Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sleepless in Mojave..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

..still more..

Unread postby a1sound » April 25th, 2007, 9:54 pm

Hi Silver,

I bit the bullet yet again and allowed the badboy to slip out so I could take a look at what he was sending. Thinking I might get an idea of what is going on, I ran until I saw a 67... or a 69... address and then locked down the system again. This is a clumbsy operation, but I did get something.

When I went here..

http://www.costco.com (http://170.167.8.1/)


Firefox generates this address..

67.29.128.59:80

..which had a UDP (just below) packet followed by several sets comprising a short TCP and a long TCP packet.

The preceeding UDP packet..

: 9 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ! UDP


Below are two of the long TCP packets..

P }OD P P & GET /Images/Content/Search/147756f.jpg HTTP/1.1 Host: content.costco.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Accept: image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.costco.com/Common/Search.asp ... Home&pos=3



P o P GET /Images/Content/Search/980479f.jpg HTTP/1.1 Host: content.costco.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Accept: image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.costco.com/Common/Search.asp ... Home&pos=3


The GET is a typical request sent to a webserver--only this was sent to the address above. This probably resends to the original server.

When I assemble the host (content.costco.com) and the GET command (/Images/Content/Search/147756f.jpg), I "get" a picture of a piano bench which is probably part of the web page..

http://content.costco.com/Images/Conten ... 47756f.jpg

This probably leads to capturing the jump to wherever the picture leads. I think this is definitely a tracker.

Since I spent hours updating this system to get the OS current, I am loath to do a total regen. What do you think I could do next?

Any encouragement is welcome.

Cheers,
Buzz.
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA
Advertisement
Register to Remove

Total Startup List

Unread postby a1sound » April 26th, 2007, 6:14 am

Hi Silver,

Here is a total startup list. It contains not only the process that is running, but also the sub processes, DRVs, and DLLs that it requires. Could you see if there is a common thread where socket activity is hijacked before getting on the Net?

Here is the list..

StartupList report, 2007-04-26, 03:00:54
StartupList version 2.02.0
Started from: C:\pfiles\StartupList\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Logged on as 'buzz' to 'SVENSKATEC'
* Using default options (see end of log for possible options)
==================================================

Running processes (46):

[C:\pfiles\bclknt30\BARCLOCK.EXE (19)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\pfiles\D4\D4.exe (41)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WININET.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\pfiles\EditPad\EditPad.exe (23)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\RICHED20.dll
C:\WINDOWS\system32\RICHED32.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\pfiles\StartupList\StartupList.exe (44)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemdisp.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\PROGRA~1\DUMETE~1\DUMeter.exe (41)]
C:\pfiles\bclknt30\barclknt.dll
C:\PROGRA~1\DUMETE~1\DUData.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\IpHlpApi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (22)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (19)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\AdobeUpdater.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Analog Devices\Core\smax4pnp.exe (31)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\Analog Devices\Core\SMWDMIF.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DSound.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\KsUser.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (19)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[C:\Program Files\Common Files\Real\Update_OB\realsched.exe (28)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Symantec Shared\ccApp.exe (46)]
C:\pfiles\bclknt30\barclknt.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL
C:\Program Files\Common Files\Symantec Shared\ccL30.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DBGHELP.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\MSWSOCK.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (44)]
C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL
C:\Program Files\Common Files\Symantec Shared\ccL30.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DBGHELP.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.DLL
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (19)]
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSVCR71.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\xpsp2res.dll

[C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (42)]
C:\Program Files\Common Files\Symantec Shared\ccL30.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\DBGHELP.DLL
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.DLL
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Comodo\Firewall\cmdagent.exe (43)]
C:\Program Files\Comodo\Firewall\dbghelp.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\imagehlp.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wbem\fastprox.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\system32\wbem\wbemprox.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Comodo\Firewall\CPF.exe (47)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\Comodo\Firewall\dbghelp.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\asycfilt.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\imagehlp.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RICHED20.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\DU Super Controler\DUSuperControler.exe (13)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll

[C:\Program Files\DU Super Controler\DUSuperControler.exe (42)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetmib1.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\snmpapi.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe (41)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\engine.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (22)]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (45)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpgui.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (93)]
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\arj.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avlib.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp1.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp3info.ppl
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\AVPGS.PPL
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avpmgr.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avs.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avspm.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\bl.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btdisk.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\btimages.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\buffer.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\cab.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\crpthlpr.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\dmap.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\dtreg.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\FSSync.dll
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashcont.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hashmd5.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\hccmp.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\icheckersa.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ichk2.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\inifile.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\iwgen.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\l_llio.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lha.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\lic60.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memmodsc.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\memscan.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\minizip.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ndetect.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ntfsstrm.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\ods.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\prutil.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\qb.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\rar.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\report.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\schedule.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\sfdb.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\startupenum2.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\timer.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tm.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\uniarc.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wdiskio.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl
c:\program files\kaspersky lab\kaspersky anti-virus 6.0\wmihlpr.ppl
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psapi.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (35)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CEUTIL.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCRT.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RAPI.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\MOTU\Audio\MFWAKeys.exe (18)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WINSPOOL.DRV

[C:\Program Files\Norton Ghost\Agent\GhostTray.exe (57)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
C:\Program Files\Common Files\Symantec Shared\ccL30.dll
C:\Program Files\Common Files\Symantec Shared\ccL35.dll
C:\Program Files\Norton Ghost\Agent\DrmLicense.DLL
C:\Program Files\Norton Ghost\Agent\GEARAW32.dll
C:\Program Files\Norton Ghost\Agent\gwrks32.dll
C:\Program Files\Norton Ghost\EasySetupInt.dll
C:\Program Files\Norton Ghost\Shared\VProAuto.dll
C:\Program Files\Norton Ghost\Shared\VProObj.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC71.DLL
C:\WINDOWS\system32\MFC71ENU.DLL
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[C:\Program Files\Norton Ghost\Agent\VProSvc.exe (52)]
C:\Program Files\Common Files\Symantec Shared\ccL35.dll
C:\Program Files\Norton Ghost\Agent\GEARAW32.dll
C:\Program Files\Norton Ghost\Agent\gwlangEN.dll
C:\Program Files\Norton Ghost\Agent\gwrks32.dll
C:\Program Files\Norton Ghost\Agent\VProImaging.dll
C:\Program Files\Norton Ghost\shared\ErrorGui.dll
C:\Program Files\Norton Ghost\Shared\NotifyHandler.dll
C:\Program Files\Norton Ghost\Shared\VProObj.dll
C:\Program Files\Norton Ghost\Shared\VProScheduler.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Crypt32.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\shfolder.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\userenv.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WinTrust.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe (39)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\PGPclientLib.dll
C:\WINDOWS\system32\PGPdiskEngine.dll
C:\WINDOWS\system32\PGPdiskUI.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\PGPsc.dll
C:\WINDOWS\system32\PGPsdk.dll
C:\WINDOWS\system32\PGPsdkNL.dll
C:\WINDOWS\system32\PGPsdkUI.dll
C:\WINDOWS\system32\RichEd20.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFOLDER.DLL
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

[C:\Program Files\PowerISO\PWRISOVM.EXE (19)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (33)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\SyncroSoft\Pos\H2O\emu.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\newdev.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\Oleaut32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\User32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\Tweak-XP Pro\AdBlocker.exe (27)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll

[C:\Program Files\UPSMON\UPSInt.exe (16)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\HID.DLL
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WINTRUST.dll

[C:\Program Files\UPSMON\UPSMON.exe (19)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\Program Files\UPSMON\UPSMON_Service.Exe (15)]
C:\Program Files\UPSMON\UPSdata.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\USP10.dll

[C:\Program Files\Winamp\winampa.exe (18)]
C:\pfiles\bclknt30\barclknt.dll
C:\Program Files\Winamp\NSCRT.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\Explorer.EXE (146)]
C:\pfiles\bclknt30\barclknt.dll
C:\pfiles\QuickPar\QuickParShlExt.dll
C:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL
C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll
C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\ADIST32.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll
C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
C:\Program Files\NetTransport 2\MFC42.DLL
C:\Program Files\NetTransport 2\NTIEHelper.dll
C:\Program Files\Norton Ghost\Browser\VProShellExt.dll
C:\Program Files\Norton Ghost\Shared\VProObj.dll
C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WS_FTP Pro\nsftpch.dll
C:\Program Files\WS_FTP Pro\sslsvc.dll
C:\Program Files\WS_FTP Pro\wsbho2k0.dll
C:\Program Files\WS_FTP Pro\wsfirscr.dll
C:\Program Files\WS_FTP Pro\wsftpext.dll
C:\Program Files\WS_FTP Pro\wsftpsi.dll
C:\Program Files\WS_FTP Pro\wshosts.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\Audiodev.dll
C:\WINDOWS\system32\BatMeter.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\diskcopy.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC71.DLL
C:\WINDOWS\system32\MFC71ENU.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\MLANG.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSIMG32.dll
C:\WINDOWS\system32\MSISIP.DLL
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\MSVCP71.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mydocs.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\nvcpl.dll
C:\WINDOWS\system32\nvshell.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\PGPclientLib.dll
C:\WINDOWS\system32\PGPdiskEngine.dll
C:\WINDOWS\system32\PGPdiskUI.dll
C:\WINDOWS\system32\PGPhk.dll
C:\WINDOWS\system32\pgpmn.dll
C:\WINDOWS\system32\PGPsdk.dll
C:\WINDOWS\system32\PGPsdkNL.dll
C:\WINDOWS\system32\PGPsdkUI.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RichEd20.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHFOLDER.DLL
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\themeui.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WMASF.DLL
C:\WINDOWS\system32\WMVCore.DLL
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wshext.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\zipfldr.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\System32\GEARSec.exe (10)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\LPK.DLL
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\System32\USP10.dll

[C:\WINDOWS\system32\lsass.exe (59)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\dssenh.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SAMSRV.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\setupapi.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\WINIPSEC.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\nvsvc32.exe (36)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\nvapi.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\POWRPROF.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\PGPsdkServ.exe (19)]
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\PGPsdk.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\RUNDLL32.EXE (28)]
C:\pfiles\bclknt30\barclknt.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\nvapi.dll
C:\WINDOWS\system32\NvMcTray.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\services.exe (37)]
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\eventlog.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\SCESRV.dll
C:\WINDOWS\system32\secur32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\System32\smss.exe (1)]
C:\WINDOWS\system32\ntdll.dll

[C:\WINDOWS\system32\spoolsv.exe (57)]
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\adistres.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\AdobePDF.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\cnbjmon.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetpp.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\localspl.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\mdimon.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\MSVCR71.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\System32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\NETRAP.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\pjlmon.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
C:\WINDOWS\system32\SPOOLSS.DLL
C:\WINDOWS\system32\tcpmon.dll
C:\WINDOWS\system32\usbmon.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\win32spl.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\System32\svchost.exe (149)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\System32\ADVPACK.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\audiosrv.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\browser.dll
C:\WINDOWS\System32\Cabinet.dll
c:\windows\system32\certcli.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\system32\comsvcs.dll
c:\windows\system32\credui.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\System32\cryptdll.dll
c:\windows\system32\cryptsvc.dll
C:\WINDOWS\system32\CRYPTUI.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\es.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\h323.tsp
C:\WINDOWS\System32\HID.DLL
C:\WINDOWS\System32\hidphone.tsp
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\System32\ipconf.tsp
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ipnathlp.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\LPK.DLL
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\msi.dll
C:\WINDOWS\System32\MSIDLE.DLL
C:\WINDOWS\System32\mspatcha.dll
C:\WINDOWS\system32\msv1_0.dll
c:\windows\system32\MSVCP60.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\system32\NETAPI32.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\ntdll.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\OLEAUT32.dll
c:\windows\system32\POWRPROF.dll
c:\windows\system32\PSAPI.DLL
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\RASDLG.dll
C:\WINDOWS\System32\rasman.dll
c:\windows\system32\rasmans.dll
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\System32\rsaenh.dll
c:\windows\system32\rtutils.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\SCHANNEL.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\Secur32.dll
c:\windows\system32\sens.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\SHFOLDER.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\system32\SHLWAPI.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\srvsvc.dll
C:\WINDOWS\system32\SSDPAPI.dll
C:\WINDOWS\System32\SXS.DLL
C:\WINDOWS\System32\TAPI32.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\trkwks.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\system32\upnp.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\USP10.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\VSSAPI.DLL
c:\windows\system32\w32time.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\system32\wbem\ncprov.dll
C:\WINDOWS\system32\wbem\repdrvfs.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\system32\wbem\wbemess.dll
C:\WINDOWS\system32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
c:\windows\system32\WINIPSEC.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
c:\windows\system32\wkssvc.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\WMI.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
c:\windows\system32\wscsvc.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\WSOCK32.dll
c:\windows\system32\WTSAPI32.dll
C:\WINDOWS\system32\wuaueng.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\WZCSAPI.DLL
c:\windows\system32\wzcsvc.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[C:\WINDOWS\system32\svchost.exe (53)]
C:\WINDOWS\AppPatch\AcGenral.DLL
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\AUTHZ.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\GDI32.dll
c:\windows\system32\ICAAPI.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\MSASN1.dll
c:\windows\system32\mstlsapi.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA

Unread postby silver » April 26th, 2007, 9:30 pm

Hi a1sound,

I'm sorry for the delay in getting back to you, as an undergraduate I must consult with my colleagues with regard to instructions which sometimes means delays, I appreciate your patience.

I know in producing your last post, you are trying to furnish relevant information, however as unverified network activity is the only symptom you have reported, I think we need to focus on it and try to confirm whether it's OK or not.

While I recommend TCPView for day-to-day use, let's use Icesword for now. This is a powerful anti-rootkit tool which can see through attempts at hiding things on your system, just in case something is there. Please don't use any functions of the program which are not in the instructions, it can cause irreparable damage if misused.

Download IceSword from here
Extract/unzip it to a folder on your desktop
In that folder, double-click on IceSword.exe to start the program
Press the Port function on the left side
Please use this in the same way as TCPView to monitor connections and use the LOG button to save a log copy.

I understand why you are concerned with the information you posted, however I need exact information in order to try to verify things:
I need the process name, the protocol, the remote IP address and remote port number for each connection you are referring to in order to try to verify it.

For example, the UDP packet containing CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA you refer to in your post, was that sent from firefox.exe or another process?
When connecting to costco.com, what connections were opened by Firefox apart from 67.29.128.59?
Was a TCP connection to 170.167.8.1 on port 80 opened at all?
If so, was it before or after the connection to 67.29.128.59?
I'll need the full details in order of occurrence to be able to interpret it.

Next, open a command shell by selecting Start->Run, typing cmd in the box and press OK
Then type the following command:
ipconfig /all > %userprofile%\desktop\ipconfig.txt
A text file should appear on your desktop, paste a copy in your next response.

I recommend you do a few more tests, and to do them using Firefox's Safe Mode to eliminate any extensions causing the issue. Please post the ipconfig.txt and further information when you can.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby a1sound » April 26th, 2007, 11:10 pm

Hi Silver,

I had to do this manually--I don't know where the script sent the output. I just copied and pasted it here..

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\buzz>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : svenskatec
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : desertRats

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : desertRats
Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-18-F3-46-E3-4C
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : 26 April, 2007 08:56:25
Lease Expires . . . . . . . . . . : 03 May, 2007 08:56:25

C:\Documents and Settings\buzz>

-=-=-

Below is the output from IceSword. The line whth "SYN_SENT" is the badboy. I used IE to get it started..

Port:

Protocol Local Address Foreign Address State PID PathName
TCP 192.168.0.101 : 2600 207.46.150.50 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2627 206.24.222.158 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2626 65.54.157.252 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2628 206.24.222.158 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2605 207.46.150.50 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2632 206.24.222.158 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2625 66.151.152.125 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2633 63.236.56.237 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2143 198.145.242.103 : 8004 ESTABLISHED 1820 C:\Program Files\Winamp\winamp.exe
TCP 127.0.0.1 : 2178 127.0.0.1 : 2176 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2176 127.0.0.1 : 2178 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 2616 207.68.178.61 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2597 209.34.241.11 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2630 67.29.128.58 : 80 SYN_SENT 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2615 65.54.195.185 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2612 65.54.152.126 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2595 207.68.179.219 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 127.0.0.1 : 2180 127.0.0.1 : 2179 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2179 127.0.0.1 : 2180 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 2602 64.212.100.118 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2603 64.212.100.118 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2618 66.142.254.157 : 80 CLOSE_WAIT 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2619 66.142.254.157 : 80 CLOSE_WAIT 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2604 65.54.195.185 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2620 65.54.195.185 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2629 192.217.199.105 : 80 ESTABLISHED 2236 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2488 67.59.157.4 : 80 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 2622 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 2623 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 2610 TIME_WAIT 0 ----
TCP 0.0.0.0 : 80 0.0.0.0 : 0 LISTENING 1760 C:\Program Files\Tweak-XP Pro\AdBlocker.exe
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 5679 0.0.0.0 : 0 LISTENING 1764 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1484 C:\WINDOWS\system32\svchost.exe
TCP 127.0.0.1 : 1134 0.0.0.0 : 0 LISTENING 3692 C:\WINDOWS\system32\alg.exe
TCP 192.168.0.101 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
UDP 0.0.0.0 : 500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 137 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 2499 * : * 2236 C:\Program Files\Internet Explorer\iexplore.exe
UDP 192.168.0.101 : 138 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1025 * : * 1704 C:\WINDOWS\system32\svchost.exe
UDP 192.168.0.101 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1655 * : * 1820 C:\Program Files\Winamp\winamp.exe
UDP 0.0.0.0 : 37 * : * 1412 C:\pfiles\D4\D4.exe
UDP 127.0.0.1 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 4500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 1224 C:\WINDOWS\system32\lsass.exe

-=-=-

Working this log is tricky. I used TCPView set to 1_sec scans to find the badboy, then I pushed the [Port] button on IceSword. Were I to leave this running, I would get hits in the 69... band. I've blocked access both in Comodo and in my router, hence "SYN_SENT".

I had to maneuver several pages before I got a hit.

I'll post this and see about getting more.

Cheers,
Buzz.
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA

more badboys

Unread postby a1sound » April 26th, 2007, 11:41 pm

Hi Silver,

I can't seem to get Firefox to call the badboy now. Today, I ran a utility that refreshed all the stock windows DLLs and drivers with "sfc /scannow" and my windows XP pro disk. Oddly, I think it replaced something in the Firefox environment that might be a good thing.

IE seems to be the only reliable way to get any bad activity. Below are more examples..

Port:

Protocol Local Address Foreign Address State PID PathName
TCP 192.168.0.101 : 3124 207.46.245.32 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3112 64.62.216.141 : 554 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2143 198.145.242.103 : 8004 ESTABLISHED 1820 C:\Program Files\Winamp\winamp.exe
TCP 127.0.0.1 : 2178 127.0.0.1 : 2176 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2176 127.0.0.1 : 2178 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3125 67.29.128.34 : 80 SYN_SENT 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3126 67.29.128.34 : 80 SYN_SENT 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 127.0.0.1 : 2180 127.0.0.1 : 2179 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2179 127.0.0.1 : 2180 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 2957 72.20.6.62 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 2932 209.85.171.96 : 80 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3120 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3091 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3093 TIME_WAIT 0 ----
TCP 0.0.0.0 : 80 0.0.0.0 : 0 LISTENING 1760 C:\Program Files\Tweak-XP Pro\AdBlocker.exe
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 5679 0.0.0.0 : 0 LISTENING 1764 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1484 C:\WINDOWS\system32\svchost.exe
TCP 127.0.0.1 : 1134 0.0.0.0 : 0 LISTENING 3692 C:\WINDOWS\system32\alg.exe
TCP 192.168.0.101 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
UDP 0.0.0.0 : 500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 137 * : * 4 NT OS Kernel
UDP 192.168.0.101 : 138 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1025 * : * 1704 C:\WINDOWS\system32\svchost.exe
UDP 192.168.0.101 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1655 * : * 1820 C:\Program Files\Winamp\winamp.exe
UDP 0.0.0.0 : 37 * : * 1412 C:\pfiles\D4\D4.exe
UDP 127.0.0.1 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 4500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 2959 * : * 2024 C:\Program Files\Internet Explorer\iexplore.exe
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 1224 C:\WINDOWS\system32\lsass.exe

-=-=-

Port:

Protocol Local Address Foreign Address State PID PathName
TCP 192.168.0.101 : 3160 207.68.181.243 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3152 207.46.245.32 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3161 207.68.181.243 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3154 69.28.146.175 : 554 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3156 128.241.21.163 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3157 128.241.21.163 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3158 65.54.195.188 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2143 198.145.242.103 : 8004 ESTABLISHED 1820 C:\Program Files\Winamp\winamp.exe
TCP 192.168.0.101 : 3159 65.54.195.188 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 127.0.0.1 : 2178 127.0.0.1 : 2176 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2176 127.0.0.1 : 2178 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3147 63.236.56.237 : 80 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3143 67.29.128.34 : 80 SYN_SENT 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 127.0.0.1 : 2180 127.0.0.1 : 2179 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2179 127.0.0.1 : 2180 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3144 67.29.128.34 : 80 SYN_SENT 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 2957 72.20.6.62 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 80 127.0.0.1 : 3148 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3120 TIME_WAIT 0 ----
TCP 192.168.0.101 : 3112 64.62.216.141 : 554 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3091 TIME_WAIT 0 ----
TCP 192.168.0.101 : 3133 69.28.146.166 : 554 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3093 TIME_WAIT 0 ----
TCP 0.0.0.0 : 80 0.0.0.0 : 0 LISTENING 1760 C:\Program Files\Tweak-XP Pro\AdBlocker.exe
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 5679 0.0.0.0 : 0 LISTENING 1764 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1484 C:\WINDOWS\system32\svchost.exe
TCP 127.0.0.1 : 1134 0.0.0.0 : 0 LISTENING 3692 C:\WINDOWS\system32\alg.exe
TCP 192.168.0.101 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
UDP 0.0.0.0 : 500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 137 * : * 4 NT OS Kernel
UDP 192.168.0.101 : 138 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1025 * : * 1704 C:\WINDOWS\system32\svchost.exe
UDP 192.168.0.101 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1655 * : * 1820 C:\Program Files\Winamp\winamp.exe
UDP 0.0.0.0 : 37 * : * 1412 C:\pfiles\D4\D4.exe
UDP 127.0.0.1 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 4500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 2959 * : * 2024 C:\Program Files\Internet Explorer\iexplore.exe
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 1224 C:\WINDOWS\system32\lsass.exe

-=-=-

Port:

Protocol Local Address Foreign Address State PID PathName
TCP 192.168.0.101 : 2143 198.145.242.103 : 8004 ESTABLISHED 1820 C:\Program Files\Winamp\winamp.exe
TCP 192.168.0.101 : 3182 67.29.128.87 : 80 SYN_SENT 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 192.168.0.101 : 3176 67.29.128.70 : 554 SYN_SENT 2024 C:\Program Files\Internet Explorer\iexplore.exe
TCP 127.0.0.1 : 2178 127.0.0.1 : 2176 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2176 127.0.0.1 : 2178 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2180 127.0.0.1 : 2179 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2179 127.0.0.1 : 2180 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 80 127.0.0.1 : 3148 TIME_WAIT 0 ----
TCP 192.168.0.101 : 3154 69.28.146.175 : 554 TIME_WAIT 0 ----
TCP 192.168.0.101 : 3133 69.28.146.166 : 554 TIME_WAIT 0 ----
TCP 0.0.0.0 : 80 0.0.0.0 : 0 LISTENING 1760 C:\Program Files\Tweak-XP Pro\AdBlocker.exe
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 5679 0.0.0.0 : 0 LISTENING 1764 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1484 C:\WINDOWS\system32\svchost.exe
TCP 127.0.0.1 : 1134 0.0.0.0 : 0 LISTENING 3692 C:\WINDOWS\system32\alg.exe
TCP 192.168.0.101 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
UDP 0.0.0.0 : 500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 137 * : * 4 NT OS Kernel
UDP 192.168.0.101 : 138 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1025 * : * 1704 C:\WINDOWS\system32\svchost.exe
UDP 192.168.0.101 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1655 * : * 1820 C:\Program Files\Winamp\winamp.exe
UDP 0.0.0.0 : 37 * : * 1412 C:\pfiles\D4\D4.exe
UDP 127.0.0.1 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 4500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 2959 * : * 2024 C:\Program Files\Internet Explorer\iexplore.exe
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 1224 C:\WINDOWS\system32\lsass.exe

-=-=-

Next, I will try to run Firefox in NORMAL mode.

Bingo! Got one..

Port:

Protocol Local Address Foreign Address State PID PathName
TCP 192.168.0.101 : 3251 64.212.100.93 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3231 72.14.217.93 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3242 65.216.116.106 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3243 65.216.116.106 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3204 208.65.153.251 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3244 65.216.116.106 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 2143 198.145.242.103 : 8004 ESTABLISHED 1820 C:\Program Files\Winamp\winamp.exe
TCP 127.0.0.1 : 2178 127.0.0.1 : 2176 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2176 127.0.0.1 : 2178 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3205 208.65.153.251 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3245 65.216.116.106 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3248 67.29.128.43 : 80 SYN_SENT 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2180 127.0.0.1 : 2179 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 2179 127.0.0.1 : 2180 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3238 64.73.155.29 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3249 64.212.100.93 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 192.168.0.101 : 3239 64.73.155.29 : 80 ESTABLISHED 1316 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 80 127.0.0.1 : 3213 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3214 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3219 TIME_WAIT 0 ----
TCP 127.0.0.1 : 80 127.0.0.1 : 3220 TIME_WAIT 0 ----
TCP 0.0.0.0 : 80 0.0.0.0 : 0 LISTENING 1760 C:\Program Files\Tweak-XP Pro\AdBlocker.exe
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 5679 0.0.0.0 : 0 LISTENING 1764 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1484 C:\WINDOWS\system32\svchost.exe
TCP 127.0.0.1 : 1134 0.0.0.0 : 0 LISTENING 3692 C:\WINDOWS\system32\alg.exe
TCP 192.168.0.101 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
UDP 0.0.0.0 : 500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 137 * : * 4 NT OS Kernel
UDP 192.168.0.101 : 138 * : * 4 NT OS Kernel
UDP 127.0.0.1 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1025 * : * 1704 C:\WINDOWS\system32\svchost.exe
UDP 192.168.0.101 : 123 * : * 1608 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1655 * : * 1820 C:\Program Files\Winamp\winamp.exe
UDP 0.0.0.0 : 37 * : * 1412 C:\pfiles\D4\D4.exe
UDP 127.0.0.1 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 4500 * : * 1224 C:\WINDOWS\system32\lsass.exe
UDP 192.168.0.101 : 1900 * : * 1812 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 1224 C:\WINDOWS\system32\lsass.exe

-=-=-

Hope this helps.

Cheers,
Buzz.
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA

Thunderbird hangup..

Unread postby a1sound » April 27th, 2007, 2:59 am

Hi Silver,

Here is a shot from TCPView (I didn't have the other program running, sorry) of the connection environment when Thunderbird hung while loading an HTML message from Musician's Friend..

[System Process]:0 TCP svenskatec:3388 localhost:3387 TIME_WAIT
[System Process]:0 TCP svenskatec.desertrats:3394 static-fxfeeds.nslb.sj.mozilla.com:http TIME_WAIT
[System Process]:0 TCP svenskatec.desertrats:3395 254.131.36.72.static.reverse.layeredtech.com:http TIME_WAIT
[System Process]:0 TCP svenskatec.desertrats:3399 static-fxfeeds.nslb.sj.mozilla.com:http TIME_WAIT
[System Process]:0 TCP svenskatec.desertrats:3401 sweetums.hoobly.com:http TIME_WAIT
[System Process]:0 TCP svenskatec.desertrats:3403 254.131.36.72.static.reverse.layeredtech.com:http TIME_WAIT
AdBlocker.exe:1760 TCP svenskatec:http svenskatec:0 LISTENING
alg.exe:3692 TCP svenskatec:1134 svenskatec:0 LISTENING
D4.exe:1412 UDP svenskatec:time *:*
lsass.exe:1224 UDP svenskatec:4500 *:*
lsass.exe:1224 UDP svenskatec:isakmp *:*
svchost.exe:1484 TCP svenskatec:epmap svenskatec:0 LISTENING
svchost.exe:1608 UDP svenskatec:ntp *:*
svchost.exe:1608 UDP svenskatec.desertrats:ntp *:*
svchost.exe:1704 UDP svenskatec:1025 *:*
svchost.exe:1812 UDP svenskatec:1900 *:*
svchost.exe:1812 UDP svenskatec.desertrats:1900 *:*
System:4 TCP svenskatec:microsoft-ds svenskatec:0 LISTENING
System:4 TCP svenskatec.desertrats:netbios-ssn svenskatec:0 LISTENING
System:4 UDP svenskatec:microsoft-ds *:*
System:4 UDP svenskatec.desertrats:netbios-dgm *:*
System:4 UDP svenskatec.desertrats:netbios-ns *:*
thunderbird.exe:3680 TCP svenskatec:3359 localhost:3360 ESTABLISHED
thunderbird.exe:3680 TCP svenskatec:3360 localhost:3359 ESTABLISHED
thunderbird.exe:3680 TCP svenskatec.desertrats:3416 67.29.128.40:http SYN_SENT
thunderbird.exe:3680 TCP svenskatec.desertrats:3417 67.29.128.40:http SYN_SENT
WCESCOMM.EXE:1764 TCP svenskatec:5679 svenskatec:0 LISTENING

-=-=-

The two bad requests are near the end. Again, look for the SYN_SENT.

That covers so far, Firefox in safe mode, Internet Explorer 7, Firefox, and Thunderbird. A moment ago, Thunderbird loaded a news page into Firefox and requested a secure socket. Unfortunately, I missed catching it.

Thanks for looking at all this,

Cheers,
Buzz.
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA

Unread postby Kimberly » April 27th, 2007, 10:56 am

Hello Buzz,

I have been following this topic for while. Nothing is suspicious in the lists you did provide especially after seeing the UDP packet. Just normal network traffic.

Regarding the 69 IP's :

For info :

Address lookup
canonical name stop.ip.scanning.
aliases
addresses 69.22.128.59

Address lookup
canonical name stop.ip.scanning.
aliases
addresses 69.22.128.57

OrgName: CacheNetworks, Inc.
OrgID: CACHE
Address: 2002 W Chicago Ave
City: Chicago
StateProv: IL
PostalCode: 60622
Country: US

NetRange: 69.22.128.32 - 69.22.128.63

NetRange: 69.22.128.32 - 69.22.128.63
CIDR: 69.22.128.32/27
NetName: NLYR-69-22-128-32-1
NetHandle: NET-69-22-128-32-1
Parent: NET-69-22-128-0-1
NetType: Reallocated
Comment:
RegDate: 2003-03-04
Updated: 2003-03-04

OrgTechHandle: DNSSE-ARIN
OrgTechName: DNS Services
OrgTechPhone: +1-877-442-2243
OrgTechEmail: dnsadmin@cachenetworks.com


67.29.128.x Range.

Those IP's have several ports open. When testing, port 80 indicates AkamaiHost. As you may know or not, Akamai does host / mirror entire websites, files and updates from several programs.

Furthermore, after seeing the UDP packet, CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ! UDP, I'm sure it is not malicious as it is a typical NETBIOS-NAME-QUERY

Windows machines often exchange these queries as a part of the filesharing protocol to determine NetBIOS names when only IP addresses are known. Many Windows machines will send these NetBIOS name requests by default when negotiating various connections with other systems (not just netbios). Additionally, some desktop firewalls will automatically send the packets to any other host that connects back to the user (such as identd requests from a mail server or IRC server). NetBIOS name traffic is considered background noise on the network.

You could limit this as following :

NetBIOS over TCP/IP is typically used on Windows systems to transport the CIFS protocol (also known as SMB). CIFS is the protocol behind resources sharing (typically, file and printer sharing).

NetBIOS over TCP/IP uses UDP ports 137, 138 and TCP port 139.
For each network adapter in the Network and Dial-up Connection, select Properties and choose Properties of Internet Protocol (TCP/IP). Click on the Advanced button, select the WINS tab and check Disable NetBIOS over TCP/IP.

Note : file & printer sharing over your LAN (if you have one) might stop working after doing this.

Minimization of network services on Windows systems
http://www.hsc.fr/ressources/breves/min ... in.en.html

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Kimberly » April 27th, 2007, 11:08 am

As for

TCP 192.168.0.101 : 3154 69.28.146.175 : 554 ESTABLISHED 2024 C:\Program Files\Internet Explorer\iexplore.exe

That traces back to Limelight Networks, which is mainly involved in streaming media.
http://en.wikipedia.org/wiki/Limelight_Networks
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby a1sound » April 27th, 2007, 2:42 pm

Hi Kim,

If what you are saying is true, then you should get the same calls to these IPs..

67.29.128.43:80
67.29.128.57:80
67.29.128.35:80
67.29.128.59:80
67.29.128.49:80
67.29.128.24:80
67.29.128.42:80

..when you surf these sites..

http://www.costco.com
http://www.sears.com
http://www.comodo.com
http://www.pandasoftware.com
http://www.musiciansfriend.com

do you get a hit on one of the IPs (67.29.128.*) above?

Would you run TCPView and save a shot of that for me? I certainly will be relieved to know that I've been OK after the first two or three scans that Silver had me do. I'll be the first to admit I was wrong--and gladly do so!

Where did you find that these IPs were used as mirrors? That would exactly match the behavior I was worried about.

In your best judgement, should I release my stranglehold on the 67 band and the 69 band and assume that this behavior is OK?

If that is so, then I must agree that the job is done.

Cheers,
Buzz.
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA

Unread postby a1sound » April 27th, 2007, 3:19 pm

Hi Silver and Kim,

This is the third time I've tried to post a reply here. I must be hitting something wrong on this keyboard because I'm so excited that my machine might actually be free of malware. If this is the case, then, Silver, good work!

Please forgive me for being so demanding. This computer comprises over a half terabyte of sound binaries and a lot of applications that required hand holding and hours on the telephone to install, a process that I did not want to endure again.

What do you think--should I release my stranglehold on the 69 and the 67 band and get on with it?

Wow! Let me know ASAP!!!

Cheers,
Buzz.
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA

Unread postby Kimberly » April 27th, 2007, 6:13 pm

Hello buzz,

If what you are saying is true, then you should get the same calls to these IPs..

67.29.128.43:80
67.29.128.57:80
67.29.128.35:80
67.29.128.59:80
67.29.128.49:80
67.29.128.24:80
67.29.128.42:80

..when you surf these sites..

http://www.costco.com
http://www.sears.com
http://www.comodo.com
http://www.pandasoftware.com
http://www.musiciansfriend.com


I'm sorry but wrong for several reasons :
1. I don't have NETBIOS running
2. All unneeded protocols and services are turned off - No client for MS networks and no file/printer sharing.
3. I don't have the same ISP as you ... sometimes requests are depending on the modem, ISP software and ISP you have. cf .. broadcasting and ISP's using reserved IANA ranges to connect people as they don't have enough IP ranges. To have a very small idea about the different types of communications you can have on a PC, may I suggest you read this post
4. Akamai servers are geographic based, which means that I won't get the same server as you even when we visited or request the same update.

do you get a hit on one of the IPs (67.29.128.*) above?

Would you run TCPView and save a shot of that for me? I certainly will be relieved to know that I've been OK after the first two or three scans that Silver had me do. I'll be the first to admit I was wrong--and gladly do so!

I don't need TCP view to see where I'm connecting, I just look up my firewall logs. :)
I'll visit those sites, but I honestly doubt I will have the same results as you for the reasons mentioned above.

Where did you find that these IPs were used as mirrors? That would exactly match the behavior I was worried about.

By enquiring Whois servers. :)

In your best judgement, should I release my stranglehold on the 67 band and the 69 band and assume that this behavior is OK?

Yes, the two 69 ones refered above as DNS Services could be related to your ISP, if you block that, you might end up with connectivity trouble.
As for the 67.29.128.x ... Being related to Akamai, I wouldn't block this either. Even software such as Symantec, Microsoft, ... often do use Akamai services. Consider it as a huge cache in order to deliver content faster based on geo location and sometimes to keep down the straint / bandwith on the main servers.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby a1sound » April 27th, 2007, 6:49 pm

I believe it's clean now. Thanks Kim and Silver!

Cheers,
Buzz.
User avatar
a1sound
Regular Member
 
Posts: 39
Joined: April 18th, 2007, 10:19 pm
Location: Mojave CA

Unread postby silver » April 28th, 2007, 5:17 am

Hi a1sound,

You are very welcome and I'm glad your concerns have been addressed.

Now might be a good time for that disk image you spoke about doing earlier on - from what you've said I'd recommend a couple of copies!

Also, please take the time to read the prevention advice I posted earlier on this thread.

Best of luck!
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby random/random » April 30th, 2007, 12:11 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: mAL_rEm018 and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware