Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer infected...need help [RESOLVED]


  • This topic is locked This topic is locked

#1
ping007

ping007

    Member

  • Member
  • PipPip
  • 11 posts
Hello,

My computer has become infected with??? I have run numerous programs and I think I have fixed most of the problems but things are still not correct. One problem is that my windows firewall is not working and I get an error when I try to start it manually. Also when I start windows it always opens "My Documents" folder. Any way I feel like I am missing something and thought I would see if any one could point me in the right direction.

Thank you!!!


Logfile of HijackThis v1.99.1
Scan saved at 8:09:34 PM, on 9/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kim Hall\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{74-40-08-8C-ZN}] c:\windows\system32\omdsrego.exe ELT001
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [anhciy] C:\WINDOWS\system32\awdkib.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vkodj] C:\WINDOWS\system32\awdkib.exe reg_run
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O15 - Trusted Zone: *.elitemediagroup.net
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\n02u0af9ed2.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winnqk32 - winnqk32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Kim and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware and Trojans. Let’s see what we can do.

Firstly could you please disable Windows Defender. Open Windows Defender. Click Tools, and then click General Settings. Under Protection options, clear the Use Windows Defender to help protect my computer check box. Then click Save

Please disable Trojan Hunter. Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck Load at startup and Enabled

Also please disable Ewido Guard from running. Right click on the orange icon in the taskbar (near the clock) and uncheck Resident Shield. The icon will change to a grey colour.

When your PC has been declared clean, please only enable one of those three programmes to run in real-time. All others should be used as “on demand” scanners. Having more than one antispyware programme running in real-time will cause slowness and even conflicts.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
combofix.exe

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Please open, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close Ewido. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode
  • In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [{74-40-08-8C-ZN}] c:\windows\system32\omdsrego.exe ELT001
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [anhciy] C:\WINDOWS\system32\awdkib.exe reg_run
O4 - HKCU\..\Run: [vkodj] C:\WINDOWS\system32\awdkib.exe reg_run
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
O15 - Trusted Zone: *.elitemediagroup.net
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\n02u0af9ed2.dll (file missing)
O20 - Winlogon Notify: winnqk32 - winnqk32.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into normal mode.

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
c:\windows\system32\omdsrego.exe
C:\program files\popupwithcast\septpop06apsept.exe
C:\WINDOWS\system32\awdkib.exe
C:\WINDOWS\system32\dwdsregt.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck Ewido Anti-malware log then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look. (3 logs in total please).
  • 0

#3
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok first off I was missing this line from the HiJack this scan so I was not able to delete it: O15 - Trusted Zone: *.elitemediagroup.net
Also when I ran killbox I did receive the PendingFileRenameOperations prompt.
I had run ewido in safe mode prior to talking with you, So I have included those logs as well in case you needed them. The first two logs will be the two from yesterday and the thrid will be from today.

Thanks again.


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:22:42 AM 9/28/2006

+ Scan result:



C:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Local Settings\Temp\NNBar_VCSetup_876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Local Settings\Temp\mit86.tmp.cab/NNBar_VCSetup_876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Local Settings\Temp\mit86.tmp/NNBar_VCSetup_876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
[812] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Cookies\kim [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Epilot : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Epilot : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.68:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Cookies\kim [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Cookies\kim [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Local Settings\Temp\Cookies\kim [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:05:42 PM 9/28/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876057.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
[876] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Cookies\kim [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Cookies\kim [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Kim Hall\Application Data\Mozilla\Firefox\Profiles\a9zecgzi.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Cookies\kim [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Kim Hall\Cookies\kim [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).


::Report end


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:39:16 AM 9/29/2006

+ Scan result:



HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-483194576-3032810569-2597111771-1007\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).


::Report end



Kim Hall - 06-09-29 11:07:10.24 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Kim Hall\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Kim Hall\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrff_e16.exe
C:\WINDOWS\justin.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\Eim03.exe
C:\Program Files\outlook
C:\Program Files\Common Files\{5077408C-0512-1033-1109-040308200001}


((((((((((((((((((((((((((((((( Files Created from 2006-08-29 to 2006-09-29 ))))))))))))))))))))))))))))))))))


2006-09-27 20:15 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-27 20:15 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-27 20:15 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-27 20:15 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-27 12:15 919 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-27 12:15 183,476 --a------ C:\WINDOWS\srvxmuwlhx.exe
2006-09-27 12:14 0 -rahs---- C:\MSDOS.SYS
2006-09-27 12:14 0 -rahs---- C:\IO.SYS
2006-09-27 12:13 183,478 --a------ C:\WINDOWS\srvjpbdwes.exe
2006-09-27 12:13 142 --a------ C:\WINDOWS\yrjry.dll
2006-09-15 16:16 53,248 --a------ C:\WINDOWS\uni_e6h.exe
2006-09-13 17:01 970,752 --a------ C:\WINDOWS\system32\VchReg.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-29 11:07 -------- d-------- C:\Program Files\Common Files
2006-09-29 10:59 -------- d-------- C:\Program Files\CCleaner
2006-09-29 10:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-29 10:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-28 18:28 -------- d-------- C:\Program Files\LimeWire
2006-09-28 17:23 -------- d-------- C:\Program Files\Windows Defender
2006-09-28 17:23 -------- d-------- C:\Program Files\Security Task Manager
2006-09-28 17:23 -------- d-------- C:\Documents and Settings\Kim Hall\Application Data\Jetico Personal Firewall
2006-09-27 20:44 -------- d--h----- C:\Program Files\BHO Plugin
2006-09-27 20:16 -------- d-------- C:\Documents and Settings\Kim Hall\Application Data\AVG7
2006-09-27 20:15 -------- d-------- C:\Program Files\Grisoft
2006-09-27 19:49 -------- d-------- C:\Program Files\PC MightyMax
2006-09-27 19:31 -------- d-------- C:\Program Files\RegistryFix
2006-09-27 19:31 -------- d-------- C:\Program Files\PCRescue4.0
2006-09-27 19:24 -------- d-------- C:\Documents and Settings\Kim Hall\Application Data\TrojanHunter
2006-09-27 19:21 -------- d-------- C:\Program Files\Golf Buddies
2006-09-27 19:06 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-27 14:48 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 14:09 -------- d-------- C:\Documents and Settings\Kim Hall\Application Data\Lavasoft
2006-09-27 14:08 -------- d-------- C:\Program Files\Lavasoft
2006-09-27 13:44 -------- d-------- C:\Program Files\Common Files\rkzz
2006-09-27 13:36 -------- d-------- C:\Program Files\Symantec
2006-09-27 13:36 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-27 13:34 -------- d-------- C:\Program Files\Alwil Software
2006-09-27 12:13 -------- d-------- C:\Program Files\PSDream
2006-09-26 13:31 -------- d-------- C:\Documents and Settings\Kim Hall\Application Data\Real
2006-09-26 13:30 -------- d-------- C:\Program Files\Real
2006-09-26 13:30 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-26 13:30 -------- d-------- C:\Program Files\Common Files\Real
2006-09-20 12:01 -------- d-------- C:\Program Files\Java
2006-09-13 17:22 -------- d-------- C:\Program Files\AdwareAlert
2006-09-11 23:48 -------- d-------- C:\Documents and Settings\Kim Hall\Application Data\Sonic
2006-08-23 22:47 -------- d---s---- C:\Documents and Settings\Kim Hall\Application Data\Microsoft
2006-08-23 09:35 -------- d-------- C:\Program Files\V1 Home 2.0
2006-08-23 09:35 -------- d-------- C:\Program Files\Common Files\Moonlight
2006-08-21 12:45 -------- d-------- C:\Program Files\MsnMusic
2006-08-21 12:21 -------- d-------- C:\Program Files\Windows Media Player
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:03 -------- d-------- C:\Program Files\Golf League Recorder PT
2006-08-16 13:03 -------- d-------- C:\Documents and Settings\Kim Hall\Application Data\Help
2006-08-14 19:52 78848 --a------ C:\WINDOWS\system32\nsj9D.dll
2006-08-14 13:42 -------- d-------- C:\Program Files\Outlook Express
2006-08-14 13:42 -------- d-------- C:\Program Files\Common Files\System
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HP Software Update"="\"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 09/29/2006 11:09:07.60
ComboFix.txt




Logfile of HijackThis v1.99.1
Scan saved at 11:10:19 AM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kim Hall\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again Kim

Mine are i3 oversize red dot, and I love playing with them.

Your HJT log looks good, but there are some files in the combofix log that need our attention.

There is a file in your log of which I am unsure. For that reason, I need you to submit it to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\WINDOWS\system32\nsj9D.dll

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

5. Now, please do the same with the following files (I thought they belonged to Win98):

C:\MSDOS.SYS
C:\IO.SYS

If any of those files are definitely bad, add them to the list for deletion below in Killbox.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

AdwareAlert
LimeWire

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please delete these folders:

C:\Program Files\LimeWire\
C:\Program Files\AdwareAlert\

Please find this folder and report on its content; if it is empty, delete it. C:\Program Files\Common Files\rkzz

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\srvjpbdwes.exe
C:\WINDOWS\yrjry.dll
C:\WINDOWS\uni_e6h.exe
C:\WINDOWS\system32\winpfg32.sys
C:\WINDOWS\srvxmuwlhx.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

How's the PC running now?
  • 0

#5
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello again,

Actually my name is Scott, Kim is my wife and this is her computer. I have a set of ISIs that I have had for a while. I bought them used from a friend. They are white dot. I enjoy playing with them, but feel like I need to get properly fitted to get the most out of my game, but that is a whole different story. ha ha

When I went to Jotti's site I could not find any of the three files that you wanted me to check on. I could not even find the system 32 folder, which I feel is a bad thing. There is a system folder in the Windows folder and a twain_32 folder but no system 32.

On the good side I did remove Lime wire, but there was not an adware alart programs to remove, allthough there was a folder that I deleted.

I also deleted this folder which was enpty: C:\Program Files\Common Files\rkzz

Killbox seemed to take care of the following files:
C:\WINDOWS\srvjpbdwes.exe
C:\WINDOWS\yrjry.dll
C:\WINDOWS\uni_e6h.exe
C:\WINDOWS\system32\winpfg32.sys
C:\WINDOWS\srvxmuwlhx.exe


I found this file in C:\StubInstaller It says that it is a limewire swarmed installer

Also I have a few programs left over from symantec
-Live update
-Norton WMI update
Should I delete these programs as I don't use Norton any more?

I still have the same problem at start up and with the fire wall that I had in the beginning, but other then that the computer seems to be running fine.

Thank you
  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Scott

When I went to Jotti's site I could not find any of the three files that you wanted me to check on. I could not even find the system 32 folder, which I feel is a bad thing. There is a system folder in the Windows folder and a twain_32 folder but no system 32.

I hope this is user error because System32 is a major folder in XP.

On the good side I did remove Lime wire, but there was not an adware alart programs to remove, allthough there was a folder that I deleted.

Yes Limewire is the cause of much malware. Adaware Alert could be an empty folder; the flag in ComboFix doesn't say if there is content within.

I also deleted this folder which was enpty: C:\Program Files\Common Files\rkzz

I thought it would be.

Killbox seemed to take care of the following files:
C:\WINDOWS\srvjpbdwes.exe
C:\WINDOWS\yrjry.dll
C:\WINDOWS\uni_e6h.exe
C:\WINDOWS\system32\winpfg32.sys
C:\WINDOWS\srvxmuwlhx.exe

Good, some of those are nasty.

I found this file in C:\StubInstaller It says that it is a limewire swarmed installer

Not sure what you are referring to here

Also I have a few programs left over from symantec
-Live update
-Norton WMI update
Should I delete these programs as I don't use Norton any more?

Please do.

I still have the same problem at start up and with the fire wall that I had in the beginning, but other then that the computer seems to be running fine

Please disable the firewall, reboot and then enable it. I don't think that the "opening to My Documents" is a malware problem; it is likely, IMHO, that either a win.ini or a boot.ini may be responsible.

Can you be more specific on the C:\StubInstaller please?

BTW, I love my irons and both fairway woods, but I do use a 10° Ping graphite shafted Ist Titanium driver, for those 500+ yard holes. It makes me smile :whistling:
  • 0

#7
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Phil,

Well I think I found part of my problem. My system32 folder was in the I386 folder instead of the windows folder, but that leads me to another problem. There are only two files in my system32 folder: NTDLL.DLL and SMSS (which says it is a windows NT Setup file). I am thinking that the system32 folder should have more info then that.

I guess I need to move that folder back into the Windows folder, but if one of the viruses that I had deleted some files what would be the next step? Can you get files from a Windows CD?

As for the Firewall it will not let me enable it. It says "Due to an unidentified problem, Windows cannot display Windows Firewall Settings."

I went ahead and deleted the StubInstaller file. I did a little research and it looks like it is just a file that lime wire uses.

I hear good things about Ping fairway woods, and their new driver looks nice also. I have a Titleist driver and a 15 degree fairway wood. :whistling:

Thanks

Scott
  • 0

#8
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
After furhter review I figured out that the system32 folder that I found does belong in the I386 folder. When I did a search I found a system32 folder in C:\I386 C:\swsetup\MSWorks and C:\hp\drivers\printers\deskjet

The funny thing is when I tried to copy the system 32 folder into the window folder it told me that I could not because that folder already exsisted. I have looked and I do not see what it says is already there??? :whistling:
  • 0

#9
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Scott

Let's just check that you do have the files you should have. Often system folders are hidden to stop users messing with them.

Please run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the programme, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
How's the PC running now?
  • 0

#10
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Phil,

Well I ran the scan that you wanted and I guess it did not find anything as the program just ran and when it was finished nothing happened. I tried to update windows but it did not find anything that needed updating.

I did find some info on the system32 folder after some searching on the internet. Someone seemed to have the same problem and they were instructed to do the following. Open command prompt and type: attrib -a -h -r -s c:\windows\system32

That brought back the folder the the windows folder. I restarted the computer, and nothing has changed.
I guess something else is wrong/missing.

Scott
  • 0

Advertisements


#11
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Phil,

Ok i fixed the My Documents problem. I had to change a file in the Registry. It had duplicated. So good news there.

Scott
  • 0

#12
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Scott

Great news about the registry hack. Let's see what is inside your system32 folde. Please copy the text inside the code box and paste it into notepad. Save it is find.bat to your desktop. Double click it and a dos screen will open momentarily followed by a log.txt Please post the log.txt in your reply.

dir C:\windows\system32\*.*>>log.txt

  • 0

#13
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Phil,

Here you go.



Volume in drive C has no label.
Volume Serial Number is 5077-408C

Directory of C:\windows\system32

09/30/2006 12:22 PM <DIR> .
09/30/2006 12:22 PM <DIR> ..
05/04/2003 02:27 AM 333 $ncsp$.inf
02/16/2005 03:15 PM 2,714 $winnt$.inf
05/03/2003 11:10 PM <DIR> 1025
05/03/2003 11:10 PM <DIR> 1028
05/03/2003 11:10 PM <DIR> 1031
05/03/2003 11:10 PM <DIR> 1033
05/03/2003 11:10 PM <DIR> 1037
05/03/2003 11:10 PM <DIR> 1041
05/03/2003 11:10 PM <DIR> 1042
05/03/2003 11:10 PM <DIR> 1054
08/04/2004 03:00 AM 2,151 12520437.cpx
08/04/2004 03:00 AM 2,233 12520850.cpx
05/03/2003 11:10 PM <DIR> 2052
05/03/2003 11:10 PM <DIR> 3076
05/03/2003 11:10 PM <DIR> 3com_dmi
08/04/2004 03:00 AM 100,352 6to4svc.dll
09/27/2006 12:15 PM 1,233 aaa00000.ini
08/04/2004 03:00 AM 25,600 aaaamon.dll
05/07/2003 05:09 PM 147,456 AbsoluteHttp.dll
08/04/2004 03:00 AM 68,608 access.cpl
08/04/2004 03:00 AM 64,512 acctres.dll
08/04/2004 03:00 AM 183,808 accwiz.exe
08/04/2004 03:00 AM 61,952 acelpdec.ax
08/04/2004 03:00 AM 129,536 acledit.dll
08/04/2004 03:00 AM 114,688 aclui.dll
08/04/2004 03:00 AM 194,048 activeds.dll
08/04/2004 03:00 AM 111,104 activeds.tlb
08/04/2004 03:00 AM 4,096 actmovie.exe
08/04/2004 03:00 AM 101,888 actxprxy.dll
08/04/2004 03:00 AM 61,440 admparse.dll
08/04/2004 03:00 AM 26,112 adptif.dll
08/04/2004 03:00 AM 175,616 adsldp.dll
08/04/2004 03:00 AM 143,360 adsldpc.dll
08/04/2004 03:00 AM 68,096 adsmsext.dll
08/04/2004 03:00 AM 263,680 adsnt.dll
08/04/2004 03:00 AM 616,960 advapi32.dll
08/04/2004 03:00 AM 99,840 advpack.dll
08/04/2004 03:00 AM 98,304 ahui.exe
08/04/2004 03:00 AM 44,544 alg.exe
08/04/2004 03:00 AM 17,408 alrsvc.dll
08/21/2006 12:21 PM 16,832 amcompat.tlb
08/04/2004 03:00 AM 70,656 amstream.dll
08/04/2004 03:00 AM 9,029 ansi.sys
08/04/2004 03:00 AM 102,912 apcups.dll
08/04/2004 03:00 AM 12,498 append.exe
08/04/2004 03:00 AM 126,976 apphelp.dll
08/04/2004 03:00 AM 549,888 appwiz.cpl
08/04/2004 03:00 AM 19,456 arp.exe
08/04/2004 03:00 AM 114,688 asctrls.ocx
09/22/2004 06:45 PM 8,192 asferror.dll
08/04/2004 03:00 AM 65,024 asycfilt.dll
08/04/2004 03:00 AM 25,088 at.exe
01/22/2001 03:25 AM 32,768 ATHPRXY.DLL
08/04/2004 03:00 AM 13,312 atkctrs.dll
08/04/2004 03:00 AM 58,880 atl.dll
01/05/2002 05:18 AM 84,992 atl70.dll
08/04/2004 03:00 AM 11,264 atmadm.exe
08/04/2004 03:00 AM 285,696 atmfd.dll
08/04/2004 03:00 AM 30,208 atmlib.dll
08/04/2004 03:00 AM 34,816 atmpvcno.dll
08/04/2004 03:00 AM 11,264 atrace.dll
08/04/2004 03:00 AM 11,264 attrib.exe
09/22/2004 06:45 PM 480,768 Audiodev.dll
08/04/2004 03:00 AM 42,496 audiosrv.dll
08/04/2004 03:00 AM 14,336 auditusr.exe
03/02/2005 01:09 PM 56,832 authz.dll
08/04/2004 03:00 AM 588,800 autochk.exe
08/04/2004 03:00 AM 602,624 autoconv.exe
08/04/2004 03:00 AM 80,384 autodisc.dll
08/04/2004 03:00 AM 1,688 AUTOEXEC.NT
08/04/2004 03:00 AM 580,608 autofmt.exe
08/04/2004 03:00 AM 11,264 autolfn.exe
08/04/2004 03:00 AM 69,584 avicap.dll
08/04/2004 03:00 AM 64,000 avicap32.dll
08/04/2004 03:00 AM 84,992 avifil32.dll
08/04/2004 03:00 AM 109,456 avifile.dll
08/04/2004 03:00 AM 16,384 avmeter.dll
08/04/2004 03:00 AM 227,840 avtapi.dll
08/04/2004 03:00 AM 73,216 avwav.dll
09/27/2006 12:15 PM 9,662 bang-006.ico
08/04/2004 03:00 AM 52,736 basesrv.dll
08/04/2004 03:00 AM 28,672 batmeter.dll
08/04/2004 03:00 AM 8,704 batt.dll
08/04/2004 03:00 AM 17,408 bidispl.dll
08/04/2004 03:00 AM 28,420 bios1.rom
08/04/2004 03:00 AM 8,191 bios4.rom
08/04/2004 03:00 AM 8,192 bitsprx2.dll
08/04/2004 03:00 AM 7,168 bitsprx3.dll
09/22/2004 06:45 PM 233,472 blackbox.dll
08/04/2004 03:00 AM 71,680 blastcln.exe
08/04/2004 03:00 AM 4,608 bootok.exe
08/04/2004 03:00 AM 12,288 bootvid.dll
08/04/2004 03:00 AM 5,120 bootvrfy.exe
08/04/2004 03:00 AM 22,984 bopomofo.uce
08/04/2004 03:00 AM 63,488 browselc.dll
08/04/2004 03:00 AM 77,312 browser.dll
06/23/2006 06:02 AM 1,022,976 browseui.dll
08/04/2004 03:00 AM 78,336 browsewm.dll
08/04/2004 03:00 AM 20,992 bthci.dll
08/04/2004 03:00 AM 110,592 bthprops.cpl
08/04/2004 03:00 AM 30,208 bthserv.dll
08/04/2004 03:00 AM 50,688 btpanui.dll
08/04/2004 03:00 AM 59,904 cabinet.dll
08/04/2004 03:00 AM 84,480 cabview.dll
08/04/2004 03:00 AM 18,432 cacls.exe
08/04/2004 03:00 AM 114,688 calc.exe
08/04/2004 03:00 AM 50,688 camocx.dll
08/04/2004 03:00 AM 142,848 capesnpn.dll
12/14/2004 01:24 PM 466,944 capicom.dll
08/04/2004 03:00 AM 359,936 cards.dll
09/19/2006 11:41 AM <DIR> CatRoot
09/30/2006 12:21 PM <DIR> CatRoot2
07/25/2005 11:39 PM 225,792 catsrv.dll
08/04/2004 03:00 AM 85,504 catsrvps.dll
07/25/2005 11:39 PM 625,152 catsrvut.dll
04/29/2004 10:07 AM 32,248 CAUDINST.dll
08/04/2004 03:00 AM 27,648 ccfgnt.dll
06/23/2006 06:02 AM 151,040 cdfview.dll
05/26/2005 04:16 AM 75,544 cdm.dll
08/04/2004 03:00 AM 15,872 cdmodem.dll
09/09/2005 08:53 PM 2,067,968 cdosys.dll
08/04/2004 03:00 AM 194,560 certcli.dll
08/04/2004 03:00 AM 457,728 certmgr.dll
08/04/2004 03:00 AM 42,339 certmgr.msc
09/22/2004 06:45 PM 161,792 cewmdm.dll
08/04/2004 03:00 AM 38,912 cfgbkend.dll
08/04/2004 03:00 AM 16,896 cfgmgr32.dll
08/02/1999 04:11 PM 57,344 CGZipLibrary.dll
08/04/2004 03:00 AM 80,384 charmap.exe
08/04/2004 03:00 AM 7,680 chcp.com
08/04/2004 03:00 AM 11,776 chkdsk.exe
08/04/2004 03:00 AM 11,264 chkntfs.exe
08/04/2004 03:00 AM 163,328 ciadmin.dll
08/04/2004 03:00 AM 41,762 ciadv.msc
08/04/2004 03:00 AM 109,568 cic.dll
08/04/2004 03:00 AM 8,192 cidaemon.exe
06/22/2006 12:06 AM 69,120 ciodm.dll
08/04/2004 03:00 AM 5,632 cisvc.exe
08/04/2004 03:00 AM 7,680 ckcnv.exe
08/04/2004 03:00 AM 10,752 clb.dll
07/25/2005 11:39 PM 110,080 clbcatex.dll
07/25/2005 11:39 PM 498,688 clbcatq.dll
08/04/2004 03:00 AM 64,000 cleanmgr.exe
08/04/2004 03:00 AM 71,859 cliconf.chm
08/04/2004 03:00 AM 77,824 cliconfg.dll
08/04/2004 03:00 AM 20,480 cliconfg.exe
08/04/2004 03:00 AM 24,576 cliconfg.rll
08/04/2004 03:00 AM 102,912 clipbrd.exe
08/04/2004 03:00 AM 33,280 clipsrv.exe
08/04/2004 03:00 AM 57,856 clusapi.dll
08/04/2004 03:00 AM 15,872 cmcfg32.dll
08/04/2004 03:00 AM 388,608 cmd.exe
08/04/2004 03:00 AM 343,040 cmdial32.dll
08/04/2004 03:00 AM 47,104 cmdl32.exe
08/04/2004 03:00 AM 61,172 cmmgr32.hlp
08/04/2004 03:00 AM 39,936 cmmon32.exe
08/04/2004 03:00 AM 64 cmos.ram
08/04/2004 03:00 AM 14,336 cmpbk32.dll
08/04/2004 03:00 AM 185,344 cmprops.dll
08/04/2004 03:00 AM 13,824 cmsetACL.dll
08/04/2004 03:00 AM 63,488 cmstp.exe
08/04/2004 03:00 AM 39,936 cmutil.dll
08/04/2004 03:00 AM 47,104 cnbjmon.dll
08/04/2004 03:00 AM 32,768 cnetcfg.dll
03/11/2004 11:06 AM 86,016 CNMCP5y.exe
04/23/2004 12:00 AM 116,736 CNMLM5y.DLL
04/23/2004 12:00 AM 7,680 CNMVS5y.DLL
08/04/2004 03:00 AM 26,624 cnvfat.dll
07/25/2005 11:39 PM 60,416 colbact.dll
08/14/2006 01:44 PM <DIR> Com
08/04/2004 03:00 AM 25,600 comaddin.dll
08/04/2004 03:00 AM 3,584 comcat.dll
08/04/2004 03:00 AM 611,328 comctl32.dll
05/22/2000 07:58 PM 608,448 comctl32.ocx
08/04/2004 03:00 AM 276,992 comdlg32.dll
03/08/2004 06:00 PM 152,848 comdlg32.ocx
08/04/2004 03:00 AM 10,544 comm.drv
08/04/2004 03:00 AM 50,620 command.com
08/04/2004 03:00 AM 32,816 commdlg.dll
08/04/2004 03:00 AM 15,872 comp.exe
08/04/2004 03:00 AM 17,408 compact.exe
08/04/2004 03:00 AM 252,928 compatUI.dll
08/04/2004 03:00 AM 38,302 compmgmt.msc
08/04/2004 03:00 AM 30,160 compobj.dll
08/04/2004 03:00 AM 229,376 compstui.dll
07/25/2005 11:39 PM 97,792 comrepl.dll
08/04/2004 03:00 AM 792,064 comres.dll
08/04/2004 03:00 AM 147,456 comsnap.dll
07/25/2005 11:39 PM 1,267,200 comsvcs.dll
07/25/2005 11:39 PM 540,160 comuid.dll
09/27/2006 02:41 PM <DIR> config
09/27/2006 07:30 PM 2,577 CONFIG.NT
08/04/2004 03:00 AM 2,577 CONFIG.TMP
08/04/2004 03:00 AM 345,600 confmsp.dll
08/04/2004 03:00 AM 27,648 conime.exe
08/04/2004 03:00 AM 66,560 console.dll
08/04/2004 03:00 AM 8,192 control.exe
08/04/2004 03:00 AM 13,824 convert.exe
08/04/2004 03:00 AM 35,328 corpol.dll
08/04/2004 03:00 AM 27,097 country.sys
08/03/2004 12:33 PM 221,184 cpqinfo.dll
08/04/2004 03:00 AM 163,840 credui.dll
08/04/2004 03:00 AM 149,019 crtdll.dll
08/04/2004 03:00 AM 597,504 crypt32.dll
08/04/2004 03:00 AM 74,752 cryptdlg.dll
08/04/2004 03:00 AM 33,280 cryptdll.dll
08/04/2004 03:00 AM 53,760 cryptext.dll
08/04/2004 03:00 AM 63,488 cryptnet.dll
08/04/2004 03:00 AM 60,416 cryptsvc.dll
08/04/2004 03:00 AM 512,512 cryptui.dll
08/04/2004 03:00 AM 101,888 cscdll.dll
08/04/2004 03:00 AM 98,304 cscript.exe
08/04/2004 03:00 AM 326,656 cscui.dll
08/04/2004 03:00 AM 32,768 csrsrv.dll
08/04/2004 03:00 AM 6,144 csrss.exe
08/04/2004 03:00 AM 73,728 csseqchk.dll
08/04/2004 03:00 AM 15,360 ctfmon.exe
08/04/2004 03:00 AM 27,136 ctl3d32.dll
08/04/2004 03:00 AM 27,200 ctl3dv2.dll
08/04/2004 03:00 AM 8,386 ctype.nls
08/04/2004 03:00 AM 66,082 c_037.nls
08/04/2004 03:00 AM 66,082 c_10000.nls
08/04/2004 08:00 AM 66,082 c_10004.nls
08/04/2004 08:00 AM 66,082 c_10005.nls
08/04/2004 03:00 AM 66,082 c_10006.nls
08/04/2004 03:00 AM 66,082 c_10007.nls
08/04/2004 03:00 AM 66,082 c_10010.nls
08/04/2004 03:00 AM 66,082 c_10017.nls
08/04/2004 08:00 AM 66,082 c_10021.nls
08/04/2004 03:00 AM 66,082 c_10029.nls
08/04/2004 03:00 AM 66,082 c_10079.nls
08/04/2004 03:00 AM 66,082 c_10081.nls
08/04/2004 03:00 AM 66,082 c_10082.nls
08/04/2004 03:00 AM 66,082 c_1026.nls
08/04/2004 03:00 AM 66,082 c_1250.nls
08/04/2004 03:00 AM 66,082 c_1251.nls
08/04/2004 03:00 AM 66,082 c_1252.nls
08/04/2004 03:00 AM 66,082 c_1253.nls
08/04/2004 03:00 AM 66,082 c_1254.nls
08/04/2004 03:00 AM 66,082 c_1255.nls
08/04/2004 03:00 AM 66,082 c_1256.nls
08/04/2004 03:00 AM 66,082 c_1257.nls
08/04/2004 03:00 AM 66,082 c_1258.nls
08/04/2004 03:00 AM 66,082 c_20127.nls
08/04/2004 03:00 AM 139,810 c_20261.nls
08/04/2004 03:00 AM 66,082 c_20866.nls
08/04/2004 03:00 AM 66,082 c_20905.nls
08/04/2004 03:00 AM 66,082 c_21866.nls
08/04/2004 03:00 AM 66,082 c_28591.nls
08/04/2004 03:00 AM 66,082 c_28592.nls
08/04/2004 03:00 AM 66,082 c_28593.nls
08/04/2004 03:00 AM 66,082 C_28594.NLS
08/04/2004 03:00 AM 66,082 C_28595.NLS
08/04/2004 08:00 AM 66,082 C_28596.NLS
08/04/2004 03:00 AM 66,082 C_28597.NLS
08/04/2004 03:00 AM 66,082 c_28598.nls
08/04/2004 03:00 AM 66,082 c_28599.nls
08/04/2004 03:00 AM 66,082 c_28603.nls
08/04/2004 03:00 AM 66,082 c_28605.nls
08/04/2004 03:00 AM 66,594 c_437.nls
08/04/2004 03:00 AM 66,082 c_500.nls
08/04/2004 08:00 AM 66,082 c_708.nls
08/04/2004 08:00 AM 66,594 c_720.nls
08/04/2004 03:00 AM 66,594 c_737.nls
08/04/2004 03:00 AM 66,594 c_775.nls
08/04/2004 03:00 AM 66,594 c_850.nls
08/04/2004 03:00 AM 66,594 c_852.nls
08/04/2004 03:00 AM 66,594 c_855.nls
08/04/2004 03:00 AM 66,594 c_857.nls
08/04/2004 03:00 AM 66,594 c_860.nls
08/04/2004 03:00 AM 66,594 c_861.nls
08/04/2004 08:00 AM 66,594 c_862.nls
08/04/2004 03:00 AM 66,594 c_863.nls
08/04/2004 08:00 AM 66,594 c_864.nls
08/04/2004 03:00 AM 66,594 c_865.nls
08/04/2004 03:00 AM 66,594 c_866.nls
08/04/2004 03:00 AM 66,594 c_869.nls
08/04/2004 03:00 AM 66,594 c_874.nls
08/04/2004 03:00 AM 66,082 c_875.nls
08/04/2004 03:00 AM 162,850 c_932.nls
08/04/2004 03:00 AM 196,642 c_936.nls
08/04/2004 03:00 AM 196,642 c_949.nls
08/04/2004 03:00 AM 196,642 c_950.nls
08/04/2004 08:00 AM 10,752 c_iscii.dll
08/04/2004 03:00 AM 1,179,648 d3d8.dll
08/04/2004 03:00 AM 8,192 d3d8thk.dll
08/04/2004 03:00 AM 1,689,088 d3d9.dll
08/04/2004 03:00 AM 436,224 d3dim.dll
08/04/2004 03:00 AM 825,344 d3dim700.dll
08/04/2004 03:00 AM 34,816 d3dpmesh.dll
08/04/2004 03:00 AM 590,336 d3dramp.dll
08/04/2004 03:00 AM 350,208 d3drm.dll
08/04/2004 03:00 AM 47,616 d3dxof.dll
06/23/2006 06:02 AM 1,054,208 danim.dll
08/04/2004 03:00 AM 54,272 dataclen.dll
08/04/2004 03:00 AM 152,064 datime.dll
08/04/2004 03:00 AM 24,576 davclnt.dll
08/04/2004 03:00 AM 153,088 daxctle.ocx
08/04/2004 03:00 AM 847,872 dbgeng.dll
08/04/2004 03:00 AM 640,000 dbghelp.dll
08/04/2004 03:00 AM 24,576 dbmsrpcn.dll
08/04/2004 03:00 AM 110,592 dbnetlib.dll
08/04/2004 03:00 AM 28,672 dbnmpntw.dll
08/04/2004 03:00 AM 1,788 Dcache.bin
08/04/2004 03:00 AM 8,704 dciman32.dll
08/04/2004 03:00 AM 5,120 dcomcnfg.exe
08/04/2004 03:00 AM 39,424 ddeml.dll
08/04/2004 03:00 AM 30,208 ddeshare.exe
08/04/2004 03:00 AM 266,240 ddraw.dll
08/04/2004 03:00 AM 27,136 ddrawex.dll
08/04/2004 03:00 AM 20,634 debug.exe
08/04/2004 03:00 AM 25,088 defrag.exe
08/04/2004 03:00 AM 135,168 desk.cpl
08/04/2004 03:00 AM 16,384 deskadp.dll
08/04/2004 03:00 AM 16,896 deskmon.dll
08/04/2004 03:00 AM 18,432 deskperf.dll
08/04/2004 03:00 AM 2 desktop.ini
08/04/2004 03:00 AM 59,904 devenum.dll
08/04/2004 03:00 AM 33,079 devmgmt.msc
08/04/2004 03:00 AM 282,624 devmgr.dll
08/04/2004 03:00 AM 41,397 dfrg.msc
08/04/2004 03:00 AM 82,432 dfrgfat.exe
08/04/2004 03:00 AM 104,960 dfrgntfs.exe
08/04/2004 03:00 AM 51,200 dfrgres.dll
08/04/2004 03:00 AM 38,912 dfrgsnap.dll
08/04/2004 03:00 AM 123,904 dfrgui.dll
08/04/2004 03:00 AM 28,672 dfsshlex.dll
08/04/2004 03:00 AM 111,104 dgnet.dll
08/04/2004 03:00 AM 176,157 dgrpsetu.dll
08/04/2004 03:00 AM 85,020 dgsetup.dll
05/03/2003 11:10 PM <DIR> dhcp
05/19/2006 07:59 AM 111,616 dhcpcsvc.dll
08/04/2004 03:00 AM 370,176 dhcpmon.dll
08/04/2004 03:00 AM 74,240 dhcpsapi.dll
08/04/2004 03:00 AM 394,240 diactfrm.dll
08/04/2004 03:00 AM 85,504 diantz.exe
08/04/2004 03:00 AM 68,608 digest.dll
08/04/2004 03:00 AM 44,032 dimap.dll
08/04/2004 03:00 AM 159,232 dinput.dll
08/04/2004 03:00 AM 181,760 dinput8.dll
05/03/2003 11:10 PM <DIR> DirectX
08/04/2004 03:00 AM 9,216 diskcomp.com
08/04/2004 03:00 AM 7,168 diskcopy.com
08/04/2004 03:00 AM 1,501,696 diskcopy.dll
08/04/2004 03:00 AM 33,673 diskmgmt.msc
08/04/2004 03:00 AM 163,840 diskpart.exe
08/04/2004 03:00 AM 17,920 diskperf.exe
08/04/2004 03:00 AM 45,083 dispex.dll
08/04/2004 03:00 AM 5,120 dllhost.exe
08/04/2004 03:00 AM 4,608 dllhst3g.exe
08/04/2004 03:00 AM 224,768 dmadmin.exe
08/04/2004 03:00 AM 28,672 dmband.dll
08/04/2004 03:00 AM 61,440 dmcompos.dll
08/04/2004 03:00 AM 330,752 dmconfig.dll
08/04/2004 03:00 AM 273,920 dmdlgs.dll
08/04/2004 03:00 AM 200,704 dmdskmgr.dll
08/04/2004 03:00 AM 118,784 dmdskres.dll
08/04/2004 03:00 AM 181,248 dmime.dll
08/04/2004 03:00 AM 18,432 dmintf.dll
08/04/2004 03:00 AM 35,840 dmloader.dll
08/04/2004 03:00 AM 19,456 dmocx.dll
08/04/2004 03:00 AM 15,872 dmremote.exe
08/04/2004 03:00 AM 82,432 dmscript.dll
08/04/2004 03:00 AM 23,552 dmserver.dll
08/04/2004 03:00 AM 105,984 dmstyle.dll
08/04/2004 03:00 AM 103,424 dmsynth.dll
08/04/2004 03:00 AM 104,448 dmusic.dll
08/04/2004 03:00 AM 52,224 dmutil.dll
08/04/2004 03:00 AM 61,440 dmview.ocx
06/26/2006 12:37 PM 148,480 dnsapi.dll
08/04/2004 03:00 AM 45,568 dnsrslvr.dll
08/04/2004 03:00 AM 46,080 docprop.dll
08/04/2004 03:00 AM 48,128 docprop2.dll
08/04/2004 03:00 AM 10,752 doskey.exe
08/04/2004 03:00 AM 53,840 dosx.exe
08/04/2004 03:00 AM 97,280 dpcdll.dll
08/04/2004 03:00 AM 33,040 dplay.dll
08/04/2004 03:00 AM 30,208 dplaysvr.exe
08/04/2004 03:00 AM 229,888 dplayx.dll
08/04/2004 03:00 AM 23,552 dpmodemx.dll
08/04/2004 03:00 AM 3,584 dpnaddr.dll
08/04/2004 03:00 AM 375,296 dpnet.dll
08/04/2004 03:00 AM 35,328 dpnhpast.dll
08/04/2004 03:00 AM 60,928 dpnhupnp.dll
08/04/2004 03:00 AM 3,584 dpnlobby.dll
08/04/2004 03:00 AM 62,464 dpnmodem.dll
08/04/2004 03:00 AM 18,432 dpnsvr.exe
08/04/2004 03:00 AM 61,952 dpnwsock.dll
08/04/2004 03:00 AM 53,520 dpserial.dll
08/04/2004 03:00 AM 21,504 dpvacm.dll
08/04/2004 03:00 AM 212,480 dpvoice.dll
08/04/2004 03:00 AM 83,456 dpvsetup.exe
08/04/2004 03:00 AM 116,736 dpvvox.dll
08/04/2004 03:00 AM 42,768 dpwsock.dll
08/04/2004 03:00 AM 57,344 dpwsockx.dll
09/29/2006 11:07 AM <DIR> drivers
09/22/2004 06:45 PM 253,688 drmclien.dll
09/22/2004 06:45 PM 95,232 drmstor.dll
09/22/2004 06:45 PM 527,360 drmv2clt.dll
08/04/2004 03:00 AM 14,336 drprov.dll
08/04/2004 03:00 AM 28,112 drwatson.exe
08/04/2004 03:00 AM 45,568 drwtsn32.exe
08/04/2004 03:00 AM 4,656 ds16gt.dLL
08/04/2004 03:00 AM 16,384 ds32gt.dll
08/04/2004 03:00 AM 62,976 dsauth.dll
08/04/2004 03:00 AM 181,760 dsdmo.dll
08/04/2004 03:00 AM 71,680 dsdmoprp.dll
08/04/2004 03:00 AM 92,672 dskquota.dll
08/04/2004 03:00 AM 144,384 dskquoui.dll
08/04/2004 03:00 AM 367,616 dsound.dll
08/04/2004 03:00 AM 81 dsound.vxd
08/04/2004 03:00 AM 1,294,336 dsound3d.dll
08/04/2004 03:00 AM 142,336 dsprop.dll
08/04/2004 03:00 AM 4,096 dsprpres.dll
08/04/2004 03:00 AM 239,104 dsquery.dll
08/04/2004 03:00 AM 218,003 dssec.dat
08/04/2004 03:00 AM 51,200 dssec.dll
08/04/2004 03:00 AM 137,216 dssenh.dll
08/04/2004 03:00 AM 113,152 dsuiext.dll
08/04/2004 03:00 AM 19,456 dswave.dll
08/04/2004 03:00 AM 10,752 dumprep.exe
08/04/2004 03:00 AM 304,128 duser.dll
08/04/2004 03:00 AM 55,296 dvdplay.exe
08/04/2004 03:00 AM 17,920 dvdupgrd.exe
08/04/2004 03:00 AM 180,224 dwwin.exe
08/04/2004 03:00 AM 619,008 dx7vb.dll
08/04/2004 03:00 AM 1,227,264 dx8vb.dll
08/04/2004 03:00 AM 1,298,432 dxdiag.exe
08/04/2004 03:00 AM 2,113,536 dxdiagn.dll
08/04/2004 03:00 AM 498,205 dxmasf.dll
06/23/2006 06:02 AM 357,888 dxtmsft.dll
06/23/2006 06:02 AM 205,312 dxtrans.dll
04/13/2004 12:30 PM 32,768 eabhbrn8.dll
08/04/2004 03:00 AM 69,886 edit.com
08/04/2004 03:00 AM 10,790 edit.hlp
08/04/2004 03:00 AM 12,642 edlin.exe
08/04/2004 03:00 AM 127,213 ega.cpi
08/04/2004 03:00 AM 183,296 els.dll
08/07/2004 08:15 AM 21,640 emptyregdb.dat
08/04/2004 03:00 AM 20,480 encapi.dll
08/04/2004 03:00 AM 186,368 encdec.dll
08/04/2004 03:00 AM 103,424 EqnClass.Dll
08/04/2004 03:00 AM 23,040 ersvc.dll
07/25/2005 11:39 PM 243,200 es.dll
10/20/2005 05:20 PM 1,082,368 esent.dll
08/04/2004 03:00 AM 1,114,896 esent97.dll
08/04/2004 03:00 AM 17,408 esentprf.dll
08/04/2004 03:00 AM 6,708 esentprf.hxx
08/04/2004 03:00 AM 1,015,477 esentprf.ini
08/04/2004 03:00 AM 39,424 esentutl.exe
08/04/2004 03:00 AM 193,024 eudcedit.exe
08/04/2004 03:00 AM 47,723 eula.txt
08/04/2004 03:00 AM 33,280 eventcls.dll
08/04/2004 03:00 AM 55,808 eventlog.dll
08/04/2004 03:00 AM 8,704 eventvwr.exe
08/04/2004 03:00 AM 56,678 eventvwr.msc
08/04/2004 03:00 AM 8,424 exe2bin.exe
08/04/2004 03:00 AM 15,872 expand.exe
05/03/2003 11:10 PM <DIR> export
08/04/2004 03:00 AM 380,957 expsrv.dll
06/23/2006 06:02 AM 55,808 extmgr.dll
08/04/2004 03:00 AM 45,568 extrac32.exe
08/04/2004 03:00 AM 121,856 exts.dll
10/19/2003 11:11 PM 811,008 FastForm.ocx
08/04/2004 03:00 AM 882 fastopen.exe
08/04/2004 03:00 AM 80,384 faultrep.dll
08/04/2004 03:00 AM 14,848 fc.exe
08/04/2004 03:00 AM 21,504 feclient.dll
08/04/2004 03:00 AM 337,920 filemgmt.dll
08/04/2004 03:00 AM 9,216 find.exe
08/04/2004 03:00 AM 27,136 findstr.exe
08/04/2004 03:00 AM 9,216 finger.exe
08/04/2004 03:00 AM 80,384 firewall.cpl
08/04/2004 03:00 AM 3,072 fixmapi.exe
08/04/2004 03:00 AM 87,552 fldrclnr.dll
08/21/2006 07:21 AM 16,896 fltlib.dll
08/21/2006 04:14 AM 23,040 fltmc.exe
08/03/2003 12:56 PM 1,146,184 FM20.DLL
07/15/2003 12:57 AM 32,584 FM20ENU.DLL
08/04/2004 03:00 AM 16,384 fmifs.dll
08/23/2006 10:22 AM 263,024 FNTCACHE.DAT
08/04/2004 03:00 AM 382,976 fontext.dll
10/17/2005 04:14 PM 80,896 fontsub.dll
08/04/2004 03:00 AM 20,992 fontview.exe
08/04/2004 03:00 AM 7,168 forcedos.exe
08/04/2004 03:00 AM 25,600 format.com
08/04/2004 03:00 AM 9,344 framebuf.dll
08/04/2004 03:00 AM 55,296 freecell.exe
08/04/2004 03:00 AM 32,760 fsmgmt.msc
08/04/2004 03:00 AM 193,024 fsquirt.exe
08/04/2004 03:00 AM 81,408 fsusd.dll
08/04/2004 03:00 AM 56,320 fsutil.exe
08/04/2004 08:00 AM 6,144 ftlx041e.dll
08/04/2004 03:00 AM 42,496 ftp.exe
08/04/2004 03:00 AM 176,128 ftsrch.dll
08/04/2004 03:00 AM 60,416 fwcfg.dll
08/04/2004 03:00 AM 41,472 g711codc.ax
08/04/2004 03:00 AM 24,006 gb2312.uce
08/04/2004 03:00 AM 76,800 gcdef.dll
08/04/2004 03:00 AM 24,576 gdi.exe
12/28/2005 09:54 PM 280,064 gdi32.dll
04/05/2004 07:42 PM 78,896 GEARAspi.dll
08/04/2004 03:00 AM 24,772 geo.nls
08/04/2004 03:00 AM 605,696 getuname.dll
08/04/2004 03:00 AM 285,184 glmf32.dll
08/16/2006 01:02 PM 30 glr32.ini
08/04/2004 03:00 AM 122,880 glu32.dll
08/04/2004 03:00 AM 101,888 gpkcsp.dll
08/04/2004 03:00 AM 9,728 gpkrsrc.dll
08/04/2004 03:00 AM 26,112 graftabl.com
08/04/2004 03:00 AM 19,694 graphics.com
08/04/2004 03:00 AM 21,232 graphics.pro
08/04/2004 03:00 AM 39,424 grpconv.exe
08/04/2004 03:00 AM 265,728 h323.tsp
08/07/2004 01:11 AM 0 h323log.txt
08/04/2004 03:00 AM 614,912 h323msp.dll
08/04/2004 03:00 AM 81,280 hal.dll
08/04/2004 03:00 AM 7,168 hccoin.dll
10/30/2003 03:31 AM 118,784 hccutils.dll
08/04/2004 03:00 AM 155,136 hdwwiz.cpl
08/04/2004 03:00 AM 14,848 help.exe
07/14/2006 10:25 AM 546,304 hhctrl.ocx
05/26/2005 09:04 PM 41,472 hhsetup.dll
08/04/2004 03:00 AM 20,992 hid.dll
08/04/2004 03:00 AM 29,696 hidphone.tsp
08/04/2004 03:00 AM 4,768 himem.sys
10/30/2003 03:33 AM 118,784 hkcmd.exe
07/21/2006 03:24 AM 72,704 hlink.dll
07/10/2002 03:55 PM 31,744 hlp95en.dll
08/04/2004 03:00 AM 344,064 hnetcfg.dll
08/04/2004 03:00 AM 14,848 hnetmon.dll
08/04/2004 03:00 AM 330,752 hnetwiz.dll
08/04/2004 03:00 AM 929 homepage.inf
08/04/2004 03:00 AM 7,680 hostname.exe
08/04/2004 03:00 AM 144,896 hotplug.dll
05/22/2003 09:44 PM 6,848 hphmon05.dat
05/22/2003 09:55 PM 483,328 hphmon05.exe
07/30/2004 10:33 AM 65,536 hpqactn.dll
08/03/2004 12:08 PM 3,125,248 hpqPres.dll
12/17/2003 07:51 AM 32,218 HSFCI009.dll
08/04/2004 03:00 AM 44,544 hticons.dll
08/04/2004 03:00 AM 423,936 html.iec
08/04/2004 03:00 AM 24,576 httpapi.dll
08/04/2004 03:00 AM 41,984 htui.dll
11/17/2004 12:41 PM 347,136 hypertrm.dll
08/04/2004 03:00 AM 199,680 iac25_32.ax
11/07/2003 05:45 AM 65,536 iAlmCoIn_v3712.dll
11/07/2003 05:45 AM 486,978 ialmdd5.dll
11/07/2003 05:45 AM 197,403 ialmdev5.dll
11/07/2003 05:45 AM 117,308 ialmdnt5.dll
11/07/2003 05:24 AM 188,416 ialmgdev.dll
11/07/2003 05:24 AM 1,851,392 ialmgicd.dll
11/07/2003 05:34 AM 94,267 ialmrem.dll
11/07/2003 05:46 AM 36,927 ialmrnt5.dll
05/03/2003 11:10 PM <DIR> ias
08/04/2004 03:00 AM 23,552 iasacct.dll
08/04/2004 03:00 AM 41,472 iasads.dll
08/04/2004 03:00 AM 32,256 iashlpr.dll
08/04/2004 03:00 AM 62,464 iasnap.dll
08/04/2004 03:00 AM 17,920 iaspolcy.dll
08/04/2004 03:00 AM 119,808 iasrad.dll
08/04/2004 03:00 AM 141,312 iasrecst.dll
08/04/2004 03:00 AM 86,528 iassam.dll
08/04/2004 03:00 AM 247,808 iassdo.dll
08/04/2004 03:00 AM 59,392 iassvcs.dll
08/04/2004 03:00 AM 11,264 icaapi.dll
08/04/2004 03:00 AM 80,384 iccvid.dll
08/04/2004 03:00 AM 16,384 icfgnt5.dll
06/28/2005 08:46 PM 254,976 icm32.dll
08/04/2004 03:00 AM 3,584 icmp.dll
08/04/2004 03:00 AM 54,784 icmui.dll
05/03/2003 11:10 PM <DIR> icsxml
08/04/2004 03:00 AM 73,728 icwdial.dll
08/04/2004 03:00 AM 65,536 icwphbk.dll
08/04/2004 03:00 AM 60,458 ideograf.uce
08/04/2004 03:00 AM 120,832 idq.dll
08/04/2004 03:00 AM 34,304 ie4uinit.exe
08/04/2004 03:00 AM 139,264 ieakeng.dll
08/04/2004 03:00 AM 216,576 ieaksie.dll
08/04/2004 03:00 AM 221,184 ieakui.dll
08/04/2004 03:00 AM 323,584 iedkcs32.dll
08/04/2004 03:00 AM 81,920 ieencode.dll
06/23/2006 06:02 AM 251,392 iepeers.dll
08/04/2004 03:00 AM 48,640 iernonce.dll
08/04/2004 03:00 AM 62,976 iesetup.dll
08/04/2004 03:00 AM 23,024 ieuinit.inf
08/04/2004 03:00 AM 114,688 iexpress.exe
08/04/2004 03:00 AM 135,680 ifmon.dll
08/04/2004 03:00 AM 70,656 ifsutil.dll
10/30/2003 03:40 AM 499,712 igfxcfg.exe
10/30/2003 03:41 AM 98,304 igfxcpl.cpl
10/30/2003 03:31 AM 151,552 igfxdev.dll
10/30/2003 03:42 AM 45,056 igfxdgps.dll
10/30/2003 03:42 AM 151,552 igfxdiag.exe
10/30/2003 03:30 AM 86,016 igfxdo.dll
10/30/2003 03:44 AM 221,184 igfxeud.dll
10/30/2003 03:47 AM 32,768 igfxexps.dll
10/30/2003 03:47 AM 94,208 igfxext.exe
10/30/2003 03:47 AM 59,346 igfxhara.lhp
10/30/2003 03:47 AM 59,347 igfxharb.lhp
10/30/2003 03:47 AM 58,834 igfxhchs.lhp
10/30/2003 03:47 AM 58,223 igfxhcht.lhp
10/30/2003 03:47 AM 59,528 igfxhcsy.lhp
10/30/2003 03:47 AM 60,428 igfxhdan.lhp
10/30/2003 03:47 AM 61,799 igfxhdeu.lhp
10/30/2003 03:47 AM 60,822 igfxhell.lhp
10/30/2003 03:47 AM 57,586 igfxheng.lhp
10/30/2003 03:47 AM 57,049 igfxhenu.lhp
10/30/2003 03:48 AM 60,785 igfxhesp.lhp
10/30/2003 03:48 AM 59,893 igfxhfin.lhp
10/30/2003 03:48 AM 61,144 igfxhfra.lhp
10/30/2003 03:48 AM 61,236 igfxhfrc.lhp
10/30/2003 03:48 AM 60,235 igfxhheb.lhp
10/30/2003 03:48 AM 66,297 igfxhhun.lhp
10/30/2003 03:48 AM 58,755 igfxhita.lhp
10/30/2003 03:48 AM 59,816 igfxhjpn.lhp
10/30/2003 03:33 AM 122,880 igfxhk.dll
10/30/2003 03:48 AM 63,876 igfxhkor.lhp
10/30/2003 03:48 AM 59,612 igfxhnld.lhp
10/30/2003 03:48 AM 58,891 igfxhnor.lhp
10/30/2003 03:48 AM 60,317 igfxhplk.lhp
10/30/2003 03:48 AM 60,209 igfxhptb.lhp
10/30/2003 03:48 AM 62,763 igfxhptg.lhp
10/30/2003 03:48 AM 60,545 igfxhrus.lhp
10/30/2003 03:48 AM 58,819 igfxhsve.lhp
10/30/2003 03:48 AM 61,701 igfxhtha.lhp
10/30/2003 03:48 AM 62,800 igfxhtrk.lhp
10/30/2003 03:45 AM 204,800 igfxpph.dll
10/30/2003 03:47 AM 155,648 igfxrara.lrc
10/30/2003 03:47 AM 155,648 igfxrarb.lrc
10/30/2003 03:47 AM 155,648 igfxrchs.lrc
10/30/2003 03:47 AM 155,648 igfxrcht.lrc
10/30/2003 03:47 AM 159,744 igfxrcsy.lrc
10/30/2003 03:47 AM 159,744 igfxrdan.lrc
10/30/2003 03:47 AM 159,744 igfxrdeu.lrc
10/30/2003 03:47 AM 163,840 igfxrell.lrc
10/30/2003 03:47 AM 155,648 igfxreng.lrc
10/30/2003 03:31 AM 155,648 igfxrenu.lrc
10/30/2003 03:31 AM 155,648 igfxres.dll
10/30/2003 03:47 AM 163,840 igfxresp.lrc
10/30/2003 03:31 AM 909,312 igfxress.dll
10/30/2003 03:48 AM 159,744 igfxrfin.lrc
10/30/2003 03:48 AM 163,840 igfxrfra.lrc
10/30/2003 03:48 AM 163,840 igfxrfrc.lrc
10/30/2003 03:48 AM 155,648 igfxrheb.lrc
10/30/2003 03:48 AM 163,840 igfxrhun.lrc
10/30/2003 03:48 AM 163,840 igfxrita.lrc
10/30/2003 03:48 AM 155,648 igfxrjpn.lrc
10/30/2003 03:48 AM 155,648 igfxrkor.lrc
10/30/2003 03:48 AM 159,744 igfxrnld.lrc
10/30/2003 03:48 AM 159,744 igfxrnor.lrc
10/30/2003 03:48 AM 159,744 igfxrplk.lrc
10/30/2003 03:48 AM 159,744 igfxrptb.lrc
10/30/2003 03:48 AM 159,744 igfxrptg.lrc
10/30/2003 03:48 AM 159,744 igfxrrus.lrc
10/30/2003 03:48 AM 159,744 igfxrsve.lrc
10/30/2003 03:48 AM 159,744 igfxrtha.lrc
10/30/2003 03:48 AM 159,744 igfxrtrk.lrc
10/30/2003 03:33 AM 319,488 igfxsrvc.dll
10/30/2003 03:46 AM 155,648 igfxtray.exe
08/04/2004 03:00 AM 8,192 igmpagnt.dll
08/04/2004 03:00 AM 81,920 ils.dll
08/04/2004 03:00 AM 16,384 imaadp32.acm
08/04/2004 03:00 AM 144,384 imagehlp.dll
08/04/2004 03:00 AM 150,016 imapi.exe
05/03/2003 11:10 PM <DIR> IME
08/04/2004 03:00 AM 36,921 imeshare.dll
08/04/2004 03:00 AM 35,840 imgutil.dll
08/04/2004 03:00 AM 110,080 imm32.dll
04/08/2004 04:12 PM 747,008 Indeo4.qtx
08/04/2004 03:00 AM 274,432 inetcfg.dll
01/29/2004 01:36 AM 1,699,913 InetClnt.dll
07/27/2006 08:24 AM 679,424 inetcomm.dll
08/04/2004 03:00 AM 358,400 inetcpl.cpl
08/04/2004 03:00 AM 110,592 inetcplc.dll
08/04/2004 03:00 AM 33,280 inetmib1.dll
08/04/2004 03:00 AM 75,264 inetpp.dll
08/04/2004 03:00 AM 15,872 inetppui.dll
08/04/2004 03:00 AM 48,128 inetres.dll
05/03/2003 11:10 PM <DIR> inetsrv
08/04/2004 03:00 AM 450,560 infosoft.dll
08/04/2004 03:00 AM 147,456 initpki.dll
08/21/2002 07:10 AM 204,800 INKED.DLL
08/04/2004 03:00 AM 123,392 input.dll
06/23/2006 06:02 AM 96,256 inseng.dll
08/04/2004 03:00 AM 956,990 instcat.sql
08/04/2004 03:00 AM 129,536 intl.cpl
08/04/2004 03:00 AM 30,720 iologmsg.dll
08/04/2004 03:00 AM 17,408 ipconf.tsp
08/04/2004 03:00 AM 55,808 ipconfig.exe
05/19/2006 07:59 AM 94,720 iphlpapi.dll
08/04/2004 03:00 AM 154,112 ipmontr.dll
08/04/2004 03:00 AM 331,264 ipnathlp.dll
08/04/2004 03:00 AM 330,752 ippromon.dll
08/04/2004 03:00 AM 3,584 iprop.dll
08/04/2004 03:00 AM 4,096 iprtprio.dll
08/04/2004 03:00 AM 169,984 iprtrmgr.dll
08/04/2004 03:00 AM 44,032 ipsec6.exe
08/04/2004 03:00 AM 349,696 ipsecsnp.dll
08/04/2004 03:00 AM 182,784 ipsecsvc.dll
08/04/2004 03:00 AM 384,000 ipsmsnap.dll
08/04/2004 03:00 AM 53,248 ipv6.exe
08/04/2004 03:00 AM 59,904 ipv6mon.dll
08/04/2004 03:00 AM 83,968 ipxmontr.dll
08/04/2004 03:00 AM 69,120 ipxpromn.dll
08/04/2004 03:00 AM 21,504 ipxrip.dll
08/04/2004 03:00 AM 23,552 ipxroute.exe
08/04/2004 03:00 AM 39,936 ipxrtmgr.dll
08/04/2004 03:00 AM 66,560 ipxsap.dll
08/04/2004 03:00 AM 20,992 ipxwan.dll
08/04/2004 03:00 AM 199,168 ir32_32.dll
08/04/2004 03:00 AM 848,384 ir41_32.ax
08/04/2004 03:00 AM 120,320 ir41_qc.dll
08/04/2004 03:00 AM 338,432 ir41_qcx.dll
08/04/2004 03:00 AM 755,200 ir50_32.dll
08/04/2004 03:00 AM 200,192 ir50_qc.dll
08/04/2004 03:00 AM 183,808 ir50_qcx.dll
08/04/2004 03:00 AM 13,312 irclass.dll
08/03/2004 02:56 PM 152,576 irftp.exe
08/03/2004 02:56 PM 27,136 irmon.dll
08/04/2004 03:00 AM 380,416 irprops.cpl
03/12/1999 01:20 AM 18,728 ISHF_Ex.tlb
08/04/2004 03:00 AM 81,920 isign32.dll
08/04/2004 03:00 AM 32,768 isrdbg32.dll
05/26/2005 09:04 PM 155,136 itircl.dll
05/26/2005 09:04 PM 137,216 itss.dll
05/26/2005 04:16 AM 198,424 iuengine.dll
08/04/2004 03:00 AM 154,624 ivfsrc.ax
08/04/2004 03:00 AM 54,272 ixsso.dll
08/04/2004 03:00 AM 47,616 iyuv_32.dll
07/26/2006 01:25 AM 49,248 java.exe
07/26/2006 01:26 AM 53,346 javaw.exe
07/26/2006 03:03 AM 127,078 javaws.exe
08/04/2004 03:00 AM 362,496 jet500.dll
08/04/2004 03:00 AM 44,544 jgaw400.dll
06/01/2006 01:47 PM 163,840 jgdw400.dll
08/04/2004 03:00 AM 35,840 jgmd400.dll
06/01/2006 01:47 PM 27,648 jgpl400.dll
08/04/2004 03:00 AM 45,568 jgsd400.dll
08/04/2004 03:00 AM 65,536 jgsh400.dll
08/04/2004 03:00 AM 47,952 jobexec.dll
08/04/2004 03:00 AM 68,608 joy.cpl
07/26/2006 03:03 AM 49,265 jpicpl32.cpl
05/18/2006 12:24 AM 450,560 jscript.dll
06/23/2006 06:02 AM 16,384 jsproxy.dll
09/20/2006 12:01 PM 8,370 jupdate-1.5.0_08-b03.log
08/04/2004 03:00 AM 6,948 kanji_1.uce
08/04/2004 03:00 AM 8,484 kanji_2.uce
08/04/2004 03:00 AM 14,710 kb16.com
08/04/2004 08:00 AM 5,632 kbda1.dll
08/04/2004 08:00 AM 5,632 kbda2.dll
08/04/2004 08:00 AM 5,632 kbda3.dll
08/04/2004 03:00 AM 6,656 KBDAL.DLL
08/04/2004 08:00 AM 5,120 kbdarme.dll
08/04/2004 08:00 AM 5,120 kbdarmw.dll
08/04/2004 03:00 AM 5,632 kbdaze.dll
08/04/2004 03:00 AM 5,632 kbdazel.dll
08/04/2004 03:00 AM 6,144 kbdbe.dll
08/04/2004 03:00 AM 6,144 kbdbene.dll
08/04/2004 03:00 AM 5,632 kbdblr.dll
08/04/2004 03:00 AM 6,144 kbdbr.dll
08/04/2004 03:00 AM 5,632 kbdbu.dll
08/04/2004 03:00 AM 6,144 kbdca.dll
08/04/2004 03:00 AM 7,680 kbdcan.dll
08/04/2004 03:00 AM 6,656 kbdcr.dll
08/04/2004 03:00 AM 7,168 kbdcz.dll
08/04/2004 03:00 AM 6,656 kbdcz1.dll
08/04/2004 03:00 AM 6,656 kbdcz2.dll
08/04/2004 03:00 AM 6,144 kbdda.dll
08/04/2004 08:00 AM 5,632 kbddiv1.dll
08/04/2004 08:00 AM 5,632 kbddiv2.dll
08/04/2004 03:00 AM 5,120 kbddv.dll
08/04/2004 03:00 AM 6,144 kbdes.dll
08/04/2004 03:00 AM 6,144 kbdest.dll
08/04/2004 08:00 AM 5,632 kbdfa.dll
08/04/2004 03:00 AM 6,144 kbdfc.dll
08/04/2004 03:00 AM 6,144 kbdfi.dll
08/04/2004 03:00 AM 7,168 kbdfi1.dll
08/04/2004 03:00 AM 6,144 kbdfo.dll
08/04/2004 03:00 AM 6,144 kbdfr.dll
08/04/2004 03:00 AM 5,632 kbdgae.dll
08/04/2004 08:00 AM 5,120 kbdgeo.dll
08/04/2004 03:00 AM 6,144 kbdgkl.dll
08/04/2004 03:00 AM 6,144 kbdgr.dll
08/04/2004 03:00 AM 6,144 kbdgr1.dll
08/04/2004 03:00 AM 5,632 kbdhe.dll
08/04/2004 03:00 AM 5,632 kbdhe220.dll
08/04/2004 03:00 AM 5,632 kbdhe319.dll
08/04/2004 08:00 AM 5,632 kbdheb.dll
08/04/2004 03:00 AM 6,144 kbdhela2.dll
08/04/2004 03:00 AM 6,656 kbdhela3.dll
08/04/2004 03:00 AM 8,192 kbdhept.dll
08/04/2004 03:00 AM 6,656 kbdhu.dll
08/04/2004 03:00 AM 5,632 kbdhu1.dll
08/04/2004 03:00 AM 6,144 kbdic.dll
08/04/2004 03:00 AM 6,144 kbdinbe1.dll
08/04/2004 03:00 AM 6,656 kbdinben.dll
08/04/2004 08:00 AM 5,632 kbdindev.dll
08/04/2004 08:00 AM 5,632 kbdinguj.dll
08/04/2004 08:00 AM 5,632 kbdinhin.dll
08/04/2004 08:00 AM 5,632 kbdinkan.dll
08/04/2004 03:00 AM 6,656 kbdinmal.dll
08/04/2004 08:00 AM 5,632 kbdinmar.dll
08/04/2004 08:00 AM 6,144 kbdinpun.dll
08/04/2004 08:00 AM 5,632 kbdintam.dll
08/04/2004 08:00 AM 5,632 kbdintel.dll
08/04/2004 03:00 AM 5,632 kbdir.dll
08/04/2004 03:00 AM 5,632 kbdit.dll
08/04/2004 03:00 AM 5,632 kbdit142.dll
08/04/2004 03:00 AM 5,632 kbdkaz.dll
08/04/2004 03:00 AM 5,632 kbdkyr.dll
08/04/2004 03:00 AM 6,656 kbdla.dll
08/04/2004 03:00 AM 5,632 kbdlt.dll
08/04/2004 03:00 AM 5,632 kbdlt1.dll
08/04/2004 03:00 AM 6,144 kbdlv.dll
08/04/2004 03:00 AM 6,144 kbdlv1.dll
08/04/2004 03:00 AM 6,144 kbdmac.dll
08/04/2004 03:00 AM 5,632 kbdmaori.dll
08/04/2004 03:00 AM 6,144 kbdmlt47.dll
08/04/2004 03:00 AM 6,144 kbdmlt48.dll
08/04/2004 03:00 AM 5,632 kbdmon.dll
08/04/2004 03:00 AM 6,144 kbdne.dll
08/04/2004 03:00 AM 7,168 kbdnec.dll
08/04/2004 03:00 AM 6,144 kbdno.dll
08/04/2004 03:00 AM 7,168 kbdno1.dll
08/04/2004 03:00 AM 6,656 kbdpl.dll
08/04/2004 03:00 AM 5,632 kbdpl1.dll
08/04/2004 03:00 AM 6,144 kbdpo.dll
08/04/2004 03:00 AM 5,632 kbdro.dll
08/04/2004 03:00 AM 5,632 kbdru.dll
08/04/2004 03:00 AM 5,632 kbdru1.dll
08/04/2004 03:00 AM 6,144 kbdsf.dll
08/04/2004 03:00 AM 6,656 kbdsg.dll
08/04/2004 03:00 AM 6,656 kbdsl.dll
08/04/2004 03:00 AM 6,656 kbdsl1.dll
08/04/2004 03:00 AM 7,680 kbdsmsfi.dll
08/04/2004 03:00 AM 7,680 kbdsmsno.dll
08/04/2004 03:00 AM 6,144 kbdsp.dll
08/04/2004 03:00 AM 6,144 kbdsw.dll
08/04/2004 08:00 AM 5,632 kbdsyr1.dll
08/04/2004 08:00 AM 5,632 kbdsyr2.dll
08/04/2004 03:00 AM 5,632 kbdtat.dll
08/04/2004 08:00 AM 5,632 kbdth0.dll
08/04/2004 08:00 AM 5,632 kbdth1.dll
08/04/2004 08:00 AM 6,144 kbdth2.dll
08/04/2004 08:00 AM 6,144 kbdth3.dll
08/04/2004 03:00 AM 6,144 kbdtuf.dll
08/04/2004 03:00 AM 6,144 kbdtuq.dll
08/04/2004 03:00 AM 5,632 kbduk.dll
08/04/2004 03:00 AM 7,168 kbdukx.dll
08/04/2004 03:00 AM 5,632 kbdur.dll
08/04/2004 08:00 AM 5,632 kbdurdu.dll
08/04/2004 03:00 AM 5,632 kbdus.dll
08/04/2004 08:00 AM 5,632 kbdusa.dll
08/04/2004 03:00 AM 6,144 kbdusl.dll
08/04/2004 03:00 AM 6,144 kbdusr.dll
08/04/2004 03:00 AM 6,144 kbdusx.dll
08/04/2004 03:00 AM 5,632 kbduzb.dll
08/04/2004 08:00 AM 5,632 kbdvntc.dll
08/04/2004 03:00 AM 5,632 kbdycc.dll
08/04/2004 03:00 AM 6,656 kbdycl.dll
08/04/2004 03:00 AM 7,424 kd1394.dll
08/04/2004 03:00 AM 7,040 kdcom.dll
06/15/2005 12:49 PM 295,936 kerberos.dll
07/05/2006 05:55 AM 984,064 kernel32.dll
08/04/2004 03:00 AM 42,809 key01.sys
08/04/2004 03:00 AM 2,000 keyboard.drv
08/04/2004 03:00 AM 42,537 keyboard.sys
01/29/2004 01:36 AM 343,216 KeyHelp.ocx
08/04/2004 03:00 AM 150,528 keymgr.dll
08/04/2004 03:00 AM 33,280 kmddsp.tsp
08/04/2004 03:00 AM 12,876 korean.uce
08/04/2004 03:00 AM 92,224 krnl386.exe
08/04/2004 02:56 AM 130,048 ksproxy.ax
08/04/2004 02:56 AM 4,096 ksuser.dll
08/04/2004 03:00 AM 290,816 l3codeca.acm
09/22/2004 06:45 PM 360,448 l3codecp.acm
08/04/2004 03:00 AM 83,456 l3codecx.ax
08/04/2004 03:00 AM 9,728 label.exe
08/04/2004 03:00 AM 89,600 langwrbk.dll
08/04/2004 03:00 AM 221,600 lanman.drv
09/22/2004 06:45 PM 6,656 laprxy.dll
06/19/2006 04:19 PM 571,184 LegitCheckControl.dll
06/07/2002 12:02 AM 36,864 lfbmp11n.dll
06/07/2002 12:02 AM 285,184 LFCMP11n.DLL
06/07/2002 12:02 AM 31,232 lfeps11n.dll
06/07/2002 12:02 AM 81,408 lffax11n.dll
06/07/2002 12:02 AM 41,472 lfgif11n.dll
06/07/2002 12:02 AM 26,112 lfpcd11n.dll
06/07/2002 12:02 AM 33,280 lfpcx11n.dll
06/07/2002 12:02 AM 172,032 Lfpng11n.dll
06/07/2002 12:02 AM 56,320 lfpsd11n.dll
06/07/2002 12:02 AM 27,648 lftga11n.dll
06/07/2002 12:02 AM 152,064 lftif11n.dll
06/07/2002 12:02 AM 59,392 lfwmf11n.dll
08/04/2004 03:00 AM 423,936 licdll.dll
08/04/2004 03:00 AM 22,016 licmgr10.dll
08/04/2004 03:00 AM 58,880 licwmi.dll
08/04/2004 03:00 AM 29,696 lights.exe
08/31/2005 08:41 PM 19,968 linkinfo.dll
08/04/2004 03:00 AM 13,824 lmhsvc.dll
08/04/2004 03:00 AM 399,872 lmrt.dll
08/04/2004 03:00 AM 25,088 lnkstub.exe
08/04/2004 03:00 AM 1,131 loadfix.com
08/04/2004 03:00 AM 97,280 loadperf.dll
08/04/2004 03:00 AM 249,270 locale.nls
08/04/2004 03:00 AM 221,696 localsec.dll
08/04/2004 03:00 AM 341,504 localspl.dll
08/04/2004 03:00 AM 11,776 localui.dll
08/04/2004 03:00 AM 75,264 locator.exe
08/04/2004 03:00 AM 5,120 lodctr.exe
09/22/2004 06:45 PM 96,768 logagent.exe
08/04/2004 03:00 AM 50,176 loghours.dll
08/04/2004 03:00 AM 59,392 logman.exe
08/04/2004 03:00 AM 15,360 logoff.exe
08/04/2004 03:00 AM 220,672 logon.scr
08/04/2004 03:00 AM 514,560 logonui.exe
08/04/2004 03:00 AM 22,016 lpk.dll
08/04/2004 03:00 AM 6,144 lpq.exe
08/04/2004 03:00 AM 8,192 lpr.exe
08/04/2004 03:00 AM 10,240 lprhelp.dll
08/04/2004 03:00 AM 9,216 lprmonui.dll
10/27/2004 08:21 PM 721,920 lsasrv.dll
08/04/2004 03:00 AM 13,312 lsass.exe
06/07/2002 12:02 AM 262,656 LTDIS11n.dll
06/07/2002 12:02 AM 118,784 ltfil11n.DLL
06/07/2002 12:02 AM 127,488 ltimg11n.dll
06/07/2002 12:02 AM 392,192 ltkrn11n.dll
06/07/2002 12:02 AM 716,288 Ltwvc11n.dll
08/04/2004 03:00 AM 42,166 lusrmgr.msc
08/04/2004 03:00 AM 2,560 lz32.dll
08/04/2004 03:00 AM 9,936 lzexpand.dll
08/04/2004 03:00 AM 168 l_except.nls
08/04/2004 03:00 AM 7,046 l_intl.nls
05/03/2003 11:10 PM <DIR> Macromed
08/04/2004 03:00 AM 72,704 magnify.exe
08/04/2004 03:00 AM 8,192 mag_hook.dll
08/04/2004 03:00 AM 187,904 main.cpl
08/04/2004 03:00 AM 85,504 makecab.exe
10/01/1998 12:00 PM 520,128 MAPI.DLL
08/04/2004 03:00 AM 112,128 mapi32.dll
03/26/1998 12:00 AM 38,160 MAPISRVR.EXE
08/04/2004 03:00 AM 112,128 mapistub.dll
08/04/2004 03:00 AM 14,848 mcastmib.dll
08/04/2004 03:00 AM 10,240 mcd32.dll
08/04/2004 03:00 AM 10,496 mcdsrv32.dll
02/19/2001 01:18 AM 261,632 mcdvd_32.dll
03/25/2003 04:48 PM 898 mcdvd_32.inf
08/04/2004 03:00 AM 4,608 mchgrcoi.dll
08/04/2004 03:00 AM 73,376 mciavi.drv
08/04/2004 03:00 AM 84,480 mciavi32.dll
08/04/2004 03:00 AM 17,408 mcicda.dll
08/04/2004 03:00 AM 8,192 mciole16.dll
08/04/2004 03:00 AM 7,680 mciole32.dll
08/04/2004 03:00 AM 35,328 mciqtz32.dll
08/04/2004 03:00 AM 23,040 mciseq.dll
08/04/2004 03:00 AM 25,264 mciseq.drv
08/04/2004 03:00 AM 23,552 mciwave.dll
08/04/2004 03:00 AM 28,160 mciwave.drv
02/01/2000 03:36 PM 98,304 mcmjpg32.dll
03/27/2003 11:52 AM 1,138 mcmjpg32.inf
08/04/2004 03:00 AM 50,176 mdhcp.dll
06/18/2003 07:31 PM 17,920 mdimon.dll
08/04/2004 03:00 AM 118,272 mdminst.dll
04/09/2003 09:01 AM 90,112 mdmxsdk.dll
08/04/2004 03:00 AM 147,968 mdwmdmsp.dll
08/04/2004 03:00 AM 39,274 mem.exe
08/04/2004 03:00 AM 39,936 mf3216.dll
08/04/2004 03:00 AM 924,432 mfc40.dll
08/04/2004 03:00 AM 924,432 mfc40u.dll
08/04/2004 03:00 AM 1,028,096 mfc42.dll
06/17/1998 09:08 PM 53,248 MFC42ENU.DLL
08/04/2004 03:00 AM 1,024,000 mfc42u.dll
01/05/2002 07:48 AM 974,848 mfc70.dll
01/05/2002 07:36 AM 964,608 mfc70u.dll
09/18/2003 02:32 PM 1,060,864 MFC71.dll
07/10/2002 03:55 PM 133,904 mfcans32.dll
08/04/2004 03:00 AM 22,528 mfcsubs.dll
07/10/2002 03:55 PM 5,632 mfcuia32.dll
08/04/2004 03:00 AM 14,848 mgmtapi.dll
08/04/2004 03:00 AM 46,258 mib.bin
08/04/2004 03:00 AM 18,944 midimap.dll
08/04/2004 03:00 AM 60,928 miglibnt.dll
08/04/2004 03:00 AM 51,712 migpwd.exe
08/04/2004 03:00 AM 18,944 mimefilt.dll
08/04/2004 03:00 AM 673,088 mlang.dat
08/04/2004 03:00 AM 586,240 mlang.dll
08/04/2004 03:00 AM 3,584 mll_hp.dll
08/04/2004 03:00 AM 7,680 mll_mtf.dll
08/04/2004 03:00 AM 5,632 mll_qic.dll
08/04/2004 03:00 AM 815,104 mmc.exe
08/04/2004 03:00 AM 70,656 mmcbase.dll
08/04/2004 03:00 AM 1,192,960 mmcndmgr.dll
08/04/2004 03:00 AM 50,688 mmcshext.dll
08/04/2004 03:00 AM 1,490 mmdriver.inf
08/04/2004 03:00 AM 12,288 mmdrv.dll
08/04/2004 03:00 AM 17,408 mmfutil.dll
08/04/2004 03:00 AM 618,496 mmsys.cpl
08/04/2004 03:00 AM 68,768 mmsystem.dll
08/04/2004 03:00 AM 1,152 mmtask.tsk
08/04/2004 03:00 AM 119,808 mmutilse.dll
08/04/2004 03:00 AM 34,560 mnmdd.dll
08/04/2004 03:00 AM 32,768 mnmsrvc.exe
08/04/2004 03:00 AM 207,360 mobsync.dll
08/04/2004 03:00 AM 143,360 mobsync.exe
08/04/2004 03:00 AM 19,456 mode.com
08/04/2004 03:00 AM 153,600 modemui.dll
08/04/2004 03:00 AM 10,112 modex.dll
08/04/2004 03:00 AM 15,872 more.com
08/04/2004 03:00 AM 216,064 moricons.dll
08/04/2004 03:00 AM 8,192 mountvol.exe
08/04/2004 03:00 AM 2,032 mouse.drv
08/04/2004 03:00 AM 310,272 mp43dmod.dll
08/04/2004 03:00 AM 384,512 mp4sdmod.dll
08/04/2004 03:00 AM 118,272 mpeg2data.ax
08/04/2004 03:00 AM 148,992 mpg2splt.ax
01/11/2000 06:19 PM 413,760 MPG4C32.dll
07/01/2003 12:14 PM 1,036 Mpg4c32.inf
08/04/2004 03:00 AM 240,640 mpg4dmod.dll
08/04/2004 03:00 AM 262,144 mpg4ds32.ax
08/04/2004 03:00 AM 123,392 mplay32.exe
08/04/2004 03:00 AM 22,016 mpnotify.exe
08/04/2004 03:00 AM 59,904 mpr.dll
08/04/2004 03:00 AM 87,040 mprapi.dll
08/04/2004 03:00 AM 69,120 mprddm.dll
08/04/2004 03:00 AM 49,152 mprdim.dll
08/04/2004 03:00 AM 99,840 mprmsg.dll
08/04/2004 03:00 AM 47,104 mprui.dll
08/04/2004 03:00 AM 12,800 mrinfo.exe
09/11/2006 10:37 AM 8,960,936 MRT.exe
08/04/2004 03:00 AM 102,912 msaatext.dll
08/04/2004 03:00 AM 61,168 msacm.dll
08/04/2004 03:00 AM 71,680 msacm32.dll
08/04/2004 03:00 AM 20,480 msacm32.drv
08/04/2004 03:00 AM 221,184 msadds32.ax
08/04/2004 03:00 AM 14,848 msadp32.acm
08/04/2004 03:00 AM 3,584 msafd.dll
08/04/2004 03:00 AM 86,016 msapsspc.dll
08/04/2004 03:00 AM 57,344 msasn1.dll
08/04/2004 03:00 AM 294,912 msaud32.acm
08/04/2004 03:00 AM 65,024 msaudite.dll
08/04/2004 03:00 AM 7,168 mscat32.dll
08/04/2004 03:00 AM 817 mscdexnt.exe
06/28/2005 08:46 PM 74,240 mscms.dll
03/09/2004 11:30 AM 662,288 MSComCt2.ocx
03/09/2004 11:30 AM 1,081,616 MSCOMCTL.OCX
08/04/2004 03:00 AM 69,632 msconf.dll
07/15/2004 12:24 AM 155,648 mscoree.dll
07/14/2004 11:34 PM 16,896 mscorier.dll
02/20/2003 04:09 PM 106,496 mscories.dll
08/04/2004 03:00 AM 12,288 mscpx32r.dLL
08/04/2004 03:00 AM 36,864 mscpxl32.dLL
08/04/2004 03:00 AM 294,400 MSCTF.dll
08/04/2004 03:00 AM 177,152 MSCTFIME.IME
08/04/2004 03:00 AM 69,120 MSCTFP.dll
08/04/2004 03:00 AM 118,784 msdadiag.dll
08/04/2004 03:00 AM 151,552 msdart.dll
08/04/2004 03:00 AM 12,288 msdatsrc.tlb
04/03/2000 05:54 PM 136,192 msderun.dll
08/04/2004 03:00 AM 14,336 msdmo.dll
05/03/2003 11:10 PM <DIR> MsDtc
08/04/2004 03:00 AM 6,144 msdtc.exe
08/04/2004 03:00 AM 58,880 msdtclog.dll
08/04/2004 03:00 AM 768 msdtcprf.h
08/04/2004 03:00 AM 1,931 msdtcprf.ini
03/01/2006 02:42 PM 426,496 msdtcprx.dll
03/01/2006 02:42 PM 956,416 msdtctm.dll
03/01/2006 02:42 PM 161,280 msdtcuiu.dll
08/04/2004 03:00 AM 844,314 msdxm.ocx
08/04/2004 03:00 AM 4,126 msdxmlc.dll
08/04/2004 03:00 AM 94,282 msencode.dll
08/04/2004 03:00 AM 512,029 msexch40.dll
08/04/2004 03:00 AM 319,517 msexcl40.dll
05/22/2000 04:58 PM 244,416 msflxgrd.ocx
08/04/2004 03:00 AM 537,088 msftedit.dll
08/04/2004 03:00 AM 20,992 msg.exe
08/04/2004 03:00 AM 9,216 msg711.acm
08/04/2004 03:00 AM 118,784 msg723.acm
08/04/2004 03:00 AM 994,304 msgina.dll
08/04/2004 03:00 AM 19,968 msgsm32.acm
08/04/2004 03:00 AM 33,792 msgsvc.dll
08/04/2004 03:00 AM 188,416 msh261.drv
08/04/2004 03:00 AM 294,912 msh263.drv
08/04/2004 03:00 AM 126,976 mshearts.exe
08/04/2004 03:00 AM 29,184 mshta.exe
07/28/2006 06:28 AM 3,054,080 mshtml.dll
08/04/2004 03:00 AM 1,351,168 mshtml.tlb
06/23/2006 06:02 AM 448,512 mshtmled.dll
08/04/2004 03:00 AM 56,832 mshtmler.dll
05/04/2005 02:45 PM 2,890,240 msi.dll
08/04/2004 03:00 AM 51,712 msident.dll
08/04/2004 03:00 AM 6,656 msidle.dll
08/04/2004 03:00 AM 14,848 msidntld.dll
08/04/2004 03:00 AM 248,832 msieftp.dll
03/21/2005 03:00 PM 78,848 msiexec.exe
03/21/2005 03:00 PM 271,360 msihnd.dll
08/04/2004 03:00 AM 4,608 msimg32.dll
03/21/2005 03:00 PM 884,736 msimsg.dll
08/04/2004 03:00 AM 159,232 MSIMTF.dll
03/08/2004 11:00 PM 132,880 MSINET.OCX
03/21/2005 03:00 PM 15,360 msisip.dll
06/18/2003 02:00 PM 1,050,384 msjet35.dll
08/04/2004 03:00 AM 1,507,356 msjet40.dll
08/04/2004 03:00 AM 358,976 msjetoledb40.dll
06/18/2003 02:00 PM 123,664 msjint35.dll
08/04/2004 03:00 AM 151,583 msjint40.dll
06/18/2003 02:00 PM 24,848 msjter35.dll
08/04/2004 03:00 AM 53,279 msjter40.dll
08/04/2004 03:00 AM 241,693 msjtes40.dll
08/04/2004 03:00 AM 25,088 mslbui.dll
07/10/2002 03:53 PM 91,136 msls2.dll
08/04/2004 03:00 AM 146,432 msls31.dll
08/04/2004 03:00 AM 213,023 msltus40.dll
09/22/2004 06:45 PM 141,312 msnetobj.dll
08/04/2004 03:00 AM 290,816 msnsspc.dll
08/04/2004 03:00 AM 33,280 msobjs.dll
08/04/2004 03:00 AM 252,928 msoeacct.dll
08/04/2004 03:00 AM 105,984 msoert2.dll
08/04/2004 03:00 AM 20,480 msorc32r.dll
08/04/2004 03:00 AM 143,360 msorcl32.dll
08/04/2004 03:00 AM 343,040 mspaint.exe
08/04/2004 03:00 AM 30,208 mspatcha.dll
08/04/2004 03:00 AM 348,189 mspbde40.dll
09/22/2004 06:45 PM 25,088 MsPMSNSv.dll
09/22/2004 06:45 PM 169,472 MsPMSP.dll
08/04/2004 03:00 AM 41,984 msports.dll
08/04/2004 03:00 AM 48,128 msprivs.dll
08/04/2004 03:00 AM 69,632 msr2c.dll
08/04/2004 03:00 AM 7,168 msr2cenu.dll
08/04/2004 03:00 AM 60,416 msratelc.dll
06/23/2006 06:02 AM 146,432 msrating.dll
08/04/2004 03:00 AM 73,802 msrclr40.dll
08/04/2004 03:00 AM 421,919 msrd2x40.dll
08/04/2004 03:00 AM 315,423 msrd3x40.dll
05/11/2000 03:06 PM 397,312 MSRDO20.DLL
08/04/2004 03:00 AM 28,746 msrecr40.dll
06/18/2003 02:00 PM 415,504 msrepl35.dll
08/04/2004 03:00 AM 552,989 msrepl40.dll
08/04/2004 03:00 AM 11,264 msrle32.dll
08/04/2004 03:00 AM 134,656 mssap.dll
08/04/2004 03:00 AM 69,632 msscds32.ax
09/22/2004 06:45 PM 360,176 MSSCP.dll
08/04/2004 03:00 AM 102,400 msscript.ocx
08/04/2004 03:00 AM 35,840 mssign32.dll
08/04/2004 03:00 AM 4,608 mssip32.dll
04/03/2000 08:05 PM 118,784 msstdfmt.dll
08/09/1998 01:07 PM 94,208 MSSTKPRP.DLL
08/04/2004 03:00 AM 13,312 msswch.dll
08/04/2004 03:00 AM 6,656 msswchx.exe
08/04/2004 03:00 AM 274,944 mstask.dll
08/04/2004 03:00 AM 258,077 mstext40.dll
06/23/2006 06:02 AM 532,480 mstime.dll
08/04/2004 03:00 AM 12,288 mstinit.exe
08/04/2004 03:00 AM 115,712 mstlsapi.dll
08/04/2004 03:00 AM 407,552 mstsc.exe
08/04/2004 03:00 AM 655,360 mstscax.dll
08/04/2004 03:00 AM 195,072 msutb.dll
08/04/2004 03:00 AM 129,536 msv1_0.dll
08/04/2004 03:00 AM 1,355,776 msvbvm50.dll
02/23/2004 08:42 PM 1,386,496 msvbvm60.dll
01/05/2002 06:38 AM 54,784 msvci70.dll
08/04/2004 03:00 AM 54,784 msvcirt.dll
08/04/2004 03:00 AM 565,760 msvcp50.dll
08/04/2004 03:00 AM 413,696 msvcp60.dll
01/05/2002 06:40 AM 487,424 msvcp70.dll
09/18/2003 02:32 PM 499,712 msvcp71.dll
01/05/2002 06:37 AM 344,064 msvcr70.dll
09/18/2003 02:32 PM 348,160 msvcr71.dll
08/04/2004 03:00 AM 343,040 msvcrt.dll
08/04/2004 03:00 AM 253,952 msvcrt20.dll
08/04/2004 03:00 AM
  • 0

#14
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Scott

That looks absolutely fine to me; how's it running now?
  • 0

#15
ping007

ping007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Phil,

Well my firewall still does not work but besides for that I think it is running pretty good. It does seem to take longer to boot up now.


Scott
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP