dll
C:\i386\rtutils.dll
C:\i386\safrcdlg.dll
C:\i386\safrdm.dll
C:\i386\safrslv.dll
C:\i386\samlib.dll
C:\i386\samsrv.dll
C:\i386\sapi.dll
C:\i386\sbe.dll
C:\i386\sbeio.dll
C:\i386\scarddlg.dll
C:\i386\scardssp.dll
C:\i386\sccbase.dll
C:\i386\sccsccp.dll
C:\i386\scecli.dll
C:\i386\scesrv.dll
C:\i386\schannel.dll
C:\i386\schedsvc.dll
C:\i386\sclgntfy.dll
C:\i386\scredir.dll
C:\i386\script.dll
C:\i386\script_a.dll
C:\i386\scrobj.dll
C:\i386\scrrun.dll
C:\i386\sdhcinst.dll
C:\i386\sdpblb.dll
C:\i386\seclogon.dll
C:\i386\secur32.dll
C:\i386\security.dll
C:\i386\sendcmsg.dll
C:\i386\sendmail.dll
C:\i386\sens.dll
C:\i386\sensapi.dll
C:\i386\senscfg.dll
C:\i386\serialui.dll
C:\i386\servdeps.dll
C:\i386\serwvdrv.dll
C:\i386\setupapi.dll
C:\i386\setupdll.dll
C:\i386\setupqry.dll
C:\i386\sfc.dll
C:\i386\sfcfiles.dll
C:\i386\SFCVRT32.DLL
C:\i386\sfc_os.dll
C:\i386\sfman32.dll
C:\i386\sfmapi.dll
C:\i386\sfms32.dll
C:\i386\shdoclc.dll
C:\i386\shdocvw.dll
C:\i386\SHELL.DLL
C:\i386\shell32.dll
C:\i386\shellstyle.dll
C:\i386\shfolder.dll
C:\i386\shgina.dll
C:\i386\shimeng.dll
C:\i386\shimgvw.dll
C:\i386\shlwapi.dll
C:\i386\shmedia.dll
C:\i386\shscrap.dll
C:\i386\shsvcs.dll
C:\i386\sigtab.dll
C:\i386\sisbkup.dll
C:\i386\skdll.dll
C:\i386\slayerxp.dll
C:\i386\slbcsp.dll
C:\i386\slbiop.dll
C:\i386\slbrccsp.dll
C:\i386\smlogcfg.dll
C:\i386\smtpcons.dll
C:\i386\sniffpol.dll
C:\i386\snmpapi.dll
C:\i386\snmpsnap.dll
C:\i386\softpub.dll
C:\i386\spcplui.dll
C:\i386\spcustom.dll.ref
C:\i386\spmsg.dll
C:\i386\spmsg.dll.ref
C:\i386\spnike.dll
C:\i386\spoolss.dll
C:\i386\SPR32D30.DLL
C:\i386\sprio600.dll
C:\i386\sprio800.dll
C:\i386\spxcoins.dll
C:\i386\sqloledb.dll
C:\i386\sqlsrv32.dll
C:\i386\sqlunirl.dll
C:\i386\sqlwid.dll
C:\i386\sqlwoa.dll
C:\i386\sqlxmlx.dll
C:\i386\srclient.dll
C:\i386\srrstr.dll
C:\i386\srsvc.dll
C:\i386\srvsvc.dll
C:\i386\ssdpapi.dll
C:\i386\ssdpsrv.dll
C:\i386\sstub.dll
C:\i386\startoc.dll
C:\i386\stclient.dll
C:\i386\stdprov.dll
C:\i386\sti.dll
C:\i386\sti_ci.dll
C:\i386\stobject.dll
C:\i386\storage.dll
C:\i386\storprop.dll
C:\i386\streamci.dll
C:\i386\strmdll.dll
C:\i386\strmfilt.dll
C:\i386\svcpack.dll
C:\i386\swprv.dll
C:\i386\sxs.dll
C:\i386\synceng.dll
C:\i386\syncui.dll
C:\i386\sysinv.dll
C:\i386\sysmod.dll
C:\i386\sysmod_a.dll
C:\i386\syssetup.dll
C:\i386\t2embed.dll
C:\i386\TAPI.DLL
C:\i386\tapi3.dll
C:\i386\tapi32.dll
C:\i386\tapiperf.dll
C:\i386\tapisrv.dll
C:\i386\tapiui.dll
C:\i386\tcpmib.dll
C:\i386\tcpmon.dll
C:\i386\tcpmonui.dll
C:\i386\termmgr.dll
C:\i386\termsrv.dll
C:\i386\tfswapi.dll
C:\i386\themeui.dll
C:\i386\tmplprov.dll
C:\i386\toolhelp.dll
C:\i386\traffic.dll
C:\i386\trialoc.dll
C:\i386\TRIEDIT.DLL
C:\i386\trkwks.dll
C:\i386\trnsprov.dll
C:\i386\tsappcmp.dll
C:\i386\tsbyuv.dll
C:\i386\tscfgwmi.dll
C:\i386\tsd32.dll
C:\i386\tsddd.dll
C:\i386\tshoot.dll
C:\i386\tsoc.dll
C:\i386\twext.dll
C:\i386\txflog.dll
---

continued in next post

beta7

2007-04-19, 07:37

C:\i386\typelib.dll
C:\i386\udhisapi.dll
C:\i386\ufat.dll
C:\i386\ulib.dll
C:\i386\umandlg.dll
C:\i386\umdmxfrm.dll
C:\i386\UMLoader.dll
C:\i386\umpnpmgr.dll
C:\i386\unimdmat.dll
C:\i386\uniplat.dll
C:\i386\untfs.dll
C:\i386\updprov.dll
C:\i386\updspapi.dll.ref
C:\i386\upnp.dll
C:\i386\upnphost.dll
C:\i386\upnpui.dll
C:\i386\ureg.dll
C:\i386\url.dll
C:\i386\urlmon.dll
C:\i386\usbmon.dll
C:\i386\usbui.dll
C:\i386\user32.dll
C:\i386\userenv.dll
C:\i386\usp10.dll
C:\i386\usrcntra.dll
C:\i386\usrcoina.dll
C:\i386\usrdpa.dll
C:\i386\usrdtea.dll
C:\i386\usrfaxa.dll
C:\i386\usrlbva.dll
C:\i386\usrrtosa.dll
C:\i386\usrsdpia.dll
C:\i386\usrsvpia.dll
C:\i386\usrv42a.dll
C:\i386\usrv80a.dll
C:\i386\usrvoica.dll
C:\i386\usrvpa.dll
C:\i386\utildll.dll
C:\i386\uxtheme.dll
C:\i386\VBA6.DLL
C:\i386\vbajet32.dll
C:\i386\vbscript.dll
C:\i386\vcdex.dll
C:\i386\vdmdbg.dll
C:\i386\vdmredir.dll
C:\i386\VER.DLL
C:\i386\verifier.dll
C:\i386\version.dll
C:\i386\vfpodbc.dll
C:\i386\vga.dll
C:\i386\vga256.dll
C:\i386\vga64k.dll
C:\i386\vgx.dll
C:\i386\viewprov.dll
C:\i386\vjoy.dll
C:\i386\vssapi.dll
C:\i386\vss_ps.dll
C:\i386\VXBLOCK.dll
C:\i386\vxdmdcdlg.dll
C:\i386\w32time.dll
C:\i386\w32topl.dll
C:\i386\w3ssl.dll
C:\i386\wab32.dll
C:\i386\wab32res.dll
C:\i386\wabfind.dll
C:\i386\wabimp.dll
C:\i386\wavemsp.dll
C:\i386\wbemads.dll
C:\i386\wbemcntl.dll
C:\i386\wbemcomn.dll
C:\i386\wbemcons.dll
C:\i386\wbemcore.dll
C:\i386\wbemdisp.dll
C:\i386\wbemess.dll
C:\i386\wbemperf.dll
C:\i386\wbemprox.dll
C:\i386\wbemsvc.dll
C:\i386\wbemupgd.dll
C:\i386\wdfapi.dll
C:\i386\wdigest.dll
C:\i386\webcheck.dll
C:\i386\webclnt.dll
C:\i386\webhits.dll
C:\i386\webvw.dll
C:\i386\wiadefui.dll
C:\i386\wiadss.dll
C:\i386\wiascr.dll
C:\i386\wiaservc.dll
C:\i386\wiashext.dll
C:\i386\wiavideo.dll
C:\i386\wiavusd.dll
C:\i386\wifeman.dll
C:\i386\win32spl.dll
C:\i386\win87em.dll
C:\i386\winbrand.dll
C:\i386\winfax.dll
C:\i386\winhttp.dll
C:\i386\wininet.dll
C:\i386\winipsec.dll
C:\i386\winmgmtr.dll
C:\i386\winmm.dll
C:\i386\winnls.dll
C:\i386\WINNT32A.DLL
C:\i386\WINNT32U.DLL
C:\i386\WINNTBBA.DLL
C:\i386\winntbbu.dll
C:\i386\winrnr.dll
C:\i386\winscard.dll
C:\i386\winshfhc.dll
C:\i386\winsock.dll
C:\i386\winsrv.dll
C:\i386\winsta.dll
C:\i386\winstrm.dll
C:\i386\wintrust.dll
C:\i386\wkssvc.dll
C:\i386\wldap32.dll
C:\i386\wlnotify.dll
C:\i386\wmadmod.dll
C:\i386\wmadmoe.dll
C:\i386\wmasf.dll
C:\i386\wmdmlog.dll
C:\i386\wmdmps.dll
C:\i386\WMDRMdev.dll
C:\i386\WMDRMNet.dll
C:\i386\wmerrenu.dll
C:\i386\wmerror.dll
C:\i386\wmi.dll
C:\i386\wmi2xml.dll
C:\i386\wmiapres.dll
C:\i386\wmiaprpl.dll
C:\i386\wmicookr.dll
C:\i386\wmidcprv.dll
C:\i386\wmidx.dll
C:\i386\wmimsg.dll
C:\i386\wmipcima.dll
C:\i386\wmipdskq.dll
C:\i386\wmipicmp.dll
C:\i386\wmipiprt.dll
C:\i386\wmipjobj.dll
C:\i386\wmiprop.dll
C:\i386\wmiprov.dll
C:\i386\wmiprvsd.dll
C:\i386\wmipsess.dll
C:\i386\wmisvc.dll
C:\i386\wmitimep.dll
C:\i386\wmiutils.dll
C:\i386\wmnetmgr.dll
C:\i386\wmp.dll
C:\i386\wmpasf.dll
C:\i386\wmpband.dll
C:\i386\wmpcd.dll
C:\i386\wmpcore.dll
C:\i386\wmpdxm.dll
C:\i386\wmpencen.dll
C:\i386\wmploc.dll
C:\i386\wmpns.dll
C:\i386\wmpshell.dll
C:\i386\wmpsrcwp.dll
C:\i386\wmpui.dll
C:\i386\wmsdmod.dll
C:\i386\wmsdmoe.dll
C:\i386\wmsdmoe2.dll
C:\i386\wmspdmod.dll
C:\i386\wmspdmoe.dll
C:\i386\wmstream.dll
C:\i386\wmvadvd.dll
C:\i386\WMVADVE.DLL
C:\i386\wmvcore.dll
C:\i386\wmvdmod.dll
C:\i386\wmvdmoe2.dll
C:\i386\wow32.dll
C:\i386\wowfax.dll
C:\i386\wowfaxui.dll
C:\i386\wpdconns.dll
C:\i386\wpdmtp.dll
C:\i386\wpdmtpdr.dll
C:\i386\wpdmtpus.dll
C:\i386\wpdsp.dll
C:\i386\wpdtrace.dll
C:\i386\wpd_ci.dll
C:\i386\ws2help.dll
C:\i386\ws2_32.dll
C:\i386\wscsvc.dll
C:\i386\WSDU.DLL
C:\i386\WSDUENG.DLL
C:\i386\wshatm.dll
C:\i386\wshbth.dll
C:\i386\wshcon.dll
C:\i386\wshext.dll
C:\i386\wship6.dll
C:\i386\wshisn.dll
C:\i386\wshnetbs.dll
C:\i386\WshRm.dll
C:\i386\wshtcpip.dll
C:\i386\wsnmp32.dll
C:\i386\wsock32.dll
C:\i386\wstdecod.dll
C:\i386\wtsapi32.dll
C:\i386\wuapi.dll
C:\i386\wuaueng.dll
C:\i386\wuaueng1.dll
C:\i386\wuauserv.dll
C:\i386\wucltui.dll
C:\i386\wups.dll
C:\i386\wups2.dll
C:\i386\wuweb.dll
C:\i386\wzcdlg.dll
C:\i386\wzcsapi.dll
C:\i386\wzcsvc.dll
C:\i386\xactsrv.dll
C:\i386\XceedFtp.dll
C:\i386\xenroll.dll
C:\i386\xmlprov.dll
C:\i386\xmlprovi.dll
C:\i386\xolehlp.dll
C:\i386\xpob2res.dll
C:\i386\xpsp1res.dll
C:\i386\xpsp2res.dll
C:\i386\zipfldr.dll
C:\i386\zoneoc.dll
C:\i386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
C:\i386\ASMS\6000\MSFT\VCRTL\ATL.DLL
C:\i386\ASMS\6000\MSFT\VCRTL\MFC42.DLL
C:\i386\ASMS\6000\MSFT\VCRTL\MFC42U.DLL
C:\i386\ASMS\6000\MSFT\VCRTL\MSVCP60.DLL
C:\i386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
C:\i386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCIRT.DLL
C:\i386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
C:\i386\DRW\FAULTH.DLL
C:\i386\DRW\1033\DWINTL.DLL
C:\i386\SP1\cscdll.dll
C:\i386\SP1\Windows\System32\cscdll.dll
C:\i386\SYSTEM32\NTDLL.DLL
C:\i386\WINNTUPG\APMUPGRD.DLL
C:\i386\WINNTUPG\BOSCOMP.DLL
C:\i386\WINNTUPG\CFGMGR32.DLL
C:\i386\WINNTUPG\CLUSCOMP.DLL
C:\i386\WINNTUPG\FSFILTER.DLL
C:\i386\WINNTUPG\FTCOMP.DLL
C:\i386\WINNTUPG\INPUPGRD.DLL
C:\i386\WINNTUPG\MSMQCOMP.DLL
C:\i386\WINNTUPG\NETUPGRD.DLL
C:\i386\WINNTUPG\NTDSUPG.DLL
C:\i386\WINNTUPG\NV4PREP.DLL
C:\i386\WINNTUPG\SETUPAPI.DLL
C:\i386\WINNTUPG\TSCOMP.DLL
C:\i386\WINNTUPG\VIDUPGRD.DLL
C:\i386\WINNTUPG\MS\MODEMSHR\MDMSHRUP.DLL
C:\i386\WINNTUPG\MS\SNA\IBMMGUG.DLL
C:\i386\WINNTUPG\MS\SNA\NTSNAUPG.DLL
C:\i386\WINNTUPG\MS\SNA\SNADLCUG.DLL
C:\i386\WINNTUPG\OEM\DIGI\ASYNC\DGUPGRD.DLL
C:\i386\WINNTUPG\OEM\DIGI\ISDN\BRI\DIGIUPG.DLL
C:\i386\WINNTUPG\OEM\DIGI\ISDN\PRI\DIGPRIUP.DLL
C:\i386\WINNTUPG\OEM\DIGI\REALPORT\DGRPUPG.DLL
C:\i386\WINNTUPG\OEM\EQN\EQNUPGRD.DLL
C:\i386\WINNTUPG\OEM\SPX\MPS\SPXUPGRD.DLL
C:\i386\WINNTUPG\OEM\TIGERJET\TJUPG.DLL
C:\Documents and Settings\Company Personnel\My Documents\s?curity\n?tepad.exe
C:\DRIVERS\AUDIO\ONBOARD\STSYSTRA.EXE
C:\DRIVERS\AUDIO\ONBOARD\SUHLP.EXE
C:\DRIVERS\AUDIO\ONBOARD\SUHLP64.EXE
C:\DRIVERS\MODEM\Addon\HXFSetup.exe
C:\DRIVERS\NETWORK\ONBOARD\PROUNSTL.EXE
C:\DRIVERS\NETWORK\ONBOARD\SETUP.EXE
C:\DRIVERS\VIDEO\ADDON\NVUDISP.EXE
C:\DRIVERS\VIDEO\ONBOARD\HKCMD.EXE
C:\DRIVERS\VIDEO\ONBOARD\IGFXCFG.EXE
C:\DRIVERS\VIDEO\ONBOARD\IGFXEXT.EXE
C:\DRIVERS\VIDEO\ONBOARD\IGFXPERS.EXE
C:\DRIVERS\VIDEO\ONBOARD\IGFXSRVC.EXE
C:\DRIVERS\VIDEO\ONBOARD\IGFXTRAY.EXE
C:\DRIVERS\VIDEO\ONBOARD\IGFXZOOM.EXE
C:\i386\accwiz.exe
C:\i386\actmovie.exe
C:\i386\agentsvr.exe
C:\i386\ahui.exe
C:\i386\alg.exe
C:\i386\append.exe
C:\i386\arp.exe
C:\i386\at.exe
C:\i386\atmadm.exe
C:\i386\attrib.exe
C:\i386\auditusr.exe
C:\i386\autochk.exe
C:\i386\autoconv.exe
C:\i386\autofmt.exe
C:\i386\autolfn.exe
C:\i386\blastcln.exe
C:\i386\bootok.exe
C:\i386\bootvrfy.exe
C:\i386\cacls.exe
C:\i386\calc.exe
C:\i386\cb32.exe
C:\i386\charmap.exe
C:\i386\chkdsk.exe
C:\i386\chkntfs.exe
C:\i386\cidaemon.exe
C:\i386\cisvc.exe
C:\i386\ckcnv.exe
C:\i386\cleanmgr.exe
C:\i386\cliconfg.exe
C:\i386\clipbrd.exe
C:\i386\clipsrv.exe
C:\i386\cmd.exe
C:\i386\cmdl32.exe
C:\i386\cmmon32.exe
C:\i386\cmstp.exe
C:\i386\comp.exe
C:\i386\compact.exe
C:\i386\comrepl.exe
C:\i386\comrereg.exe
C:\i386\conf.exe
C:\i386\conime.exe
C:\i386\control.exe
C:\i386\convert.exe
C:\i386\cscript.exe
C:\i386\csrss.exe
C:\i386\ctfmon.exe
C:\i386\CTSVCCDA.EXE
C:\i386\CTSVCCTL.EXE
C:\i386\dcomcnfg.exe
C:\i386\ddeshare.exe
C:\i386\debug.exe
C:\i386\defrag.exe
C:\i386\dfrgfat.exe
C:\i386\dfrgntfs.exe
C:\i386\diantz.exe
C:\i386\diskpart.exe
C:\i386\diskperf.exe
C:\i386\dllhost.exe
C:\i386\dllhst3g.exe
C:\i386\dmadmin.exe
C:\i386\dmremote.exe
C:\i386\doskey.exe
C:\i386\dosx.exe
C:\i386\dplaysvr.exe
C:\i386\dpnsvr.exe
C:\i386\dpvsetup.exe
C:\i386\drwatson.exe
C:\i386\drwtsn32.exe
C:\i386\dumprep.exe
C:\i386\dvdplay.exe
C:\i386\dvdupgrd.exe
C:\i386\dwwin.exe
C:\i386\dxdiag.exe
C:\i386\edlin.exe
C:\i386\esentutl.exe
C:\i386\eudcedit.exe
C:\i386\eventvwr.exe
C:\i386\exe2bin.exe
C:\i386\expand.exe
C:\i386\extrac32.exe
C:\i386\fastopen.exe
C:\i386\FAXPATCH.EXE
C:\i386\fc.exe
C:\i386\find.exe
C:\i386\findstr.exe
C:\i386\finger.exe
C:\i386\fixmapi.exe
C:\i386\fltMc.exe
C:\i386\fontview.exe
C:\i386\forcedos.exe
C:\i386\freecell.exe
C:\i386\fsquirt.exe
C:\i386\fsutil.exe
C:\i386\ftp.exe
C:\i386\fxsclnt.exe
C:\i386\fxscover.exe
C:\i386\fxssend.exe
C:\i386\fxssvc.exe
C:\i386\gdi.exe
C:\i386\GetFlash.exe
C:\i386\grpconv.exe
C:\i386\Hdaudpropshortcut.exe
C:\i386\help.exe
C:\i386\hostname.exe
C:\i386\icwconn1.exe
C:\i386\icwconn2.exe
C:\i386\icwrmind.exe
C:\i386\icwtutor.exe
C:\i386\ie4uinit.exe
C:\i386\iexpress.exe
C:\i386\imapi.exe
C:\i386\inetwiz.exe
C:\i386\ipconfig.exe
C:\i386\ipsec6.exe
C:\i386\ipv6.exe
C:\i386\ipxroute.exe
C:\i386\isignup.exe
C:\i386\java.exe
C:\i386\javaw.exe
C:\i386\javaws.exe
C:\i386\KB873339.exe
C:\i386\KB885250.exe
C:\i386\KB885835.exe
C:\i386\KB887472.exe
C:\i386\KB888113.exe
C:\i386\KB888310.exe
C:\i386\KB890175.exe
C:\i386\KB890923.exe
C:\i386\KB891781.exe
C:\i386\KB896422.exe
C:\i386\keystone.exe
C:\i386\krnl386.exe
C:\i386\label.exe
C:\i386\lights.exe
C:\i386\lnkstub.exe
C:\i386\locator.exe
C:\i386\lodctr.exe
C:\i386\logagent.exe
C:\i386\logman.exe
C:\i386\logoff.exe
C:\i386\logonui.exe
C:\i386\lpq.exe
C:\i386\lpr.exe
C:\i386\lsass.exe
C:\i386\magnify.exe
C:\i386\makecab.exe
C:\i386\mem.exe
C:\i386\migload.exe
C:\i386\migpwd.exe
C:\i386\migrate.exe
C:\i386\migwiz.exe
C:\i386\migwiz_a.exe
C:\i386\mmc.exe
C:\i386\mnmsrvc.exe
C:\i386\mobsync.exe
C:\i386\mofcomp.exe
C:\i386\mountvol.exe
C:\i386\mplay32.exe
C:\i386\mplayer2.exe
C:\i386\mpnotify.exe
C:\i386\mrinfo.exe
C:\i386\mscdexnt.exe
C:\i386\msdtc.exe
C:\i386\msg.exe
C:\i386\mshearts.exe
C:\i386\mshta.exe
C:\i386\msiexec.exe
C:\i386\msimn.exe
C:\i386\msinfo32.exe
C:\i386\msoobe.exe
C:\i386\mspaint.exe
C:\i386\MsPMSPSv.exe
C:\i386\msswchx.exe
C:\i386\mstinit.exe
C:\i386\mstsc.exe
C:\i386\narrator.exe
C:\i386\nbtstat.exe
C:\i386\nddeapir.exe
C:\i386\net.exe
C:\i386\net1.exe
C:\i386\netdde.exe
C:\i386\netsetup.exe
C:\i386\netsh.exe
C:\i386\netstat.exe
C:\i386\ngen.exe.2c05686e.ini
C:\i386\nlsfunc.exe
C:\i386\notepad.exe
C:\i386\nppagent.exe
C:\i386\nslookup.exe
C:\i386\ntkrnlpa.exe
C:\i386\ntoskrnl.exe
C:\i386\ntsd.exe
C:\i386\ntvdm.exe
C:\i386\nvappbar.exe
C:\i386\nvcolor.exe
C:\i386\nvdspsch.exe
C:\i386\nvsvc32.exe
C:\i386\nvudisp.exe
C:\i386\nwiz.exe
C:\i386\odbcad32.exe
C:\i386\odbcconf.exe
C:\i386\oemig50.exe
C:\i386\oobebaln.exe
C:\i386\OOBEINIT.exe.1824c240.ini
C:\i386\orun32.exe
C:\i386\osk.exe
C:\i386\osuninst.exe
C:\i386\ounins32_s.exe
C:\i386\packager.exe
C:\i386\pathping.exe
C:\i386\pentnt.exe
C:\i386\perfmon.exe
C:\i386\PINBALL.EXE
C:\i386\ping.exe
C:\i386\ping6.exe
C:\i386\powercfg.exe
C:\i386\print.exe
C:\i386\progman.exe
C:\i386\proquota.exe
C:\i386\Prounstl.exe
C:\i386\proxycfg.exe
C:\i386\pxcpya64.exe
C:\i386\pxcpyi64.exe
C:\i386\pxhpinst.exe
C:\i386\pxinsa64.exe
C:\i386\pxinsi64.exe
C:\i386\qappsrv.exe
C:\i386\qprocess.exe
C:\i386\QTPluginInstaller.exe
C:\i386\QuickTimeUpdateHelper.exe
C:\i386\qwinsta.exe
C:\i386\rasautou.exe
C:\i386\rasdial.exe
C:\i386\rasphone.exe
C:\i386\rcimlby.exe
C:\i386\rcp.exe
C:\i386\rdpclip.exe
C:\i386\rdsaddin.exe
C:\i386\rdshost.exe
C:\i386\recover.exe
C:\i386\redir.exe
C:\i386\reg.exe
C:\i386\REGEDIT.EXE
--

Continued in next post

beta7

2007-04-19, 07:39

C:\i386\regedt32.exe
C:\i386\regini.exe
C:\i386\regsvr32.exe
C:\i386\regtlib.exe
C:\i386\regwiz.exe
C:\i386\replace.exe
C:\i386\reset.exe
C:\i386\rexec.exe
C:\i386\route.exe
C:\i386\routemon.exe
C:\i386\rsh.exe
C:\i386\rsm.exe
C:\i386\rsmsink.exe
C:\i386\rsmui.exe
C:\i386\rstrui.exe
C:\i386\rsvp.exe
C:\i386\rtcshare.exe
C:\i386\runas.exe
C:\i386\rundll32.exe
C:\i386\runonce.exe
C:\i386\rwinsta.exe
C:\i386\sapisvr.exe
C:\i386\savedump.exe
C:\i386\sc.exe
C:\i386\scardsvr.exe
C:\i386\scrcons.exe
C:\i386\sdbinst.exe
C:\i386\services.exe
C:\i386\sessmgr.exe
C:\i386\sethc.exe
C:\i386\setup.exe
C:\i386\setup50.exe
C:\i386\setup_wm.exe
C:\i386\setver.exe
C:\i386\sfc.exe
C:\i386\shadow.exe
C:\i386\share.exe
C:\i386\shmgrate.exe
C:\i386\shrpubw.exe
C:\i386\shutdown.exe
C:\i386\sigverif.exe
C:\i386\skeys.exe
C:\i386\smbinst.exe
C:\i386\smlogsvc.exe
C:\i386\smss.exe
C:\i386\sndrec32.exe
C:\i386\sndvol32.exe
C:\i386\sol.exe
C:\i386\sort.exe
C:\i386\spider.exe
C:\i386\spnpinst.exe
C:\i386\spoolsv.exe
C:\i386\sprestrt.exe
C:\i386\spuninst.exe.ref
C:\i386\spupdsvc.exe
C:\i386\spupdsvc.exe.ref
C:\i386\srdiag.exe
C:\i386\stimon.exe
C:\i386\subst.exe
C:\i386\svchost.exe
C:\i386\syncapp.exe
C:\i386\sysedit.exe
C:\i386\syskey.exe
C:\i386\sysocmgr.exe
C:\i386\SYSPARSE.EXE
C:\i386\systray.exe
C:\i386\taskman.exe
C:\i386\taskmgr.exe
C:\i386\tcmsetup.exe
C:\i386\tcpsvcs.exe
C:\i386\telnet.exe
C:\i386\tftp.exe
C:\i386\tour.exe
C:\i386\tourstart.exe
C:\i386\tracert.exe
C:\i386\tracert6.exe
C:\i386\tscon.exe
C:\i386\tscupgrd.exe
C:\i386\tsdiscon.exe
C:\i386\tskill.exe
C:\i386\tsshutdn.exe
C:\i386\unlodctr.exe
C:\i386\unregmp2.exe
C:\i386\unsecapp.exe
C:\i386\update.exe.ref
C:\i386\upnpcont.exe
C:\i386\ups.exe
C:\i386\user.exe
C:\i386\userinit.exe
C:\i386\usersid.exe
C:\i386\USETUP.EXE
C:\i386\usrmlnka.exe
C:\i386\usrprbda.exe
C:\i386\usrshuta.exe
C:\i386\utilman.exe
C:\i386\uwdf.exe
C:\i386\verifier.exe
C:\i386\vssadmin.exe
C:\i386\vssvc.exe
C:\i386\w32tm.exe
C:\i386\wab.exe
C:\i386\wabmig.exe
C:\i386\wb32.exe
C:\i386\wbemtest.exe
C:\i386\wdfmgr.exe
C:\i386\wextract.exe
C:\i386\wiaacmgr.exe
C:\i386\winchat.exe
C:\i386\winhlp32.exe
C:\i386\winlogon.exe
C:\i386\winmgmt.exe
C:\i386\winmine.exe
C:\i386\winmsd.exe
C:\i386\WINNT.EXE
C:\i386\WINNT32.EXE
C:\i386\winspool.exe
C:\i386\winver.exe
C:\i386\wmiadap.exe
C:\i386\wmiapsrv.exe
C:\i386\wmiprvse.exe
C:\i386\wmlaunch.exe
C:\i386\wmpenc.exe
C:\i386\wmplayer.exe
C:\i386\wmsetsdk.exe
C:\i386\wowdeb.exe
C:\i386\wowexec.exe
C:\i386\wpabaln.exe
C:\i386\wpnpinst.exe
C:\i386\write.exe
C:\i386\wscntfy.exe
C:\i386\wscript.exe
C:\i386\wuauclt.exe
C:\i386\wuauclt1.exe
C:\i386\wupdmgr.exe
C:\i386\xcopy.exe
C:\i386\DRW\DWWIN.EXE
C:\i386\SYSTEM32\SMSS.EXE
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1275OinAdmin.exe
C:\Program Files\Common Files\Yazzle1275OinUninstaller.exe
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\W?nSxS\ping.exe
C:\DRIVERS\AUDIO\ADDON\CTOSS2K.SYS
C:\DRIVERS\AUDIO\ADDON\CTSFM2K.SYS
C:\DRIVERS\AUDIO\ADDON\P17.SYS
C:\DRIVERS\AUDIO\ADDON\PFMODNT.SYS
C:\DRIVERS\AUDIO\ONBOARD\STHDA.SYS
C:\DRIVERS\AUDIO\ONBOARD\STHDA64.SYS
C:\DRIVERS\MODEM\Addon\HSFHWBS2.sys
C:\DRIVERS\MODEM\Addon\HSF_CNXT.sys
C:\DRIVERS\MODEM\Addon\HSF_DP.sys
C:\DRIVERS\MODEM\Addon\MDMXSDK.sys
C:\DRIVERS\NETWORK\ONBOARD\E100B325.SYS
C:\DRIVERS\NETWORK\ONBOARD\E100BNT5.SYS
C:\DRIVERS\VIDEO\ONBOARD\IALMNT5.SYS
C:\i386\ABP480N5.SYS
C:\i386\acpi.sys
C:\i386\acpiec.sys
C:\i386\adpu160m.sys
C:\i386\aec.sys
C:\i386\afd.sys
C:\i386\AGP440.SYS
C:\i386\AGPCPQ.SYS
C:\i386\aha154x.sys
C:\i386\aic78u2.sys
C:\i386\aic78xx.sys
C:\i386\aliide.sys
C:\i386\ALIM1541.SYS
C:\i386\AMDAGP.SYS
C:\i386\amdk6.sys
C:\i386\amdk7.sys
C:\i386\amsint.sys
C:\i386\ansi.sys
C:\i386\arp1394.sys
C:\i386\asc.sys
C:\i386\asc3350p.sys
C:\i386\asc3550.sys
C:\i386\asctrm.sys
C:\i386\asyncmac.sys
C:\i386\atapi.sys
C:\i386\atmarpc.sys
C:\i386\atmepvc.sys
C:\i386\atmlane.sys
C:\i386\atmuni.sys
C:\i386\audstub.sys
C:\i386\beep.sys
C:\i386\bridge.sys
C:\i386\cbidf2k.sys
C:\i386\cd20xrnt.sys
C:\i386\cdfs.sys
C:\i386\cdrom.sys
C:\i386\cinemst2.sys
C:\i386\classpnp.sys
C:\i386\cmdide.sys
C:\i386\country.sys
C:\i386\cpqarray.sys
C:\i386\cpqdap01.sys
C:\i386\crusoe.sys
C:\i386\ctoss2k.sys
C:\i386\ctsfm2k.sys
C:\i386\dac2w2k.sys
C:\i386\dac960nt.sys
C:\i386\DDMI2.sys
C:\i386\disk.sys
C:\i386\diskdump.sys
C:\i386\DLPT2.sys
C:\i386\dmboot.sys
C:\i386\dmload.sys
C:\i386\dmusic.sys
C:\i386\dpti2o.sys
C:\i386\drmk.sys
C:\i386\drmkaud.sys
C:\i386\drvmcdb.sys
C:\i386\drvnddm.sys
C:\i386\dxapi.sys
C:\i386\dxg.sys
C:\i386\dxgthk.sys
C:\i386\e100b325.sys
C:\i386\el90xbc5.sys
C:\i386\fastfat.sys
C:\i386\fdc.sys
C:\i386\fips.sys
C:\i386\flpydisk.sys
C:\i386\fltMgr.sys
C:\i386\fsvga.sys
C:\i386\fs_rec.sys
C:\i386\ftdisk.sys
C:\i386\GPCIEnum.sys
C:\i386\GTKCMOS.sys
C:\i386\Hdaudbus.sys
C:\i386\hidclass.sys
C:\i386\hidparse.sys
C:\i386\hidusb.sys
C:\i386\himem.sys
C:\i386\hpn.sys
C:\i386\HSFHWBS2.sys
C:\i386\HSF_CNXT.sys
C:\i386\HSF_DP.sys
C:\i386\http.sys
C:\i386\i2omgmt.sys
C:\i386\i2omp.sys
C:\i386\i8042prt.sys
C:\i386\imapi.sys
C:\i386\ini910u.sys
C:\i386\intelide.sys
C:\i386\intelppm.sys
C:\i386\ip6fw.sys
C:\i386\ipfltdrv.sys
C:\i386\ipinip.sys
C:\i386\ipnat.sys
C:\i386\ipsec.sys
C:\i386\iqvw32.sys
C:\i386\irenum.sys
C:\i386\isapnp.sys
C:\i386\kbdclass.sys
C:\i386\kbdhid.sys
C:\i386\key01.sys
C:\i386\keyboard.sys
C:\i386\kmixer.sys
C:\i386\ks.sys
C:\i386\ksecdd.sys
C:\i386\mcd.sys
C:\i386\mdmxsdk.sys
C:\i386\mf.sys
C:\i386\mnmdd.sys
C:\i386\modem.sys
C:\i386\modemcsa.sys
C:\i386\mouclass.sys
C:\i386\mouhid.sys
C:\i386\mountmgr.sys
C:\i386\mraid35x.sys
C:\i386\mrxdav.sys
C:\i386\mrxsmb.sys
C:\i386\msfs.sys
C:\i386\msgpc.sys
C:\i386\mskssrv.sys
C:\i386\mspclock.sys
C:\i386\mspqm.sys
C:\i386\mssmbios.sys
C:\i386\mup.sys
C:\i386\ndis.sys
C:\i386\ndistapi.sys
C:\i386\ndiswan.sys
C:\i386\ndproxy.sys
C:\i386\netbios.sys
C:\i386\netbt.sys
C:\i386\nic1394.sys
C:\i386\nikedrv.sys
C:\i386\nmnt.sys
C:\i386\npfs.sys
C:\i386\ntdos.sys
C:\i386\ntdos404.sys
C:\i386\ntdos411.sys
C:\i386\ntdos412.sys
C:\i386\ntdos804.sys
C:\i386\ntfs.sys
C:\i386\ntio404.sys
C:\i386\ntio411.sys
C:\i386\ntio412.sys
C:\i386\ntio804.sys
C:\i386\null.sys
C:\i386\nv4_mini.sys
C:\i386\nwlnkflt.sys
C:\i386\nwlnkfwd.sys
C:\i386\nwlnkipx.sys
C:\i386\nwlnknb.sys
C:\i386\nwlnkspx.sys
C:\i386\omci.sys
C:\i386\oprghdlr.sys
C:\i386\P17.sys
C:\i386\p3.sys
C:\i386\parport.sys
C:\i386\partmgr.sys
C:\i386\parvdm.sys
C:\i386\pci.sys
C:\i386\pciide.sys
C:\i386\pciidex.sys
C:\i386\pcmcia.sys
C:\i386\perc2.sys
C:\i386\perc2hib.sys
C:\i386\Pfmodnt.sys
C:\i386\portcls.sys
C:\i386\processr.sys
C:\i386\psched.sys
C:\i386\ptilink.sys
C:\i386\pxhelp20.sys
C:\i386\ql1080.sys
C:\i386\ql10wnt.sys
C:\i386\ql12160.sys
C:\i386\ql1240.sys
C:\i386\ql1280.sys
C:\i386\rasacd.sys
C:\i386\rasl2tp.sys
C:\i386\raspppoe.sys
C:\i386\raspptp.sys
C:\i386\raspti.sys
C:\i386\rawwan.sys
C:\i386\rdbss.sys
C:\i386\rdpcdd.sys
C:\i386\rdpdr.sys
C:\i386\rdpwd.sys
C:\i386\redbook.sys
C:\i386\rio8drv.sys
C:\i386\riodrv.sys
C:\i386\RMCast.sys
C:\i386\rndismp.sys
C:\i386\rootmdm.sys
C:\i386\scsiport.sys
C:\i386\sdbus.sys
C:\i386\secdrv.sys
C:\i386\serenum.sys
C:\i386\serial.sys
C:\i386\sffdisk.sys
C:\i386\sffp_sd.sys
C:\i386\sfloppy.sys
C:\i386\SISAGP.SYS
C:\i386\smclib.sys
C:\i386\sonydcam.sys
C:\i386\sparrow.sys
C:\i386\SPCMDCON.SYS
C:\i386\splitter.sys
C:\i386\sr.sys
C:\i386\srv.sys
C:\i386\sscdbhk5.sys
C:\i386\ssrtln.sys
C:\i386\stream.sys
C:\i386\swenum.sys
C:\i386\swmidi.sys
C:\i386\symc810.sys
C:\i386\symc8xx.sys
C:\i386\sym_hi.sys
C:\i386\sym_u3.sys
C:\i386\tape.sys
C:\i386\tcpip.sys
C:\i386\tcpip6.sys
C:\i386\tdi.sys
C:\i386\tdpipe.sys
C:\i386\tdtcp.sys
C:\i386\termdd.sys
C:\i386\tosdvd.sys
C:\i386\toside.sys
C:\i386\tsbvcap.sys
C:\i386\tunmp.sys
C:\i386\udfs.sys
C:\i386\ultra.sys
C:\i386\update.sys
C:\i386\usb8023.sys
C:\i386\usbcamd.sys
C:\i386\usbcamd2.sys
C:\i386\usbccgp.sys
C:\i386\usbd.sys
C:\i386\usbehci.sys
C:\i386\usbhub.sys
C:\i386\usbintel.sys
C:\i386\usbport.sys
C:\i386\usbuhci.sys
C:\i386\vdmindvd.sys
C:\i386\vga.sys
C:\i386\VIAAGP.SYS
C:\i386\viaide.sys
C:\i386\videoprt.sys
C:\i386\volsnap.sys
C:\i386\wanarp.sys
C:\i386\watchdog.sys
C:\i386\wdmaud.sys
C:\i386\win32k.sys
C:\i386\wmilib.sys
C:\i386\wpdusb.sys
C:\i386\ws2ifsl.sys
C:\i386\SP1\Windows\System32\Drivers\mrxsmb.sys
C:\i386\SP1\Windows\System32\Drivers\rdbss.sys
C:\i386\SP1\Windows\System32\Drivers\srv.sys
C:\i386\SP2\Windows\System32\Drivers\mrxsmb.sys
C:\i386\SP2\Windows\System32\Drivers\srv.sys
C:\WINDOWS\system32\2C19A05E10.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\i386\CONFIG.TMP
C:\i386\SL30.tmp.a406a4be.ini
C:\i386\npdrmv2.zip
C:\i386\npds.zip

Finished

beta7

2007-04-19, 07:40

Logfile of HijackThis v1.99.1
Scan saved at 1:27:03 AM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\HJTold\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {60E7A664-69F4-192A-F241-69E33FECA89E} - C:\WINDOWS\system32\bdm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\WNSXS~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Eiqld] "C:\Documents and Settings\Company Personnel\My Documents\s?curity\n?tepad.exe"
O4 - Startup: Launcher 100.lnk = C:\Lasershot\100 Series Camera\Launcher100.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Administrator\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

beta7

2007-04-19, 07:42

Angelfire777

2007-04-19, 16:38

Hi,

Excuse me for this question as it is totally unrelated...If you wouldn't mind, I see command and conquer 3 tiberium wars is installed in your machine, are you playing it..? Is it good compared to the previous command and conquer versions like yuri's revenge or red alert 2..? I'm a bit of a gamer myself...

I was not able to install the OIN uninstaller. Every time I clicked on it, it said my browser settings wouldn't allow it. When I tried to lower the security, it wouldn't let me drop it below medium...any suggestions?

Let's continue and see if they will persist..

*Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Antispyware.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Do not use it yet!

*Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune

Do not use it yet.
___________________

*Please follow the instrcutions HERE (http://www.dellcommunity.com/supportforums/board/message?board.id=si_virus&message.id=42328) on how to remove Dell's MyWay.

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: (no name) - {60E7A664-69F4-192A-F241-69E33FECA89E} - C:\WINDOWS\system32\bdm.dll (file missing)
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\WNSXS~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Eiqld] "C:\Documents and Settings\Company Personnel\My Documents\s?curity\n?tepad.exe"
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.

*You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

*Configure your machine to view hidden files:

Windows XP
Click Start.
Open My Computer..
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading select Show hidden files and folders.
Uncheck the Hide Protected Operating System Files Option.
Click Yes to confirm.
Click OK.

*Using Windows Explorer, find and delete this file:

C:\WINDOWS\system32\bdm.dll

*Using Windows Explorer, find and delete these folders

C:\Program Files\Common Files\zmfu
C:\WINDOWS\zmfu
C:\WINDOWS\Q29tcGFueSBQZXJzb25uZWw
C:\WINDOWS\WNSXS~1 <<delete the folder which has a WNSXS as its first few letters..There is a valid folder like that in the system32 folder so be careful in deleting that.
C:\Documents and Settings\Company Personnel\My Documents\s?curity <<the ? there means that it could be any letter or number..It is most probably an e but just delete the folder with a s curity name..

Empty your recycle bin.
____________________

*Important: Make sure all your browsers are closed before running ATF Cleaner..

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

*Please run AVG AntiSpyware, and run a full scan as follow:

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.

Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware.
Reboot to normal mode.

On your next reply, please include a fresh HijackThis log, AVG Antispyware log and a description on how is your machine running.

beta7

2007-04-20, 17:13

Command and Conquer 3 is pretty fun. If you liked the original series with Nod vs. GDI, you would like this. I personally really liked C&C Generals, so I am a little disappointed they didn't go with a Generals 2.

Windows would not allow me to delete C:\WINDOWS\WNSXS~1

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:34:29 AM 4/20/2007

+ Scan result:

Nothing found.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:56:40 AM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJTold\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - Startup: Launcher 100.lnk = C:\Lasershot\100 Series Camera\Launcher100.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Administrator\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Currently, everything seems to be running ok....

Angelfire777

2007-04-20, 17:51

Oh ok. Thanks :)

Are you sure that the folder is in C:\Windows? It seems that combofix has deleted it already..I overlooked it..

*Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u1 (http://java.sun.com/javase/downloads/index.jsp), and install it to your computer.

Reboot and post a fresh HijackThis log.

beta7

2007-04-21, 17:38

Yes, I'm sure:

C:\Windows\WinSxS

Inside it are folders like : x86_Microsoft.tools.visualcplusplus.runtime-libraries

x86_Microsoft.Windows.Common-Controls_

There are about 17 of those folders with various names, most with
x_86_Microsoft.*

Logfile of HijackThis v1.99.1
Scan saved at 11:33:21 AM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\AIM\aim.exe
C:\HJTold\analyze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - Startup: Launcher 100.lnk = C:\Lasershot\100 Series Camera\Launcher100.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Administrator\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Administrator\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Administrator\AVG Anti Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Angelfire777

2007-04-22, 22:36

Congratulations! Your log looks clean!

Configure Windows Xp to hide system files:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Do not show hidden files and folders.
Check the Hide protected operating system files option.
Click Yes to confirm.
Click OK.
_______________________
This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore

Select Create a restore point, and Ok it.

Next, go to Start > Run and type in cleanmgr

Select the More options tab

Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

» ZoneAlarm (http://www.zonelabs.com)
» Kerio (http//www.sunbelt-software.com/Kerio-Download.cfm)

Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)

IESpyAds
~You can download it from here (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)
~If you want to know how IEspyads work you can take a look at it here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
~Please note that IESpyAds only works with Internet Explorer.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)

Happy safe surfing!

beta7

2007-04-23, 20:52

Thank you very much for your help with this. I appreciate it greatly!

Angelfire777

2007-04-27, 07:03

Glad we could be of assistance :bigthumb:

Since the problem has been resolved, this topic is now closed and archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.