Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help- I've got a trojan [RESOLVED]


  • This topic is locked This topic is locked

#1
honkynel

honkynel

    Member

  • Member
  • PipPip
  • 29 posts
Hello,
A panda scan says that i have a trojan. I keep getting a variety of windows pop ups warning of danger.
I've followed your procedures and it seems to have removed some bad stuff but i keep getting the security pop up warning of a trojan clicker etc

Any help on the matter would be much appreciated

Maybe i should of posted a hijack-this log

here it is


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:25, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\oodag.exe
c:\matlab6p5\bin\win32\matlab.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\xivmbchi.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\unins000.exe
C:\DOCUME~1\NEILFA~1\LOCALS~1\Temp\_iu14D2N.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [uimsg] C:\WINDOWS\system32\xivmbchi.exe
O4 - HKLM\..\Policies\Explorer\Run: [5pTIYLEW2I] C:\Documents and Settings\Neil Fagan\Desktop\FlashPlayerH264Ext.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1104982710-789134085-254555146-1005\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1104982710-789134085-254555146-1005\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186408917187
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O21 - SSODL: msgact - {11DB7A94-B8C3-70C9-293E-0858BA66B4FE} - C:\Program Files\nzpkclb\msgact.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8963 bytes

Reason for Edit: Merged posts.

Please don't post more than once or bump the topic as Helpers usually first look for threads with no replies.

Edited by Octagonal, 02 August 2008 - 01:38 AM.

  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi honkynel,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.
If you still require assistance, please send me a log from Deckard's System Scanner (DSS)

First I need you to download Deckard's System Scanner and save it to your Desktop:

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
in your next reply.


Cheers,

sage5
  • 0

#3
honkynel

honkynel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for your help.
Here is main

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xx

Deckard's System Scanner v20071014.68
Run by Neil Fagan on 2008-08-04 18:04:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-08-04 17:04:29 UTC - RP357 - Deckard's System Scanner Restore Point
11: 2008-08-04 10:40:19 UTC - RP356 - System Checkpoint
10: 2008-08-03 09:19:35 UTC - RP355 - System Checkpoint
9: 2008-08-02 08:56:10 UTC - RP354 - System Checkpoint
8: 2008-07-31 18:54:20 UTC - RP353 - Removed Apple Mobile Device Support


-- First Restore Point --
1: 2008-07-26 02:23:41 UTC - RP346 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Neil Fagan.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:05, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\xivmbchi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Neil Fagan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Neil Fagan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [uimsg] C:\WINDOWS\system32\xivmbchi.exe
O4 - HKLM\..\Policies\Explorer\Run: [5pTIYLEW2I] C:\Documents and Settings\Neil Fagan\Desktop\FlashPlayerH264Ext.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186408917187
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O21 - SSODL: msgact - {11DB7A94-B8C3-70C9-293E-0858BA66B4FE} - C:\Program Files\nzpkclb\msgact.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7976 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R1 truecrypt - c:\windows\system32\drivers\truecrypt.sys <Not Verified; TrueCrypt Foundation; TrueCrypt>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>

S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 matlabserver (MATLAB Server) - c:\matlab6p5\webserver\bin\win32\matlabserver.exe
R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>

S2 LckFldService -
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10018086&REV_02\4&23C6FC68&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10018086&REV_02\4&23C6FC68&0&00E1
Service: w39n51


-- Scheduled Tasks -------------------------------------------------------------

2008-07-31 17:39:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-01 18:26:55 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-31 19:55:28 0 d-------- C:\Program Files\iPod
2008-07-31 19:52:00 0 d-------- C:\Program Files\Safari
2008-07-30 14:00:20 0 d-------- C:\Program Files\Trend Micro
2008-07-30 13:38:06 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Malwarebytes
2008-07-30 13:38:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 13:38:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 13:37:28 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-29 21:21:19 0 d-------- C:\Program Files\Panda Security
2008-07-29 21:13:13 0 dr-h----- C:\Documents and Settings\Neil Fagan\Recent
2008-07-29 18:32:05 0 d-------- C:\Documents and Settings\All Users\Application Data\narwfkhg
2008-07-29 18:32:02 0 d-------- C:\Program Files\nzpkclb
2008-07-29 18:31:59 0 d-------- C:\Documents and Settings\All Users\Application Data\tyzopynm
2008-07-29 18:31:57 90112 --a------ C:\WINDOWS\system32\xivmbchi.exe
2008-07-28 01:05:52 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-20 00:28:39 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\EuroTalk
2008-07-20 00:28:37 0 d-------- C:\Program Files\EuroTalk
2008-07-18 20:20:23 0 d-------- C:\Program Files\Air France TravelDesk
2008-07-18 18:47:02 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Samsung
2008-07-18 18:46:12 174592 --a------ C:\WINDOWS\system32\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 18:46:00 0 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-07-18 18:45:49 5632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-07-18 18:45:41 0 d-------- C:\Program Files\Samsung
2008-07-18 18:41:17 0 d-------- C:\Program Files\Bonjour


-- Find3M Report ---------------------------------------------------------------

2008-06-27 09:49:38 0 d-------- C:\Program Files\XemiComputers
2008-06-27 09:38:34 0 d-------- C:\Program Files\AutoCAD 2005
2008-06-27 09:38:34 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Autodesk
2008-06-27 06:49:24 509 --a------ C:\WINDOWS\DESKTOP
2008-06-23 20:09:00 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Gearbox Software
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --ah----- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --ah----- C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-09 06:35:46 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Acoustica
2008-06-09 06:35:44 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Ahead
2008-06-09 06:35:44 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\AdobeUM
2008-06-09 06:35:40 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\AVG7
2008-06-09 06:35:40 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\ATI
2008-06-09 06:35:40 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\ArcSoft
2008-06-09 06:35:36 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Azureus
2008-06-09 06:35:32 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\BearShare
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Lavasoft
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\JDiskReport
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Intel
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\iHostVM
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Identities
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Help
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Google
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\DataLayer
2008-06-09 06:35:30 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Canon
2008-06-09 06:35:28 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Media Player Classic
2008-06-09 06:35:28 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\MathWorks
2008-06-09 06:35:28 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Mathsoft
2008-06-09 06:35:28 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Macromedia
2008-06-09 06:35:20 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Nero
2008-06-09 06:35:20 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Mozilla
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Symantec
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Sun
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Sony
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Sonic Foundry
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\skypePM
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Skype
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\ScanSoft
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Real
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\ppstream
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\PC Suite
2008-06-09 06:34:50 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Nokia
2008-06-09 06:34:48 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Textmagic
2008-06-09 06:34:48 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Talkback
2008-06-09 06:34:46 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Virtual Mechanics
2008-06-09 06:34:46 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Uniblue
2008-06-09 06:34:46 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\TrueCrypt
2008-06-09 06:34:46 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Toshiba
2008-06-09 06:34:46 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Thunderbird
2008-06-09 06:34:44 0 d--h----- C:\Documents and Settings\Neil Fagan\Application Data\yahoo!
2008-06-09 06:34:44 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\vlc
2008-06-09 06:34:40 0 d--h----- C:\Documents and Settings\Neil Fagan\Application Data\Application Data
2008-06-08 18:29:14 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\CyberLink
2008-06-08 14:53:34 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Adobe
2008-06-08 14:47:44 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\Apple Computer
2008-06-08 14:13:58 0 d-------- C:\Documents and Settings\Neil Fagan\Application Data\DivX
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-09 19:50:18 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [17/10/2005 17:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [25/05/2006 20:02]
"RTHDCPL"="RTHDCPL.EXE" [04/05/2006 03:59 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [02/11/2004 20:24]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [14/03/2006 17:46]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08/05/2003 11:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [14/04/2006 11:56]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [10/07/2008 15:03]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02/01/2006 18:41]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 06:43 C:\WINDOWS\Alcmtr.exe]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [21/02/2006 19:36]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [02/01/2006 21:14]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [21/03/2006 09:54]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [17/04/2006 05:24]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10/07/2008 09:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 20:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [21/04/2006 17:03]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]
"uimsg"="C:\WINDOWS\system32\xivmbchi.exe" [29/07/2008 18:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"5pTIYLEW2I"=C:\Documents and Settings\Neil Fagan\Desktop\FlashPlayerH264Ext.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgact"= {11DB7A94-B8C3-70C9-293E-0858BA66B4FE} - C:\Program Files\nzpkclb\msgact.dll [29/07/2008 18:32 114688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68dfbd60-3a49-11dd-883f-001731f5f1a5}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2d5e404-2b11-11dd-8817-001731f5f1a5}]
AutoRun\command- G:\WD_Windows_Tools\Setup.exe




-- End of Deckard's System Scanner: finished at 2008-08-04 18:06:46 ------------

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxx


Here is extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2047.29 MiB / 1377 MiB
Pagefile Memory (total/avail): 4963.7 MiB / 4359.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.24 MiB

C: is Fixed (FAT32) - 54.81 GiB total, 18.22 GiB free.
D: is Fixed (NTFS) - 36.46 GiB total, 0.26 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HTS541010G9SA00 - 93.16 GiB - 3 partitions
\PARTITION0 - Unknown - 1906.12 MiB
\PARTITION1 (bootable) - Unknown - 54.84 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 36.46 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Terrapin FTP\\ftp95.exe"="C:\\Program Files\\Terrapin FTP\\ftp95.exe:*:Enabled:Terrapin FTP"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe"="C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe:*:Enabled:Cubis Dx Version"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"
"H:\\Call of Duty Game of the Year Edition\\CoDMP.exe"="H:\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Disabled:CoDMP"
"H:\\BrothersInArmsEiB\\System\\EiB.exe"="H:\\BrothersInArmsEiB\\System\\EiB.exe:*:Disabled:Brothers In Arms Earned In Blood"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Neil Fagan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-EEBFD2314A
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Neil Fagan
LOGONSERVER=\\YOUR-EEBFD2314A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;c:\matlab6p5\bin\win32;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\NEILFA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\NEILFA~1\LOCALS~1\Temp
USERDOMAIN=YOUR-EEBFD2314A
USERNAME=Neil Fagan
USERPROFILE=C:\Documents and Settings\Neil Fagan
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Neil Fagan (admin)
Lorna
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\FOLDER~1\FOLDER~1.EXE UnInstall
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\SETUP.EXE" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v2.3.3 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
Air France TravelDesk --> "C:\Program Files\Air France TravelDesk\unins000.exe"
Alarm 2.0.0 --> "C:\Program Files\Alarm\unins000.exe"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Asus MiVo Messenger --> "C:\Program Files\Asus\Asus MiVo Messenger\uninstall.exe"
ASUS Splendid Video Enhancement Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe" -l0x9 -removeonly
ASUS WebCam, 1.3M, USB2.0, FF --> C:\WINDOWS\StkUnist.exe
ASUS_1600x1200_white --> C:\Program Files\ASUS_1600x1200_white\uninstall.exe
ASUSDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{A97C3EED-4357-43E1-AA63-DE1C39D86ADF}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
ATK Media --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9
ATK0100 ACPI UTILITY --> C:\WINDOWS\ATK0100\XPunin.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BearShare --> C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
Bluetooth Stack for Windows --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Cheetah Audio Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1914510-38B5-4835-83D8-A188073E542F}\Setup.exe"
CloneDVD 3.9.1 --> "C:\Program Files\CloneDVD\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Disk Index --> MsiExec.exe /X{5AE0C8EF-DED5-11D7-9A3D-00104BB83147}
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drug Lord 2 --> C:\Program Files\Drug Lord 2\druglord2.exe remove
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EphPod --> C:\PROGRA~1\EPHPOD\UNWISE.EXE C:\PROGRA~1\EPHPOD\INSTALL.LOG
EuroTalk Talk Now Plus! --> C:\PROGRA~1\EUROTALK\TALKNO~1\UNWISE.EXE C:\PROGRA~1\EUROTALK\TALKNO~1\INSTALL.LOG
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iDailyDiary 2.11 --> "C:\Program Files\iDailyDiary\unins000.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LifeFrame2 --> MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MATLAB 6.5 --> C:\MATLAB6p5\uninstall\uninstall.exe C:\MATLAB6p5
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft AutoRoute v11.0 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790220}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard - WE 2004 --> MsiExec.exe /I{045A0044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money --> MsiExec.exe /I{1D643CD2-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money System Pack --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works 2004 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
Mihov Picture Downloader 1.4 (remove only) --> "C:\Program Files\Mihov Picture Downloader\uninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Speakerphone Modem --> C:\Program Files\Asus\Asus MiVo Messenger\uninstall.exe /mdm
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (en-GB)"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Premium --> MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1033}
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Power4 Gear --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
REALTEK PCIE NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\SETUP.EXE" -l0x9 REMOVE
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Sniper Elite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A979B2D8-E3EE-4523-A26C-4AF0A6809280}\setup.exe"
Sonic Foundry Sound Forge 6.0 --> MsiExec.exe /I{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tag&Rename 3.1.7 --> "C:\Program Files\TagRename\unins000.exe"
TrueCrypt --> C:\WINDOWS\TrueCrypt Setup.exe /u C:\Program Files\TrueCrypt
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze Launcher --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.getazureu...OBKZJXJ6346AWX"
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 3.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_32E2E448B53EE5B28E074D88802D0BAF984038DA\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe" -l0x9 -removeonly
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN
  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi honkynel,

Please download the following & save to your Desktop:
SDFix
Malwarebytes' Anti-Malware from Here or Here
OTMoveIt2 by OldTimer.


Fix File Associations:
  • Go to Start > Run and type or paste "%userprofile%\desktop\dss.exe" /daft
  • Click on the Scan button.
  • Place a checkmark next to all the entries that appear in red
  • Click the Fix button.
  • Re-scan and save the logfile.
  • Save it as C:\ daft.txt, I'll need that log later.
If everything is ok again, it should display the "all associations ok message"


Run SDFix:
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save it as C:\SDFix\Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Save the entire report as C:\mbam.txt
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Please post me the text from the following as your next reply:
  • C:\ daft.txt
  • C:\SDFix\Report.txt
  • C:\mbam.txt


Cheers,

sage5
  • 0

#5
honkynel

honkynel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
daft.txt

DAFT Log saved on 2008-08-05 11:01:53
-----------------------------------------------------------------------
All associations okay!

report.txt


SDFix: Version 1.212
Run by Neil Fagan on 05/08/2008 at 12:21

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nvrsul32.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 12:30:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Terrapin FTP\\ftp95.exe"="C:\\Program Files\\Terrapin FTP\\ftp95.exe:*:Enabled:Terrapin FTP"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe"="C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe:*:Enabled:Cubis Dx Version"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"
"H:\\Call of Duty Game of the Year Edition\\CoDMP.exe"="H:\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Disabled:CoDMP"
"H:\\BrothersInArmsEiB\\System\\EiB.exe"="H:\\BrothersInArmsEiB\\System\\EiB.exe:*:Disabled:Brothers In Arms Earned In Blood"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 4 Aug 2004 707 A..H. --- "C:\WINDOWS\_default.pif"
Wed 4 Aug 2004 94,784 A..H. --- "C:\WINDOWS\twain.dll"
Wed 4 Aug 2004 49,680 A..H. --- "C:\WINDOWS\twunk_16.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\twunk_32.exe"
Wed 4 Aug 2004 256,192 A..H. --- "C:\WINDOWS\winhelp.exe"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\vmmreg32.dll"
Wed 4 Aug 2004 146,432 A..H. --- "C:\WINDOWS\regedit.exe"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\twain_32.dll"
Wed 4 Aug 2004 283,648 A..H. --- "C:\WINDOWS\winhlp32.exe"
Wed 27 Dec 2006 25,600 A..H. --- "C:\WINDOWS\QStart.exe"
Sun 27 Sep 1998 915,388 A..H. --- "C:\WINDOWS\102.exe"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\NOTEPAD.EXE"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\TASKMAN.EXE"
Fri 27 May 2005 10,752 A..H. --- "C:\WINDOWS\hh.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNRecode.exe"
Tue 21 Mar 2006 544,768 A..H. --- "C:\WINDOWS\sm56hlpr.exe"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56brz.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56chs.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56cht.dll"
Tue 21 Mar 2006 69,632 A..H. --- "C:\WINDOWS\sm56eng.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56fra.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56ger.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56ita.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56jpn.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56esp.dll"
Tue 21 Mar 2006 61,440 A..H. --- "C:\WINDOWS\sm56dnk.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56kor.dll"
Sat 16 Apr 2005 487,424 ...H. --- "C:\WINDOWS\RtlExUpd.dll"
Thu 9 Mar 2006 364,544 ...H. --- "C:\WINDOWS\RtlUpd.exe"
Thu 4 May 2006 9,709,568 ...H. --- "C:\WINDOWS\RTLCPL.exe"
Thu 4 May 2006 86,016 ...H. --- "C:\WINDOWS\SoundMan.exe"
Fri 10 Mar 2006 2,158,592 ...H. --- "C:\WINDOWS\MicCal.exe"
Thu 4 May 2006 16,206,848 ...H. --- "C:\WINDOWS\RTHDCPL.exe"
Thu 4 May 2006 2,808,832 ...H. --- "C:\WINDOWS\alcwzrd.exe"
Tue 3 May 2005 69,632 ...H. --- "C:\WINDOWS\Alcmtr.exe"
Fri 21 Feb 2003 348,160 A..H. --- "C:\WINDOWS\msvcr71.dll"
Tue 7 Jun 2005 98,304 A..H. --- "C:\WINDOWS\Syn112X.exe"
Wed 15 Mar 2006 45,056 A..H. --- "C:\WINDOWS\StkUnist.exe"
Mon 3 Jul 2006 356,864 A..H. --- "C:\WINDOWS\TrueCrypt Setup.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroVision.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroShowTime.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroMediaHome.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroBackItUp.exe"
Tue 1 Aug 1995 212,480 A..H. --- "C:\WINDOWS\PCDLIB32.DLL"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\bootvid.dll"
Wed 4 Aug 2004 7,040 A..H. --- "C:\WINDOWS\system32\kdcom.dll"
Wed 4 Aug 2004 2,560 A..H. --- "C:\WINDOWS\system32\lz32.dll"
Wed 18 Oct 2006 542,720 A..H. --- "C:\WINDOWS\system32\blackbox.dll"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\olesvr32.dll"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\olethk32.dll"
Wed 4 Aug 2004 9,344 A..H. --- "C:\WINDOWS\system32\vga.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdus.dll"
Wed 4 Aug 2004 214,016 A..H. --- "C:\WINDOWS\system32\netevent.dll"
Wed 4 Aug 2004 171,008 A..H. --- "C:\WINDOWS\system32\netmsg.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\clb.dll"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\msxmlr.dll"
Wed 4 Aug 2004 149,019 A..H. --- "C:\WINDOWS\system32\crtdll.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\msidntld.dll"
Wed 4 Aug 2004 47,104 A..H. --- "C:\WINDOWS\system32\mprui.dll"
Wed 4 Aug 2004 308,224 A..H. --- "C:\WINDOWS\system32\netui2.dll"
Wed 4 Aug 2004 51,200 A..H. --- "C:\WINDOWS\system32\dfrgres.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\sort.exe"
Wed 4 Aug 2004 66,560 A..H. --- "C:\WINDOWS\system32\console.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\more.com"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\aaaamon.dll"
Wed 4 Aug 2004 129,536 A..H. --- "C:\WINDOWS\system32\acledit.dll"
Wed 4 Aug 2004 26,112 A..H. --- "C:\WINDOWS\system32\adptif.dll"
Wed 4 Aug 2004 161,792 A..H. --- "C:\WINDOWS\system32\adsnds.dll"
Wed 4 Aug 2004 109,568 A..H. --- "C:\WINDOWS\system32\adsnw.dll"
Wed 4 Aug 2004 9,029 A..H. --- "C:\WINDOWS\system32\ansi.sys"
Wed 4 Aug 2004 102,912 A..H. --- "C:\WINDOWS\system32\apcups.dll"
Wed 4 Aug 2004 12,498 A..H. --- "C:\WINDOWS\system32\append.exe"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\arp.exe"
Wed 4 Aug 2004 32,256 A..H. --- "C:\WINDOWS\system32\asr_ldm.exe"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\atkctrs.dll"
Wed 4 Aug 2004 34,816 A..H. --- "C:\WINDOWS\system32\atmpvcno.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\attrib.exe"
Wed 4 Aug 2004 80,384 A..H. --- "C:\WINDOWS\system32\autodisc.dll"
Wed 4 Aug 2004 69,584 A..H. --- "C:\WINDOWS\system32\avicap.dll"
Wed 4 Aug 2004 64,000 A..H. --- "C:\WINDOWS\system32\avicap32.dll"
Wed 4 Aug 2004 109,456 A..H. --- "C:\WINDOWS\system32\avifile.dll"
Wed 4 Aug 2004 136,704 A..H. --- "C:\WINDOWS\system32\bootcfg.exe"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\bootok.exe"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\bootvrfy.exe"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\cacls.exe"
Wed 4 Aug 2004 142,848 A..H. --- "C:\WINDOWS\system32\capesnpn.dll"
Wed 4 Aug 2004 359,936 A..H. --- "C:\WINDOWS\system32\cards.dll"
Wed 4 Aug 2004 27,648 A..H. --- "C:\WINDOWS\system32\ccfgnt.dll"
Wed 4 Aug 2004 138,752 A..H. --- "C:\WINDOWS\system32\sndvol32.exe"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\chcp.com"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\chkdsk.exe"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\chkntfs.exe"
Wed 4 Aug 2004 163,328 A..H. --- "C:\WINDOWS\system32\ciadmin.dll"
Wed 4 Aug 2004 109,568 A..H. --- "C:\WINDOWS\system32\cic.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\cidaemon.exe"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\ckcnv.exe"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\write.exe"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\cmpbk32.dll"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\cnetcfg.dll"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\cnvfat.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\comcat.dll"
Wed 4 Aug 2004 50,620 A..H. --- "C:\WINDOWS\system32\command.com"
Wed 4 Aug 2004 32,816 A..H. --- "C:\WINDOWS\system32\commdlg.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\comp.exe"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\compact.exe"
Wed 4 Aug 2004 30,160 A..H. --- "C:\WINDOWS\system32\compobj.dll"
Wed 4 Aug 2004 345,600 A..H. --- "C:\WINDOWS\system32\confmsp.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\control.exe"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\convert.exe"
Wed 4 Aug 2004 27,097 A..H. --- "C:\WINDOWS\system32\country.sys"
Wed 4 Aug 2004 73,728 A..H. --- "C:\WINDOWS\system32\csseqchk.dll"
Wed 4 Aug 2004 27,200 A..HR --- "C:\WINDOWS\system32\ctl3dv2.dll"
Wed 4 Aug 2004 436,224 A..H. --- "C:\WINDOWS\system32\d3dim.dll"
Wed 4 Aug 2004 34,816 A..H. --- "C:\WINDOWS\system32\d3dpmesh.dll"
Wed 4 Aug 2004 350,208 A..H. --- "C:\WINDOWS\system32\d3drm.dll"
Wed 4 Aug 2004 47,616 A..H. --- "C:\WINDOWS\system32\d3dxof.dll"
Wed 4 Aug 2004 152,064 A..H. --- "C:\WINDOWS\system32\datime.dll"
Wed 4 Aug 2004 847,872 A..H. --- "C:\WINDOWS\system32\dbgeng.dll"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\ddeml.dll"
Wed 4 Aug 2004 20,634 A..H. --- "C:\WINDOWS\system32\debug.exe"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\deskadp.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\deskmon.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\deskperf.dll"
Wed 4 Aug 2004 370,176 A..H. --- "C:\WINDOWS\system32\dhcpmon.dll"
Wed 4 Aug 2004 74,240 A..H. --- "C:\WINDOWS\system32\dhcpsapi.dll"
Wed 4 Aug 2004 394,240 A..H. --- "C:\WINDOWS\system32\diactfrm.dll"
Wed 4 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\dimap.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\diskcomp.com"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\diskcopy.com"
Wed 4 Aug 2004 1,501,696 A..H. --- "C:\WINDOWS\system32\diskcopy.dll"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\diskperf.exe"
Wed 4 Aug 2004 45,083 A..H. --- "C:\WINDOWS\system32\dispex.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\dllhst3g.exe"
Wed 4 Aug 2004 330,752 A..H. --- "C:\WINDOWS\system32\dmconfig.dll"
Wed 4 Aug 2004 273,920 A..H. --- "C:\WINDOWS\system32\dmdlgs.dll"
Wed 4 Aug 2004 118,784 A..H. --- "C:\WINDOWS\system32\dmdskres.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\dmintf.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\dmocx.dll"
Wed 4 Aug 2004 46,080 A..H. --- "C:\WINDOWS\system32\docprop.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\doskey.exe"
Wed 4 Aug 2004 33,040 A..H. --- "C:\WINDOWS\system32\dplay.dll"
Wed 4 Aug 2004 62,464 A..H. --- "C:\WINDOWS\system32\dpnmodem.dll"
Wed 4 Aug 2004 61,952 A..H. --- "C:\WINDOWS\system32\dpnwsock.dll"
Wed 4 Aug 2004 53,520 A..H. --- "C:\WINDOWS\system32\dpserial.dll"
Wed 4 Aug 2004 42,768 A..H. --- "C:\WINDOWS\system32\dpwsock.dll"
Wed 4 Aug 2004 274,432 A..H. --- "C:\WINDOWS\system32\inetcfg.dll"
Wed 4 Aug 2004 28,112 A..H. --- "C:\WINDOWS\system32\drwatson.exe"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\drwtsn32.exe"
Wed 4 Aug 2004 62,976 A..H. --- "C:\WINDOWS\system32\dsauth.dll"
Wed 4 Aug 2004 144,384 A..H. --- "C:\WINDOWS\system32\dskquoui.dll"
Wed 4 Aug 2004 55,296 A..H. --- "C:\WINDOWS\system32\dvdplay.exe"
Wed 4 Aug 2004 12,642 A..H. --- "C:\WINDOWS\system32\edlin.exe"
Wed 4 Aug 2004 1,114,896 A..H. --- "C:\WINDOWS\system32\esent97.dll"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\esentprf.dll"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\esentutl.exe"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\eventcls.dll"
Wed 4 Aug 2004 8,704 A..H. --- "C:\WINDOWS\system32\eventvwr.exe"
Wed 4 Aug 2004 81,920 A..H. --- "C:\WINDOWS\system32\isign32.dll"
Wed 4 Aug 2004 73,728 A..H. --- "C:\WINDOWS\system32\icwdial.dll"
Wed 4 Aug 2004 8,424 A..H. --- "C:\WINDOWS\system32\exe2bin.exe"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\expand.exe"
Wed 4 Aug 2004 121,856 A..H. --- "C:\WINDOWS\system32\exts.dll"
Wed 4 Aug 2004 882 A..H. --- "C:\WINDOWS\system32\fastopen.exe"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\fc.exe"
Wed 4 Aug 2004 117,760 A..H. --- "C:\WINDOWS\system32\fde.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\find.exe"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\finger.exe"
Wed 4 Aug 2004 3,072 A..H. --- "C:\WINDOWS\system32\fixmapi.exe"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\fmifs.dll"
Tue 26 Jul 2005 101,376 A..H. --- "C:\WINDOWS\system32\txflog.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\forcedos.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\format.com"
Wed 4 Aug 2004 81,408 A..H. --- "C:\WINDOWS\system32\fsusd.dll"
Wed 4 Aug 2004 56,320 A..H. --- "C:\WINDOWS\system32\fsutil.exe"
Wed 4 Aug 2004 176,128 A..H. --- "C:\WINDOWS\system32\ftsrch.dll"
Wed 4 Aug 2004 76,800 A..H. --- "C:\WINDOWS\system32\gcdef.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\gdi.exe"
Wed 4 Aug 2004 55,296 A..H. --- "C:\WINDOWS\system32\getmac.exe"
Wed 4 Aug 2004 285,184 A..H. --- "C:\WINDOWS\system32\glmf32.dll"
Wed 4 Aug 2004 26,112 A..H. --- "C:\WINDOWS\system32\graftabl.com"
Wed 4 Aug 2004 19,694 A..H. --- "C:\WINDOWS\system32\graphics.com"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\help.exe"
Wed 4 Aug 2004 4,768 A..H. --- "C:\WINDOWS\system32\himem.sys"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\hnetmon.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\hostname.exe"
Wed 4 Aug 2004 41,472 A..H. --- "C:\WINDOWS\system32\iasads.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\iasacct.dll"
Wed 4 Aug 2004 32,256 A..H. --- "C:\WINDOWS\system32\iashlpr.dll"
Wed 4 Aug 2004 62,464 A..H. --- "C:\WINDOWS\system32\iasnap.dll"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\iaspolcy.dll"
Wed 4 Aug 2004 141,312 A..H. --- "C:\WINDOWS\system32\iasrecst.dll"
Wed 4 Aug 2004 86,528 A..H. --- "C:\WINDOWS\system32\iassam.dll"
Wed 4 Aug 2004 247,808 A..H. --- "C:\WINDOWS\system32\iassdo.dll"
Wed 4 Aug 2004 59,392 A..H. --- "C:\WINDOWS\system32\iassvcs.dll"
Wed 4 Aug 2004 54,784 A..H. --- "C:\WINDOWS\system32\icmui.dll"
Mon 16 Oct 2006 248,320 A..H. --- "C:\WINDOWS\system32\xpsp3res.dll"
Wed 4 Aug 2004 70,656 A..H. --- "C:\WINDOWS\system32\ifsutil.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\iissuba.dll"
Wed 4 Aug 2004 110,592 A..H. --- "C:\WINDOWS\system32\inetcplc.dll"
Wed 4 Aug 2004 450,560 A..H. --- "C:\WINDOWS\system32\infosoft.dll"
Wed 4 Aug 2004 30,720 A..H. --- "C:\WINDOWS\system32\iologmsg.dll"
Wed 4 Aug 2004 154,112 A..H. --- "C:\WINDOWS\system32\ipmontr.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\iprop.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\iprtprio.dll"
Wed 4 Aug 2004 169,984 A..H. --- "C:\WINDOWS\system32\iprtrmgr.dll"
Wed 4 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\ipsec6.exe"
Wed 4 Aug 2004 83,968 A..H. --- "C:\WINDOWS\system32\ipxmontr.dll"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\ipxpromn.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\ipxrip.dll"
Wed 4 Aug 2004 39,936 A..H. --- "C:\WINDOWS\system32\ipxrtmgr.dll"
Wed 4 Aug 2004 66,560 A..H. --- "C:\WINDOWS\system32\ipxsap.dll"
Wed 4 Aug 2004 20,992 A..H. --- "C:\WINDOWS\system32\ipxwan.dll"
Wed 4 Aug 2004 199,168 A..H. --- "C:\WINDOWS\system32\ir32_32.dll"
Wed 4 Aug 2004 362,496 A..H. --- "C:\WINDOWS\system32\jet500.dll"
Wed 4 Aug 2004 44,544 A..H. --- "C:\WINDOWS\system32\jgaw400.dll"
Fri 21 Jul 2006 72,704 A..H. --- "C:\WINDOWS\system32\hlink.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\jgmd400.dll"
Thu 1 Jun 2006 163,840 A..H. --- "C:\WINDOWS\system32\jgdw400.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\jgsd400.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\jgsh400.dll"
Wed 4 Aug 2004 47,952 A..H. --- "C:\WINDOWS\system32\jobexec.dll"
Wed 4 Aug 2004 14,710 A..H. --- "C:\WINDOWS\system32\kb16.com"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdbe.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdbene.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdbr.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdca.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\kbdcan.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdda.dll"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\kbddv.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdes.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfc.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfi.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfo.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfr.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdgae.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdgr.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdgr1.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdic.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdir.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdit.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdit142.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\kbdla.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdmac.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdne.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdnec95.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdno.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdpo.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdsf.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\kbdsg.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdsp.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdsw.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbduk.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdusl.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdusr.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdusx.dll"
Wed 4 Aug 2004 42,809 A..H. --- "C:\WINDOWS\system32\key01.sys"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\label.exe"
Wed 4 Aug 2004 89,600 A..H. --- "C:\WINDOWS\system32\langwrbk.dll"
Wed 4 Aug 2004 29,696 A..H. --- "C:\WINDOWS\system32\lights.exe"
Wed 4 Aug 2004 1,131 A..H. --- "C:\WINDOWS\system32\loadfix.com"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\lodctr.exe"
Wed 4 Aug 2004 50,176 A..H. --- "C:\WINDOWS\system32\loghours.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\lpq.exe"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\lpr.exe"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\lprmonui.dll"
Wed 4 Aug 2004 9,936 A..H. --- "C:\WINDOWS\system32\lzexpand.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mag_hook.dll"
Wed 4 Aug 2004 112,128 A..H. --- "C:\WINDOWS\system32\mapistub.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\mcd32.dll"
Wed 4 Aug 2004 10,496 A..H. --- "C:\WINDOWS\system32\mcdsrv32.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\mchgrcoi.dll"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\mcicda.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mciole16.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\mciole32.dll"
Wed 4 Aug 2004 50,176 A..H. --- "C:\WINDOWS\system32\mdhcp.dll"
Wed 4 Aug 2004 147,968 A..H. --- "C:\WINDOWS\system32\mdwmdmsp.dll"
Wed 4 Aug 2004 39,274 A..H. --- "C:\WINDOWS\system32\mem.exe"
Wed 4 Aug 2004 924,432 A..H. --- "C:\WINDOWS\system32\mfc40.dll"
Wed 4 Aug 2004 924,432 A..H. --- "C:\WINDOWS\system32\mfc40u.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\mimefilt.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\mll_hp.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\mll_mtf.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\mll_qic.dll"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\mmdrv.dll"
Wed 4 Aug 2004 119,808 A..H. --- "C:\WINDOWS\system32\mmutilse.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\mode.com"
Wed 4 Aug 2004 10,112 A..H. --- "C:\WINDOWS\system32\modex.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mountvol.exe"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\mpnotify.exe"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\mprddm.dll"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\mprdim.dll"
Wed 4 Aug 2004 99,840 A..H. --- "C:\WINDOWS\system32\mprmsg.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\mqcertui.dll"
Wed 4 Aug 2004 60,928 A..H. --- "C:\WINDOWS\system32\mqgentr.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mqperf.dll"
Wed 4 Aug 2004 12,800 A..H. --- "C:\WINDOWS\system32\mrinfo.exe"
Wed 4 Aug 2004 102,912 A..H. --- "C:\WINDOWS\system32\msaatext.dll"
Wed 4 Aug 2004 61,168 A..H. --- "C:\WINDOWS\system32\msacm.dll"
Wed 4 Aug 2004 65,024 A..H. --- "C:\WINDOWS\system32\msaudite.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\mscat32.dll"
Wed 4 Aug 2004 817 A..H. --- "C:\WINDOWS\system32\mscdexnt.exe"
Wed 4 Aug 2004 94,282 A..H. --- "C:\WINDOWS\system32\msencode.dll"
Sat 4 Nov 2006 1,245,696 A..H. --- "C:\WINDOWS\system32\msxml4.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\msobjs.dll"
Wed 4 Aug 2004 41,984 A..H. --- "C:\WINDOWS\system32\msports.dll"
Wed 4 Aug 2004 60,416 A..H. --- "C:\WINDOWS\system32\msratelc.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\mssign32.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\mssip32.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\msswch.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\msswchx.exe"
Wed 4 Aug 2004 1,355,776 A..H. --- "C:\WINDOWS\system32\msvbvm50.dll"
Wed 4 Aug 2004 565,760 A..H. --- "C:\WINDOWS\system32\msvcp50.dll"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\msvidc32.dll"
Wed 4 Aug 2004 126,912 A..H. --- "C:\WINDOWS\system32\msvideo.dll"
Wed 4 Aug 2004 37,916 A..H. --- "C:\WINDOWS\system32\msxml2r.dll"
Wed 4 Aug 2004 44,032 ...H. --- "C:\WINDOWS\system32\msxml3r.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\icwphbk.dll"
Wed 4 Aug 2004 90,112 A..H. --- "C:\WINDOWS\system32\mycomput.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\narrhook.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\nbtstat.exe"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\ncxpnt.dll"
Wed 4 Aug 2004 108,464 A..H. --- "C:\WINDOWS\system32\netapi.dll"
Wed 4 Aug 2004 253,952 A..H. --- "C:\WINDOWS\system32\neth.dll"
Wed 4 Aug 2004 7,052 A..H. --- "C:\WINDOWS\system32\nlsfunc.exe"
Wed 4 Aug 2004 27,866 A..H. --- "C:\WINDOWS\system32\ntdos.sys"
Wed 4 Aug 2004 29,370 A..H. --- "C:\WINDOWS\system32\ntdos411.sys"
Wed 4 Aug 2004 29,274 A..H. --- "C:\WINDOWS\system32\ntdos412.sys"
Wed 4 Aug 2004 29,146 A..H. --- "C:\WINDOWS\system32\ntdos404.sys"
Wed 4 Aug 2004 29,146 A..H. --- "C:\WINDOWS\system32\ntdos804.sys"
Wed 4 Aug 2004 26,112 A..H. --- "C:\WINDOWS\system32\ntdsbcli.dll"
Wed 4 Aug 2004 57,856 A..H. --- "C:\WINDOWS\system32\ntlanui.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\ntlanui2.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\ntmsevt.dll"
Wed 4 Aug 2004 31,744 A..H. --- "C:\WINDOWS\system32\ntsd.exe"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\ntsdexts.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\ntvdmd.dll"
Wed 4 Aug 2004 3,252 A..H. --- "C:\WINDOWS\system32\nw16.exe"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\nwapi16.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\nwcfg.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\nwevent.dll"
Wed 4 Aug 2004 126,464 A..H. --- "C:\WINDOWS\system32\nwscript.exe"
Wed 4 Aug 2004 60,928 A..H. --- "C:\WINDOWS\system32\ocmanage.dll"
Wed 4 Aug 2004 39,744 A..H. --- "C:\WINDOWS\system32\ole2.dll"
Wed 4 Aug 2004 169,520 A..H. --- "C:\WINDOWS\system32\ole2disp.dll"
Wed 4 Aug 2004 153,008 A..H. --- "C:\WINDOWS\system32\ole2nls.dll"
Wed 4 Aug 2004 163,328 A..H. --- "C:\WINDOWS\system32\oleacc.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\oleaccrc.dll"
Wed 4 Aug 2004 82,944 A..H. --- "C:\WINDOWS\system32\olecli.dll"
Wed 4 Aug 2004 117,760 A..H. --- "C:\WINDOWS\system32\oledlg.dll"
Wed 4 Aug 2004 24,064 A..H. --- "C:\WINDOWS\system32\olesvr.dll"
Wed 4 Aug 2004 274,944 A..H. --- "C:\WINDOWS\system32\mstask.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\panmap.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\pathping.exe"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\perfnet.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\perfnw.dll"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\perfts.dll"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\pifmgr.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\ping6.exe"
Thu 17 Aug 2006 132,096 A..H. --- "C:\WINDOWS\system32\wkssvc.dll"
Wed 4 Aug 2004 30,720 A..H. --- "C:\WINDOWS\system32\plustab.dll"
Wed 4 Aug 2004 46,592 A..H. --- "C:\WINDOWS\system32\pmspl.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\prflbmsg.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\print.exe"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\pschdprf.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\psnppagn.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\qosname.dll"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\rasautou.exe"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\rasctrs.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\rasdial.exe"
Wed 4 Aug 2004 143,360 A..H. --- "C:\WINDOWS\system32\rasmontr.dll"
Wed 4 Aug 2004 22,528 A..H. --- "C:\WINDOWS\system32\rasmxs.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\rasrad.dll"
Wed 4 Aug 2004 12,800 A..H. --- "C:\WINDOWS\system32\rasser.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\recover.exe"
Wed 4 Aug 2004 57,344 A..H. --- "C:\WINDOWS\system32\gpupdate.exe"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\regedt32.exe"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\regwiz.exe"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\relog.exe"
Wed 4 Aug 2004 107,520 A..H. --- "C:\WINDOWS\system32\rend.dll"
Wed 4 Aug 2004 12,800 A..H. --- "C:\WINDOWS\system32\replace.exe"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\riched32.dll"
Wed 4 Aug 2004 3,072 A..H. --- "C:\WINDOWS\system32\rnr20.dll"
Wed 4 Aug 2004 19,968 A..H. --- "C:\WINDOWS\system32\route.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\routemon.exe"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\routetab.dll"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\rpcns4.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\rsfsaps.dll"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\rsm.exe"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\rsmsink.exe"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\rsmui.exe"
Wed 4 Aug 2004 62,976 A..H. --- "C:\WINDOWS\system32\rsopprov.exe"
Wed 4 Aug 2004 132,608 A..H. --- "C:\WINDOWS\system32\rsvp.exe"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\rsvpmsg.dll"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\rsvpperf.dll"
Wed 4 Aug 2004 90,112 A..H. --- "C:\WINDOWS\system32\rsvpsp.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\rtm.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\runas.exe"
Wed 4 Aug 2004 31,232 A..H. --- "C:\WINDOWS\system32\sc.exe"
Wed 4 Aug 2004 118,784 A..H. --- "C:\WINDOWS\system32\scardssp.dll"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\scredir.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\scriptpw.dll"
Wed 4 Aug 2004 130,048 A..H. --- "C:\WINDOWS\system32\sdpblb.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\senscfg.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\serialui.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\serwvdrv.dll"
Wed 4 Aug 2004 414,208 A..H. --- "C:\WINDOWS\system32\setupdll.dll"
Wed 4 Aug 2004 11,753 A..H. --- "C:\WINDOWS\system32\setver.exe"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\sfc.exe"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\sfmapi.dll"
Wed 4 Aug 2004 882 A..H. --- "C:\WINDOWS\system32\share.exe"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\shell.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\sisbkup.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\skdll.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\slbrccsp.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\softpub.dll"
Wed 4 Aug 2004 69,632 A..H. --- "C:\WINDOWS\system32\spnike.dll"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\sprestrt.exe"
Wed 4 Aug 2004 70,656 A..H. --- "C:\WINDOWS\system32\sprio600.dll"
Wed 4 Aug 2004 72,192 A..H. --- "C:\WINDOWS\system32\sprio800.dll"
Wed 4 Aug 2004 24,603 A..H. --- "C:\WINDOWS\system32\sqlwid.dll"
Wed 4 Aug 2004 49,179 A..H. --- "C:\WINDOWS\system32\sqlwoa.dll"
Wed 4 Aug 2004 4,208 A..H. --- "C:\WINDOWS\system32\storage.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\streamci.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\subst.exe"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\svcpack.dll"
Wed 4 Aug 2004 138,752 A..H. --- "C:\WINDOWS\system32\swprv.dll"
Wed 4 Aug 2004 51,200 A..H. --- "C:\WINDOWS\system32\syncapp.exe"
Wed 4 Aug 2004 18,896 A..H. --- "C:\WINDOWS\system32\sysedit.exe"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\mstinit.exe"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\sysinv.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\syskey.exe"
Wed 4 Aug 2004 3,072 A..H. --- "C:\WINDOWS\system32\systray.exe"
Wed 4 Aug 2004 19,200 A..H. --- "C:\WINDOWS\system32\tapi.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\tapiperf.dll"
Wed 4 Aug 2004 78,848 A..H. --- "C:\WINDOWS\system32\tapiui.dll"
Wed 4 Aug 2004 72,192 A..H. --- "C:\WINDOWS\system32\taskkill.exe"
Wed 4 Aug 2004 72,192 A..H. --- "C:\WINDOWS\system32\tasklist.exe"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\taskman.exe"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\tcmsetup.exe"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\tcpsvcs.exe"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\tftp.exe"
Wed 4 Aug 2004 13,888 A..H. --- "C:\WINDOWS\system32\toolhelp.dll"
Wed 4 Aug 2004 31,744 A..H. --- "C:\WINDOWS\system32\tracert6.exe"
Wed 4 Aug 2004 31,232 A..H. --- "C:\WINDOWS\system32\traffic.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\tree.com"
Wed 4 Aug 2004 52,224 A..H. --- "C:\WINDOWS\system32\tsappcmp.dll"
Tue 7 Dec 2004 96,768 A..H. --- "C:\WINDOWS\system32\srvsvc.dll"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\tsd32.dll"
Wed 4 Aug 2004 177,856 A..H. --- "C:\WINDOWS\system32\typelib.dll"
Wed 4 Aug 2004 36,352 A..H. --- "C:\WINDOWS\system32\typeperf.exe"
Wed 4 Aug 2004 82,432 A..H. --- "C:\WINDOWS\system32\ufat.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\umdmxfrm.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\unlodctr.exe"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\ureg.dll"
Wed 4 Aug 2004 47,872 A..H. --- "C:\WINDOWS\system32\user.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\utildll.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\vcdex.dll"
Wed 4 Aug 2004 9,008 A..H. --- "C:\WINDOWS\system32\ver.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\verifier.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\verifier.exe"
Wed 4 Aug 2004 20,535 A..H. --- "C:\WINDOWS\system32\vfpodbc.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\vjoy.dll"
Wed 4 Aug 2004 33,792 A..H. --- "C:\WINDOWS\system32\vssadmin.exe"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\vss_ps.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\vwipxspx.dll"
Wed 4 Aug 2004 1,129 A..H. --- "C:\WINDOWS\system32\vwipxspx.exe"
Wed 4 Aug 2004 49,664 A..H. --- "C:\WINDOWS\system32\w32tm.exe"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\w32topl.dll"
Wed 4 Aug 2004 208,896 A..H. --- "C:\WINDOWS\system32\wavemsp.dll"
Wed 4 Aug 2004 40,448 A..H. --- "C:\WINDOWS\system32\webhits.dll"
Wed 4 Aug 2004 145,408 A..H. --- "C:\WINDOWS\system32\wiavusd.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\wifeman.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\win.com"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\win87em.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\winfax.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\winhlp32.exe"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\winmsd.exe"
Wed 4 Aug 2004 2,864 A..H. --- "C:\WINDOWS\system32\winsock.dll"
Wed 4 Aug 2004 2,112 A..H. --- "C:\WINDOWS\system32\winspool.exe"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\winstrm.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\wmiprop.dll"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\wmiscmgr.dll"
Wed 4 Aug 2004 2,736 A..H. --- "C:\WINDOWS\system32\wowdeb.exe"
Wed 4 Aug 2004 10,368 A..H. --- "C:\WINDOWS\system32\wowexec.exe"
Wed 4 Aug 2004 3,200 A..H. --- "C:\WINDOWS\system32\wowfax.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\wowfaxui.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\wshatm.dll"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\wshisn.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\wshnetbs.dll"
Wed 4 Aug 2004 32,256 A..H. --- "C:\WINDOWS\system32\wupdmgr.exe"
Wed 4 Aug 2004 69,886 A..H. --- "C:\WINDOWS\system32\edit.com"
Wed 4 Aug 2004 51,200 A..H. --- "C:\WINDOWS\system32\wmerrenu.dll"
Wed 4 Aug 2004 27,136 A..H. --- "C:\WINDOWS\system32\ctl3d32.dll"
Wed 4 Aug 2004 590,336 A..H. --- "C:\WINDOWS\system32\d3dramp.dll"
Wed 2 Mar 2005 577,024 A..H. --- "C:\WINDOWS\system32\user32.dll"
Wed 4 Aug 2004 51,712 A..H. --- "C:\WINDOWS\system32\migpwd.exe"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\lnkstub.exe"
Wed 4 Aug 2004 69,632 A..H. --- "C:\WINDOWS\system32\msr2c.dll"
Wed 4 Aug 2004 73,802 A..H. --- "C:\WINDOWS\system32\msrclr40.dll"
Wed 4 Aug 2004 28,746 A..H. --- "C:\WINDOWS\system32\msrecr40.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\msr2cenu.dll"
Wed 4 Aug 2004 253,952 A..H. --- "C:\WINDOWS\system32\msvcrt20.dll"
Wed 4 Aug 2004 157,696 A..H. --- "C:\WINDOWS\system32\paqsp.dll"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\pentnt.exe"
Wed 4 Aug 2004 61,500 A..H. --- "C:\WINDOWS\system32\usrcntra.dll"
Wed 4 Aug 2004 69,699 A..H. --- "C:\WINDOWS\system32\usrcoina.dll"
Wed 4 Aug 2004 77,890 A..H. --- "C:\WINDOWS\system32\usrdpa.dll"
Wed 4 Aug 2004 323,641 A..H. --- "C:\WINDOWS\system32\usrdtea.dll"
Wed 4 Aug 2004 86,073 A..H. --- "C:\WINDOWS\system32\usrfaxa.dll"
Wed 4 Aug 2004 53,305 A..H. --- "C:\WINDOWS\system32\usrlbva.dll"
Wed 4 Aug 2004 77,891 A..H. --- "C:\WINDOWS\system32\usrmlnka.exe"
Wed 4 Aug 2004 61,508 A..H. --- "C:\WINDOWS\system32\usrprbda.exe"
Wed 4 Aug 2004 77,883 A..H. --- "C:\WINDOWS\system32\usrrtosa.dll"
Wed 4 Aug 2004 49,211 A..H. --- "C:\WINDOWS\system32\usrsdpia.dll"
Wed 4 Aug 2004 69,700 A..H. --- "C:\WINDOWS\system32\usrshuta.exe"
Wed 4 Aug 2004 41,019 A..H. --- "C:\WINDOWS\system32\usrsvpia.dll"
Wed 4 Aug 2004 102,457 A..H. --- "C:\WINDOWS\system32\usrv42a.dll"
Wed 4 Aug 2004 49,209 A..H. --- "C:\WINDOWS\system32\usrv80a.dll"
Wed 4 Aug 2004 45,116 A..H. --- "C:\WINDOWS\system32\usrvoica.dll"
Wed 4 Aug 2004 49,211 A..H. --- "C:\WINDOWS\system32\usrvpa.dll"
Wed 4 Aug 2004 40,448 A..H. --- "C:\WINDOWS\system32\osuninst.exe"
Wed 4 Aug 2004 51,456 A..H. --- "C:\WINDOWS\system32\vga256.dll"
Wed 4 Aug 2004 18,176 A..H. --- "C:\WINDOWS\system32\vga64k.dll"
Wed 4 Aug 2004 708,096 A..H. --- "C:\WINDOWS\system32\ntdll.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\smss.exe"
Wed 4 Aug 2004 588,800 A..H. --- "C:\WINDOWS\system32\autochk.exe"
Wed 4 Aug 2004 1,580,544 A..H. --- "C:\WINDOWS\system32\sfcfiles.dll"
Wed 4 Aug 2004 616,960 A..H. --- "C:\WINDOWS\system32\advapi32.dll"
Wed 4 Aug 2004 276,992 A..H. --- "C:\WINDOWS\system32\comdlg32.dll"
Wed 4 Aug 2004 144,384 A..H. --- "C:\WINDOWS\system32\imagehlp.dll"
Wed 29 Jun 2005 74,240 A..H. --- "C:\WINDOWS\system32\mscms.dll"
Wed 4 Aug 2004 553,472 A..H. --- "C:\WINDOWS\system32\oleaut32.dll"
Wed 4 Aug 2004 581,120 A..H. --- "C:\WINDOWS\system32\rpcrt4.dll"
Thu 17 Aug 2006 721,920 A..H. --- "C:\WINDOWS\system32\lsasrv.dll"
Tue 12 Apr 2005 159,744 A..H. --- "C:\WINDOWS\system32\WmJoyFrc.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\version.dll"
Wed 4 Aug 2004 172,032 A..H. --- "C:\WINDOWS\system32\wldap32.dll"
Wed 13 Sep 2006 1,084,416 ...H. --- "C:\WINDOWS\system32\msxml3.dll"
Wed 4 Aug 2004 343,040 A..H. --- "C:\WINDOWS\system32\msvcrt.dll"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\mpr.dll"
Wed 4 Aug 2004 419,840 A..H. --- "C:\WINDOWS\system32\ntvdm.exe"
Wed 4 Aug 2004 264,192 A..H. --- "C:\WINDOWS\system32\wow32.dll"
Wed 4 Aug 2004 597,504 A..H. --- "C:\WINDOWS\system32\crypt32.dll"
Wed 4 Aug 2004 723,456 A..H. --- "C:\WINDOWS\system32\userenv.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\WINDOWS\system32\msasn1.dll"
Wed 2 Mar 2005 56,832 A..H. --- "C:\WINDOWS\system32\authz.dll"
Wed 4 Aug 2004 17,664 A..H. --- "C:\WINDOWS\system32\watchdog.sys"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\csrss.exe"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\csrsrv.dll"
Wed 4 Aug 2004 52,736 A..H. --- "C:\WINDOWS\system32\basesrv.dll"
Mon 4 Sep 2006 1,497,088 A..H. --- "C:\WINDOWS\system32\shdocvw.dll"
Wed 4 Aug 2004 502,272 A..H. --- "C:\WINDOWS\system32\winlogon.exe"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\nddeapi.dll"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\secur32.dll"
Wed 4 Aug 2004 53,76
  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
The SDFix log got cut off at

Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\secur32.dll"
Wed 4 Aug 2004 53,76


Can you post me the rest of that log?
Is there a lot more of it?
  • 0

#7
honkynel

honkynel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
sorry about that here is it all.



SDFix: Version 1.212
Run by Neil Fagan on 05/08/2008 at 12:21

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nvrsul32.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 12:30:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Terrapin FTP\\ftp95.exe"="C:\\Program Files\\Terrapin FTP\\ftp95.exe:*:Enabled:Terrapin FTP"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe"="C:\\Program Files\\FreshGames\\Cubis Gold\\CubisGold.exe:*:Enabled:Cubis Dx Version"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"
"H:\\Call of Duty Game of the Year Edition\\CoDMP.exe"="H:\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Disabled:CoDMP"
"H:\\BrothersInArmsEiB\\System\\EiB.exe"="H:\\BrothersInArmsEiB\\System\\EiB.exe:*:Disabled:Brothers In Arms Earned In Blood"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 4 Aug 2004 707 A..H. --- "C:\WINDOWS\_default.pif"
Wed 4 Aug 2004 94,784 A..H. --- "C:\WINDOWS\twain.dll"
Wed 4 Aug 2004 49,680 A..H. --- "C:\WINDOWS\twunk_16.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\twunk_32.exe"
Wed 4 Aug 2004 256,192 A..H. --- "C:\WINDOWS\winhelp.exe"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\vmmreg32.dll"
Wed 4 Aug 2004 146,432 A..H. --- "C:\WINDOWS\regedit.exe"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\twain_32.dll"
Wed 4 Aug 2004 283,648 A..H. --- "C:\WINDOWS\winhlp32.exe"
Wed 27 Dec 2006 25,600 A..H. --- "C:\WINDOWS\QStart.exe"
Sun 27 Sep 1998 915,388 A..H. --- "C:\WINDOWS\102.exe"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\NOTEPAD.EXE"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\TASKMAN.EXE"
Fri 27 May 2005 10,752 A..H. --- "C:\WINDOWS\hh.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNRecode.exe"
Tue 21 Mar 2006 544,768 A..H. --- "C:\WINDOWS\sm56hlpr.exe"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56brz.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56chs.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56cht.dll"
Tue 21 Mar 2006 69,632 A..H. --- "C:\WINDOWS\sm56eng.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56fra.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56ger.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56ita.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56jpn.dll"
Tue 21 Mar 2006 65,536 A..H. --- "C:\WINDOWS\sm56esp.dll"
Tue 21 Mar 2006 61,440 A..H. --- "C:\WINDOWS\sm56dnk.dll"
Tue 21 Mar 2006 53,248 A..H. --- "C:\WINDOWS\sm56kor.dll"
Sat 16 Apr 2005 487,424 ...H. --- "C:\WINDOWS\RtlExUpd.dll"
Thu 9 Mar 2006 364,544 ...H. --- "C:\WINDOWS\RtlUpd.exe"
Thu 4 May 2006 9,709,568 ...H. --- "C:\WINDOWS\RTLCPL.exe"
Thu 4 May 2006 86,016 ...H. --- "C:\WINDOWS\SoundMan.exe"
Fri 10 Mar 2006 2,158,592 ...H. --- "C:\WINDOWS\MicCal.exe"
Thu 4 May 2006 16,206,848 ...H. --- "C:\WINDOWS\RTHDCPL.exe"
Thu 4 May 2006 2,808,832 ...H. --- "C:\WINDOWS\alcwzrd.exe"
Tue 3 May 2005 69,632 ...H. --- "C:\WINDOWS\Alcmtr.exe"
Fri 21 Feb 2003 348,160 A..H. --- "C:\WINDOWS\msvcr71.dll"
Tue 7 Jun 2005 98,304 A..H. --- "C:\WINDOWS\Syn112X.exe"
Wed 15 Mar 2006 45,056 A..H. --- "C:\WINDOWS\StkUnist.exe"
Mon 3 Jul 2006 356,864 A..H. --- "C:\WINDOWS\TrueCrypt Setup.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroVision.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroShowTime.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroMediaHome.exe"
Mon 12 Sep 2005 233,472 A..H. --- "C:\WINDOWS\UNNeroBackItUp.exe"
Tue 1 Aug 1995 212,480 A..H. --- "C:\WINDOWS\PCDLIB32.DLL"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\bootvid.dll"
Wed 4 Aug 2004 7,040 A..H. --- "C:\WINDOWS\system32\kdcom.dll"
Wed 4 Aug 2004 2,560 A..H. --- "C:\WINDOWS\system32\lz32.dll"
Wed 18 Oct 2006 542,720 A..H. --- "C:\WINDOWS\system32\blackbox.dll"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\olesvr32.dll"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\olethk32.dll"
Wed 4 Aug 2004 9,344 A..H. --- "C:\WINDOWS\system32\vga.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdus.dll"
Wed 4 Aug 2004 214,016 A..H. --- "C:\WINDOWS\system32\netevent.dll"
Wed 4 Aug 2004 171,008 A..H. --- "C:\WINDOWS\system32\netmsg.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\clb.dll"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\msxmlr.dll"
Wed 4 Aug 2004 149,019 A..H. --- "C:\WINDOWS\system32\crtdll.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\msidntld.dll"
Wed 4 Aug 2004 47,104 A..H. --- "C:\WINDOWS\system32\mprui.dll"
Wed 4 Aug 2004 308,224 A..H. --- "C:\WINDOWS\system32\netui2.dll"
Wed 4 Aug 2004 51,200 A..H. --- "C:\WINDOWS\system32\dfrgres.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\sort.exe"
Wed 4 Aug 2004 66,560 A..H. --- "C:\WINDOWS\system32\console.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\more.com"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\aaaamon.dll"
Wed 4 Aug 2004 129,536 A..H. --- "C:\WINDOWS\system32\acledit.dll"
Wed 4 Aug 2004 26,112 A..H. --- "C:\WINDOWS\system32\adptif.dll"
Wed 4 Aug 2004 161,792 A..H. --- "C:\WINDOWS\system32\adsnds.dll"
Wed 4 Aug 2004 109,568 A..H. --- "C:\WINDOWS\system32\adsnw.dll"
Wed 4 Aug 2004 9,029 A..H. --- "C:\WINDOWS\system32\ansi.sys"
Wed 4 Aug 2004 102,912 A..H. --- "C:\WINDOWS\system32\apcups.dll"
Wed 4 Aug 2004 12,498 A..H. --- "C:\WINDOWS\system32\append.exe"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\arp.exe"
Wed 4 Aug 2004 32,256 A..H. --- "C:\WINDOWS\system32\asr_ldm.exe"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\atkctrs.dll"
Wed 4 Aug 2004 34,816 A..H. --- "C:\WINDOWS\system32\atmpvcno.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\attrib.exe"
Wed 4 Aug 2004 80,384 A..H. --- "C:\WINDOWS\system32\autodisc.dll"
Wed 4 Aug 2004 69,584 A..H. --- "C:\WINDOWS\system32\avicap.dll"
Wed 4 Aug 2004 64,000 A..H. --- "C:\WINDOWS\system32\avicap32.dll"
Wed 4 Aug 2004 109,456 A..H. --- "C:\WINDOWS\system32\avifile.dll"
Wed 4 Aug 2004 136,704 A..H. --- "C:\WINDOWS\system32\bootcfg.exe"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\bootok.exe"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\bootvrfy.exe"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\cacls.exe"
Wed 4 Aug 2004 142,848 A..H. --- "C:\WINDOWS\system32\capesnpn.dll"
Wed 4 Aug 2004 359,936 A..H. --- "C:\WINDOWS\system32\cards.dll"
Wed 4 Aug 2004 27,648 A..H. --- "C:\WINDOWS\system32\ccfgnt.dll"
Wed 4 Aug 2004 138,752 A..H. --- "C:\WINDOWS\system32\sndvol32.exe"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\chcp.com"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\chkdsk.exe"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\chkntfs.exe"
Wed 4 Aug 2004 163,328 A..H. --- "C:\WINDOWS\system32\ciadmin.dll"
Wed 4 Aug 2004 109,568 A..H. --- "C:\WINDOWS\system32\cic.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\cidaemon.exe"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\ckcnv.exe"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\write.exe"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\cmpbk32.dll"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\cnetcfg.dll"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\cnvfat.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\comcat.dll"
Wed 4 Aug 2004 50,620 A..H. --- "C:\WINDOWS\system32\command.com"
Wed 4 Aug 2004 32,816 A..H. --- "C:\WINDOWS\system32\commdlg.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\comp.exe"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\compact.exe"
Wed 4 Aug 2004 30,160 A..H. --- "C:\WINDOWS\system32\compobj.dll"
Wed 4 Aug 2004 345,600 A..H. --- "C:\WINDOWS\system32\confmsp.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\control.exe"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\convert.exe"
Wed 4 Aug 2004 27,097 A..H. --- "C:\WINDOWS\system32\country.sys"
Wed 4 Aug 2004 73,728 A..H. --- "C:\WINDOWS\system32\csseqchk.dll"
Wed 4 Aug 2004 27,200 A..HR --- "C:\WINDOWS\system32\ctl3dv2.dll"
Wed 4 Aug 2004 436,224 A..H. --- "C:\WINDOWS\system32\d3dim.dll"
Wed 4 Aug 2004 34,816 A..H. --- "C:\WINDOWS\system32\d3dpmesh.dll"
Wed 4 Aug 2004 350,208 A..H. --- "C:\WINDOWS\system32\d3drm.dll"
Wed 4 Aug 2004 47,616 A..H. --- "C:\WINDOWS\system32\d3dxof.dll"
Wed 4 Aug 2004 152,064 A..H. --- "C:\WINDOWS\system32\datime.dll"
Wed 4 Aug 2004 847,872 A..H. --- "C:\WINDOWS\system32\dbgeng.dll"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\ddeml.dll"
Wed 4 Aug 2004 20,634 A..H. --- "C:\WINDOWS\system32\debug.exe"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\deskadp.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\deskmon.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\deskperf.dll"
Wed 4 Aug 2004 370,176 A..H. --- "C:\WINDOWS\system32\dhcpmon.dll"
Wed 4 Aug 2004 74,240 A..H. --- "C:\WINDOWS\system32\dhcpsapi.dll"
Wed 4 Aug 2004 394,240 A..H. --- "C:\WINDOWS\system32\diactfrm.dll"
Wed 4 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\dimap.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\diskcomp.com"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\diskcopy.com"
Wed 4 Aug 2004 1,501,696 A..H. --- "C:\WINDOWS\system32\diskcopy.dll"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\diskperf.exe"
Wed 4 Aug 2004 45,083 A..H. --- "C:\WINDOWS\system32\dispex.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\dllhst3g.exe"
Wed 4 Aug 2004 330,752 A..H. --- "C:\WINDOWS\system32\dmconfig.dll"
Wed 4 Aug 2004 273,920 A..H. --- "C:\WINDOWS\system32\dmdlgs.dll"
Wed 4 Aug 2004 118,784 A..H. --- "C:\WINDOWS\system32\dmdskres.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\dmintf.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\dmocx.dll"
Wed 4 Aug 2004 46,080 A..H. --- "C:\WINDOWS\system32\docprop.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\doskey.exe"
Wed 4 Aug 2004 33,040 A..H. --- "C:\WINDOWS\system32\dplay.dll"
Wed 4 Aug 2004 62,464 A..H. --- "C:\WINDOWS\system32\dpnmodem.dll"
Wed 4 Aug 2004 61,952 A..H. --- "C:\WINDOWS\system32\dpnwsock.dll"
Wed 4 Aug 2004 53,520 A..H. --- "C:\WINDOWS\system32\dpserial.dll"
Wed 4 Aug 2004 42,768 A..H. --- "C:\WINDOWS\system32\dpwsock.dll"
Wed 4 Aug 2004 274,432 A..H. --- "C:\WINDOWS\system32\inetcfg.dll"
Wed 4 Aug 2004 28,112 A..H. --- "C:\WINDOWS\system32\drwatson.exe"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\drwtsn32.exe"
Wed 4 Aug 2004 62,976 A..H. --- "C:\WINDOWS\system32\dsauth.dll"
Wed 4 Aug 2004 144,384 A..H. --- "C:\WINDOWS\system32\dskquoui.dll"
Wed 4 Aug 2004 55,296 A..H. --- "C:\WINDOWS\system32\dvdplay.exe"
Wed 4 Aug 2004 12,642 A..H. --- "C:\WINDOWS\system32\edlin.exe"
Wed 4 Aug 2004 1,114,896 A..H. --- "C:\WINDOWS\system32\esent97.dll"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\esentprf.dll"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\esentutl.exe"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\eventcls.dll"
Wed 4 Aug 2004 8,704 A..H. --- "C:\WINDOWS\system32\eventvwr.exe"
Wed 4 Aug 2004 81,920 A..H. --- "C:\WINDOWS\system32\isign32.dll"
Wed 4 Aug 2004 73,728 A..H. --- "C:\WINDOWS\system32\icwdial.dll"
Wed 4 Aug 2004 8,424 A..H. --- "C:\WINDOWS\system32\exe2bin.exe"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\expand.exe"
Wed 4 Aug 2004 121,856 A..H. --- "C:\WINDOWS\system32\exts.dll"
Wed 4 Aug 2004 882 A..H. --- "C:\WINDOWS\system32\fastopen.exe"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\fc.exe"
Wed 4 Aug 2004 117,760 A..H. --- "C:\WINDOWS\system32\fde.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\find.exe"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\finger.exe"
Wed 4 Aug 2004 3,072 A..H. --- "C:\WINDOWS\system32\fixmapi.exe"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\fmifs.dll"
Tue 26 Jul 2005 101,376 A..H. --- "C:\WINDOWS\system32\txflog.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\forcedos.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\format.com"
Wed 4 Aug 2004 81,408 A..H. --- "C:\WINDOWS\system32\fsusd.dll"
Wed 4 Aug 2004 56,320 A..H. --- "C:\WINDOWS\system32\fsutil.exe"
Wed 4 Aug 2004 176,128 A..H. --- "C:\WINDOWS\system32\ftsrch.dll"
Wed 4 Aug 2004 76,800 A..H. --- "C:\WINDOWS\system32\gcdef.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\gdi.exe"
Wed 4 Aug 2004 55,296 A..H. --- "C:\WINDOWS\system32\getmac.exe"
Wed 4 Aug 2004 285,184 A..H. --- "C:\WINDOWS\system32\glmf32.dll"
Wed 4 Aug 2004 26,112 A..H. --- "C:\WINDOWS\system32\graftabl.com"
Wed 4 Aug 2004 19,694 A..H. --- "C:\WINDOWS\system32\graphics.com"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\help.exe"
Wed 4 Aug 2004 4,768 A..H. --- "C:\WINDOWS\system32\himem.sys"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\hnetmon.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\hostname.exe"
Wed 4 Aug 2004 41,472 A..H. --- "C:\WINDOWS\system32\iasads.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\iasacct.dll"
Wed 4 Aug 2004 32,256 A..H. --- "C:\WINDOWS\system32\iashlpr.dll"
Wed 4 Aug 2004 62,464 A..H. --- "C:\WINDOWS\system32\iasnap.dll"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\iaspolcy.dll"
Wed 4 Aug 2004 141,312 A..H. --- "C:\WINDOWS\system32\iasrecst.dll"
Wed 4 Aug 2004 86,528 A..H. --- "C:\WINDOWS\system32\iassam.dll"
Wed 4 Aug 2004 247,808 A..H. --- "C:\WINDOWS\system32\iassdo.dll"
Wed 4 Aug 2004 59,392 A..H. --- "C:\WINDOWS\system32\iassvcs.dll"
Wed 4 Aug 2004 54,784 A..H. --- "C:\WINDOWS\system32\icmui.dll"
Mon 16 Oct 2006 248,320 A..H. --- "C:\WINDOWS\system32\xpsp3res.dll"
Wed 4 Aug 2004 70,656 A..H. --- "C:\WINDOWS\system32\ifsutil.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\iissuba.dll"
Wed 4 Aug 2004 110,592 A..H. --- "C:\WINDOWS\system32\inetcplc.dll"
Wed 4 Aug 2004 450,560 A..H. --- "C:\WINDOWS\system32\infosoft.dll"
Wed 4 Aug 2004 30,720 A..H. --- "C:\WINDOWS\system32\iologmsg.dll"
Wed 4 Aug 2004 154,112 A..H. --- "C:\WINDOWS\system32\ipmontr.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\iprop.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\iprtprio.dll"
Wed 4 Aug 2004 169,984 A..H. --- "C:\WINDOWS\system32\iprtrmgr.dll"
Wed 4 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\ipsec6.exe"
Wed 4 Aug 2004 83,968 A..H. --- "C:\WINDOWS\system32\ipxmontr.dll"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\ipxpromn.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\ipxrip.dll"
Wed 4 Aug 2004 39,936 A..H. --- "C:\WINDOWS\system32\ipxrtmgr.dll"
Wed 4 Aug 2004 66,560 A..H. --- "C:\WINDOWS\system32\ipxsap.dll"
Wed 4 Aug 2004 20,992 A..H. --- "C:\WINDOWS\system32\ipxwan.dll"
Wed 4 Aug 2004 199,168 A..H. --- "C:\WINDOWS\system32\ir32_32.dll"
Wed 4 Aug 2004 362,496 A..H. --- "C:\WINDOWS\system32\jet500.dll"
Wed 4 Aug 2004 44,544 A..H. --- "C:\WINDOWS\system32\jgaw400.dll"
Fri 21 Jul 2006 72,704 A..H. --- "C:\WINDOWS\system32\hlink.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\jgmd400.dll"
Thu 1 Jun 2006 163,840 A..H. --- "C:\WINDOWS\system32\jgdw400.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\jgsd400.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\jgsh400.dll"
Wed 4 Aug 2004 47,952 A..H. --- "C:\WINDOWS\system32\jobexec.dll"
Wed 4 Aug 2004 14,710 A..H. --- "C:\WINDOWS\system32\kb16.com"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdbe.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdbene.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdbr.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdca.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\kbdcan.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdda.dll"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\kbddv.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdes.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfc.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfi.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfo.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdfr.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdgae.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdgr.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdgr1.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdic.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdir.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdit.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdit142.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\kbdla.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdmac.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdne.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdnec95.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdno.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdpo.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdsf.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\kbdsg.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdsp.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdsw.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbduk.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdusl.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdusr.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdusx.dll"
Wed 4 Aug 2004 42,809 A..H. --- "C:\WINDOWS\system32\key01.sys"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\label.exe"
Wed 4 Aug 2004 89,600 A..H. --- "C:\WINDOWS\system32\langwrbk.dll"
Wed 4 Aug 2004 29,696 A..H. --- "C:\WINDOWS\system32\lights.exe"
Wed 4 Aug 2004 1,131 A..H. --- "C:\WINDOWS\system32\loadfix.com"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\lodctr.exe"
Wed 4 Aug 2004 50,176 A..H. --- "C:\WINDOWS\system32\loghours.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\lpq.exe"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\lpr.exe"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\lprmonui.dll"
Wed 4 Aug 2004 9,936 A..H. --- "C:\WINDOWS\system32\lzexpand.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mag_hook.dll"
Wed 4 Aug 2004 112,128 A..H. --- "C:\WINDOWS\system32\mapistub.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\mcd32.dll"
Wed 4 Aug 2004 10,496 A..H. --- "C:\WINDOWS\system32\mcdsrv32.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\mchgrcoi.dll"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\mcicda.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mciole16.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\mciole32.dll"
Wed 4 Aug 2004 50,176 A..H. --- "C:\WINDOWS\system32\mdhcp.dll"
Wed 4 Aug 2004 147,968 A..H. --- "C:\WINDOWS\system32\mdwmdmsp.dll"
Wed 4 Aug 2004 39,274 A..H. --- "C:\WINDOWS\system32\mem.exe"
Wed 4 Aug 2004 924,432 A..H. --- "C:\WINDOWS\system32\mfc40.dll"
Wed 4 Aug 2004 924,432 A..H. --- "C:\WINDOWS\system32\mfc40u.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\mimefilt.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\mll_hp.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\mll_mtf.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\mll_qic.dll"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\mmdrv.dll"
Wed 4 Aug 2004 119,808 A..H. --- "C:\WINDOWS\system32\mmutilse.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\mode.com"
Wed 4 Aug 2004 10,112 A..H. --- "C:\WINDOWS\system32\modex.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mountvol.exe"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\mpnotify.exe"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\mprddm.dll"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\mprdim.dll"
Wed 4 Aug 2004 99,840 A..H. --- "C:\WINDOWS\system32\mprmsg.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\mqcertui.dll"
Wed 4 Aug 2004 60,928 A..H. --- "C:\WINDOWS\system32\mqgentr.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\mqperf.dll"
Wed 4 Aug 2004 12,800 A..H. --- "C:\WINDOWS\system32\mrinfo.exe"
Wed 4 Aug 2004 102,912 A..H. --- "C:\WINDOWS\system32\msaatext.dll"
Wed 4 Aug 2004 61,168 A..H. --- "C:\WINDOWS\system32\msacm.dll"
Wed 4 Aug 2004 65,024 A..H. --- "C:\WINDOWS\system32\msaudite.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\mscat32.dll"
Wed 4 Aug 2004 817 A..H. --- "C:\WINDOWS\system32\mscdexnt.exe"
Wed 4 Aug 2004 94,282 A..H. --- "C:\WINDOWS\system32\msencode.dll"
Sat 4 Nov 2006 1,245,696 A..H. --- "C:\WINDOWS\system32\msxml4.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\msobjs.dll"
Wed 4 Aug 2004 41,984 A..H. --- "C:\WINDOWS\system32\msports.dll"
Wed 4 Aug 2004 60,416 A..H. --- "C:\WINDOWS\system32\msratelc.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\mssign32.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\mssip32.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\msswch.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\msswchx.exe"
Wed 4 Aug 2004 1,355,776 A..H. --- "C:\WINDOWS\system32\msvbvm50.dll"
Wed 4 Aug 2004 565,760 A..H. --- "C:\WINDOWS\system32\msvcp50.dll"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\msvidc32.dll"
Wed 4 Aug 2004 126,912 A..H. --- "C:\WINDOWS\system32\msvideo.dll"
Wed 4 Aug 2004 37,916 A..H. --- "C:\WINDOWS\system32\msxml2r.dll"
Wed 4 Aug 2004 44,032 ...H. --- "C:\WINDOWS\system32\msxml3r.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\icwphbk.dll"
Wed 4 Aug 2004 90,112 A..H. --- "C:\WINDOWS\system32\mycomput.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\narrhook.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\nbtstat.exe"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\ncxpnt.dll"
Wed 4 Aug 2004 108,464 A..H. --- "C:\WINDOWS\system32\netapi.dll"
Wed 4 Aug 2004 253,952 A..H. --- "C:\WINDOWS\system32\neth.dll"
Wed 4 Aug 2004 7,052 A..H. --- "C:\WINDOWS\system32\nlsfunc.exe"
Wed 4 Aug 2004 27,866 A..H. --- "C:\WINDOWS\system32\ntdos.sys"
Wed 4 Aug 2004 29,370 A..H. --- "C:\WINDOWS\system32\ntdos411.sys"
Wed 4 Aug 2004 29,274 A..H. --- "C:\WINDOWS\system32\ntdos412.sys"
Wed 4 Aug 2004 29,146 A..H. --- "C:\WINDOWS\system32\ntdos404.sys"
Wed 4 Aug 2004 29,146 A..H. --- "C:\WINDOWS\system32\ntdos804.sys"
Wed 4 Aug 2004 26,112 A..H. --- "C:\WINDOWS\system32\ntdsbcli.dll"
Wed 4 Aug 2004 57,856 A..H. --- "C:\WINDOWS\system32\ntlanui.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\ntlanui2.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\ntmsevt.dll"
Wed 4 Aug 2004 31,744 A..H. --- "C:\WINDOWS\system32\ntsd.exe"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\ntsdexts.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\ntvdmd.dll"
Wed 4 Aug 2004 3,252 A..H. --- "C:\WINDOWS\system32\nw16.exe"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\nwapi16.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\nwcfg.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\nwevent.dll"
Wed 4 Aug 2004 126,464 A..H. --- "C:\WINDOWS\system32\nwscript.exe"
Wed 4 Aug 2004 60,928 A..H. --- "C:\WINDOWS\system32\ocmanage.dll"
Wed 4 Aug 2004 39,744 A..H. --- "C:\WINDOWS\system32\ole2.dll"
Wed 4 Aug 2004 169,520 A..H. --- "C:\WINDOWS\system32\ole2disp.dll"
Wed 4 Aug 2004 153,008 A..H. --- "C:\WINDOWS\system32\ole2nls.dll"
Wed 4 Aug 2004 163,328 A..H. --- "C:\WINDOWS\system32\oleacc.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\oleaccrc.dll"
Wed 4 Aug 2004 82,944 A..H. --- "C:\WINDOWS\system32\olecli.dll"
Wed 4 Aug 2004 117,760 A..H. --- "C:\WINDOWS\system32\oledlg.dll"
Wed 4 Aug 2004 24,064 A..H. --- "C:\WINDOWS\system32\olesvr.dll"
Wed 4 Aug 2004 274,944 A..H. --- "C:\WINDOWS\system32\mstask.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\panmap.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\pathping.exe"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\perfnet.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\perfnw.dll"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\perfts.dll"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\pifmgr.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\ping6.exe"
Thu 17 Aug 2006 132,096 A..H. --- "C:\WINDOWS\system32\wkssvc.dll"
Wed 4 Aug 2004 30,720 A..H. --- "C:\WINDOWS\system32\plustab.dll"
Wed 4 Aug 2004 46,592 A..H. --- "C:\WINDOWS\system32\pmspl.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\prflbmsg.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\print.exe"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\pschdprf.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\psnppagn.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\qosname.dll"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\rasautou.exe"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\rasctrs.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\rasdial.exe"
Wed 4 Aug 2004 143,360 A..H. --- "C:\WINDOWS\system32\rasmontr.dll"
Wed 4 Aug 2004 22,528 A..H. --- "C:\WINDOWS\system32\rasmxs.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\rasrad.dll"
Wed 4 Aug 2004 12,800 A..H. --- "C:\WINDOWS\system32\rasser.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\recover.exe"
Wed 4 Aug 2004 57,344 A..H. --- "C:\WINDOWS\system32\gpupdate.exe"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\regedt32.exe"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\regwiz.exe"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\relog.exe"
Wed 4 Aug 2004 107,520 A..H. --- "C:\WINDOWS\system32\rend.dll"
Wed 4 Aug 2004 12,800 A..H. --- "C:\WINDOWS\system32\replace.exe"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\riched32.dll"
Wed 4 Aug 2004 3,072 A..H. --- "C:\WINDOWS\system32\rnr20.dll"
Wed 4 Aug 2004 19,968 A..H. --- "C:\WINDOWS\system32\route.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\routemon.exe"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\routetab.dll"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\rpcns4.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\rsfsaps.dll"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\rsm.exe"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\rsmsink.exe"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\rsmui.exe"
Wed 4 Aug 2004 62,976 A..H. --- "C:\WINDOWS\system32\rsopprov.exe"
Wed 4 Aug 2004 132,608 A..H. --- "C:\WINDOWS\system32\rsvp.exe"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\rsvpmsg.dll"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\rsvpperf.dll"
Wed 4 Aug 2004 90,112 A..H. --- "C:\WINDOWS\system32\rsvpsp.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\rtm.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\runas.exe"
Wed 4 Aug 2004 31,232 A..H. --- "C:\WINDOWS\system32\sc.exe"
Wed 4 Aug 2004 118,784 A..H. --- "C:\WINDOWS\system32\scardssp.dll"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\scredir.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\scriptpw.dll"
Wed 4 Aug 2004 130,048 A..H. --- "C:\WINDOWS\system32\sdpblb.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\senscfg.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\serialui.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\serwvdrv.dll"
Wed 4 Aug 2004 414,208 A..H. --- "C:\WINDOWS\system32\setupdll.dll"
Wed 4 Aug 2004 11,753 A..H. --- "C:\WINDOWS\system32\setver.exe"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\sfc.exe"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\sfmapi.dll"
Wed 4 Aug 2004 882 A..H. --- "C:\WINDOWS\system32\share.exe"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\shell.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\sisbkup.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\skdll.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\slbrccsp.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\softpub.dll"
Wed 4 Aug 2004 69,632 A..H. --- "C:\WINDOWS\system32\spnike.dll"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\sprestrt.exe"
Wed 4 Aug 2004 70,656 A..H. --- "C:\WINDOWS\system32\sprio600.dll"
Wed 4 Aug 2004 72,192 A..H. --- "C:\WINDOWS\system32\sprio800.dll"
Wed 4 Aug 2004 24,603 A..H. --- "C:\WINDOWS\system32\sqlwid.dll"
Wed 4 Aug 2004 49,179 A..H. --- "C:\WINDOWS\system32\sqlwoa.dll"
Wed 4 Aug 2004 4,208 A..H. --- "C:\WINDOWS\system32\storage.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\streamci.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\subst.exe"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\svcpack.dll"
Wed 4 Aug 2004 138,752 A..H. --- "C:\WINDOWS\system32\swprv.dll"
Wed 4 Aug 2004 51,200 A..H. --- "C:\WINDOWS\system32\syncapp.exe"
Wed 4 Aug 2004 18,896 A..H. --- "C:\WINDOWS\system32\sysedit.exe"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\mstinit.exe"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\sysinv.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\syskey.exe"
Wed 4 Aug 2004 3,072 A..H. --- "C:\WINDOWS\system32\systray.exe"
Wed 4 Aug 2004 19,200 A..H. --- "C:\WINDOWS\system32\tapi.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\tapiperf.dll"
Wed 4 Aug 2004 78,848 A..H. --- "C:\WINDOWS\system32\tapiui.dll"
Wed 4 Aug 2004 72,192 A..H. --- "C:\WINDOWS\system32\taskkill.exe"
Wed 4 Aug 2004 72,192 A..H. --- "C:\WINDOWS\system32\tasklist.exe"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\taskman.exe"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\tcmsetup.exe"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\tcpsvcs.exe"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\tftp.exe"
Wed 4 Aug 2004 13,888 A..H. --- "C:\WINDOWS\system32\toolhelp.dll"
Wed 4 Aug 2004 31,744 A..H. --- "C:\WINDOWS\system32\tracert6.exe"
Wed 4 Aug 2004 31,232 A..H. --- "C:\WINDOWS\system32\traffic.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\tree.com"
Wed 4 Aug 2004 52,224 A..H. --- "C:\WINDOWS\system32\tsappcmp.dll"
Tue 7 Dec 2004 96,768 A..H. --- "C:\WINDOWS\system32\srvsvc.dll"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\tsd32.dll"
Wed 4 Aug 2004 177,856 A..H. --- "C:\WINDOWS\system32\typelib.dll"
Wed 4 Aug 2004 36,352 A..H. --- "C:\WINDOWS\system32\typeperf.exe"
Wed 4 Aug 2004 82,432 A..H. --- "C:\WINDOWS\system32\ufat.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\umdmxfrm.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\unlodctr.exe"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\ureg.dll"
Wed 4 Aug 2004 47,872 A..H. --- "C:\WINDOWS\system32\user.exe"
Wed 4 Aug 2004 25,600 A..H. --- "C:\WINDOWS\system32\utildll.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\vcdex.dll"
Wed 4 Aug 2004 9,008 A..H. --- "C:\WINDOWS\system32\ver.dll"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\verifier.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\verifier.exe"
Wed 4 Aug 2004 20,535 A..H. --- "C:\WINDOWS\system32\vfpodbc.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\vjoy.dll"
Wed 4 Aug 2004 33,792 A..H. --- "C:\WINDOWS\system32\vssadmin.exe"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\vss_ps.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\vwipxspx.dll"
Wed 4 Aug 2004 1,129 A..H. --- "C:\WINDOWS\system32\vwipxspx.exe"
Wed 4 Aug 2004 49,664 A..H. --- "C:\WINDOWS\system32\w32tm.exe"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\w32topl.dll"
Wed 4 Aug 2004 208,896 A..H. --- "C:\WINDOWS\system32\wavemsp.dll"
Wed 4 Aug 2004 40,448 A..H. --- "C:\WINDOWS\system32\webhits.dll"
Wed 4 Aug 2004 145,408 A..H. --- "C:\WINDOWS\system32\wiavusd.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\wifeman.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\win.com"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\win87em.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\winfax.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\winhlp32.exe"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\winmsd.exe"
Wed 4 Aug 2004 2,864 A..H. --- "C:\WINDOWS\system32\winsock.dll"
Wed 4 Aug 2004 2,112 A..H. --- "C:\WINDOWS\system32\winspool.exe"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\winstrm.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\wmiprop.dll"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\wmiscmgr.dll"
Wed 4 Aug 2004 2,736 A..H. --- "C:\WINDOWS\system32\wowdeb.exe"
Wed 4 Aug 2004 10,368 A..H. --- "C:\WINDOWS\system32\wowexec.exe"
Wed 4 Aug 2004 3,200 A..H. --- "C:\WINDOWS\system32\wowfax.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\wowfaxui.dll"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\wshatm.dll"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\wshisn.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\wshnetbs.dll"
Wed 4 Aug 2004 32,256 A..H. --- "C:\WINDOWS\system32\wupdmgr.exe"
Wed 4 Aug 2004 69,886 A..H. --- "C:\WINDOWS\system32\edit.com"
Wed 4 Aug 2004 51,200 A..H. --- "C:\WINDOWS\system32\wmerrenu.dll"
Wed 4 Aug 2004 27,136 A..H. --- "C:\WINDOWS\system32\ctl3d32.dll"
Wed 4 Aug 2004 590,336 A..H. --- "C:\WINDOWS\system32\d3dramp.dll"
Wed 2 Mar 2005 577,024 A..H. --- "C:\WINDOWS\system32\user32.dll"
Wed 4 Aug 2004 51,712 A..H. --- "C:\WINDOWS\system32\migpwd.exe"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\lnkstub.exe"
Wed 4 Aug 2004 69,632 A..H. --- "C:\WINDOWS\system32\msr2c.dll"
Wed 4 Aug 2004 73,802 A..H. --- "C:\WINDOWS\system32\msrclr40.dll"
Wed 4 Aug 2004 28,746 A..H. --- "C:\WINDOWS\system32\msrecr40.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\msr2cenu.dll"
Wed 4 Aug 2004 253,952 A..H. --- "C:\WINDOWS\system32\msvcrt20.dll"
Wed 4 Aug 2004 157,696 A..H. --- "C:\WINDOWS\system32\paqsp.dll"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\pentnt.exe"
Wed 4 Aug 2004 61,500 A..H. --- "C:\WINDOWS\system32\usrcntra.dll"
Wed 4 Aug 2004 69,699 A..H. --- "C:\WINDOWS\system32\usrcoina.dll"
Wed 4 Aug 2004 77,890 A..H. --- "C:\WINDOWS\system32\usrdpa.dll"
Wed 4 Aug 2004 323,641 A..H. --- "C:\WINDOWS\system32\usrdtea.dll"
Wed 4 Aug 2004 86,073 A..H. --- "C:\WINDOWS\system32\usrfaxa.dll"
Wed 4 Aug 2004 53,305 A..H. --- "C:\WINDOWS\system32\usrlbva.dll"
Wed 4 Aug 2004 77,891 A..H. --- "C:\WINDOWS\system32\usrmlnka.exe"
Wed 4 Aug 2004 61,508 A..H. --- "C:\WINDOWS\system32\usrprbda.exe"
Wed 4 Aug 2004 77,883 A..H. --- "C:\WINDOWS\system32\usrrtosa.dll"
Wed 4 Aug 2004 49,211 A..H. --- "C:\WINDOWS\system32\usrsdpia.dll"
Wed 4 Aug 2004 69,700 A..H. --- "C:\WINDOWS\system32\usrshuta.exe"
Wed 4 Aug 2004 41,019 A..H. --- "C:\WINDOWS\system32\usrsvpia.dll"
Wed 4 Aug 2004 102,457 A..H. --- "C:\WINDOWS\system32\usrv42a.dll"
Wed 4 Aug 2004 49,209 A..H. --- "C:\WINDOWS\system32\usrv80a.dll"
Wed 4 Aug 2004 45,116 A..H. --- "C:\WINDOWS\system32\usrvoica.dll"
Wed 4 Aug 2004 49,211 A..H. --- "C:\WINDOWS\system32\usrvpa.dll"
Wed 4 Aug 2004 40,448 A..H. --- "C:\WINDOWS\system32\osuninst.exe"
Wed 4 Aug 2004 51,456 A..H. --- "C:\WINDOWS\system32\vga256.dll"
Wed 4 Aug 2004 18,176 A..H. --- "C:\WINDOWS\system32\vga64k.dll"
Wed 4 Aug 2004 708,096 A..H. --- "C:\WINDOWS\system32\ntdll.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\smss.exe"
Wed 4 Aug 2004 588,800 A..H. --- "C:\WINDOWS\system32\autochk.exe"
Wed 4 Aug 2004 1,580,544 A..H. --- "C:\WINDOWS\system32\sfcfiles.dll"
Wed 4 Aug 2004 616,960 A..H. --- "C:\WINDOWS\system32\advapi32.dll"
Wed 4 Aug 2004 276,992 A..H. --- "C:\WINDOWS\system32\comdlg32.dll"
Wed 4 Aug 2004 144,384 A..H. --- "C:\WINDOWS\system32\imagehlp.dll"
Wed 29 Jun 2005 74,240 A..H. --- "C:\WINDOWS\system32\mscms.dll"
Wed 4 Aug 2004 553,472 A..H. --- "C:\WINDOWS\system32\oleaut32.dll"
Wed 4 Aug 2004 581,120 A..H. --- "C:\WINDOWS\system32\rpcrt4.dll"
Thu 17 Aug 2006 721,920 A..H. --- "C:\WINDOWS\system32\lsasrv.dll"
Tue 12 Apr 2005 159,744 A..H. --- "C:\WINDOWS\system32\WmJoyFrc.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\version.dll"
Wed 4 Aug 2004 172,032 A..H. --- "C:\WINDOWS\system32\wldap32.dll"
Wed 13 Sep 2006 1,084,416 ...H. --- "C:\WINDOWS\system32\msxml3.dll"
Wed 4 Aug 2004 343,040 A..H. --- "C:\WINDOWS\system32\msvcrt.dll"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\mpr.dll"
Wed 4 Aug 2004 419,840 A..H. --- "C:\WINDOWS\system32\ntvdm.exe"
Wed 4 Aug 2004 264,192 A..H. --- "C:\WINDOWS\system32\wow32.dll"
Wed 4 Aug 2004 597,504 A..H. --- "C:\WINDOWS\system32\crypt32.dll"
Wed 4 Aug 2004 723,456 A..H. --- "C:\WINDOWS\system32\userenv.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\WINDOWS\system32\msasn1.dll"
Wed 2 Mar 2005 56,832 A..H. --- "C:\WINDOWS\system32\authz.dll"
Wed 4 Aug 2004 17,664 A..H. --- "C:\WINDOWS\system32\watchdog.sys"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\csrss.exe"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\csrsrv.dll"
Wed 4 Aug 2004 52,736 A..H. --- "C:\WINDOWS\system32\basesrv.dll"
Mon 4 Sep 2006 1,497,088 A..H. --- "C:\WINDOWS\system32\shdocvw.dll"
Wed 4 Aug 2004 502,272 A..H. --- "C:\WINDOWS\system32\winlogon.exe"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\nddeapi.dll"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\secur32.dll"
Wed 4 Aug 2004 53,760 A..H. --- "C:\WINDOWS\system32\winsta.dll"
Wed 4 Aug 2004 27,648 A..H. --- "C:\WINDOWS\system32
  • 0

#8
honkynel

honkynel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes there is a lot more of it.
Wed 4 Aug 2004 53,760 A..H. --- "C:\WINDOWS\system32\winsta.dll"
Wed 4 Aug 2004 27,648 A..H. --- "C:\WINDOWS\system32\profmap.dll"
Fri 25 Aug 2006 617,472 A..H. --- "C:\WINDOWS\system32\comctl32.dll"
Wed 4 Aug 2004 49,664 A..H. --- "C:\WINDOWS\system32\regapi.dll"
Wed 4 Aug 2004 82,944 A..H. --- "C:\WINDOWS\system32\ws2_32.dll"
Wed 4 Aug 2004 19,968 A..H. --- "C:\WINDOWS\system32\ws2help.dll"
Thu 1 Jun 2006 27,648 A..H. --- "C:\WINDOWS\system32\jgpl400.dll"
Wed 4 Aug 2004 249,856 A..H. --- "C:\WINDOWS\system32\odbc32.dll"
Wed 4 Aug 2004 94,208 A..H. --- "C:\WINDOWS\system32\odbcint.dll"
Wed 4 Aug 2004 134,656 A..H. --- "C:\WINDOWS\system32\shsvcs.dll"
Wed 4 Aug 2004 983,552 A..H. --- "C:\WINDOWS\system32\setupapi.dll"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\sfc.dll"
Wed 4 Aug 2004 176,640 A..H. --- "C:\WINDOWS\system32\wintrust.dll"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\slayerxp.dll"
Wed 4 Aug 2004 126,976 A..H. --- "C:\WINDOWS\system32\apphelp.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\ahui.exe"
Wed 4 Aug 2004 108,032 A..H. --- "C:\WINDOWS\system32\services.exe"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\lsass.exe"
Wed 4 Aug 2004 313,856 A..H. --- "C:\WINDOWS\system32\scesrv.dll"
Wed 16 Aug 2006 100,352 A..H. --- "C:\WINDOWS\system32\6to4svc.dll"
Wed 15 Jun 2005 295,936 A..H. --- "C:\WINDOWS\system32\kerberos.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\cryptdll.dll"
Wed 4 Aug 2004 36,352 A..H. --- "C:\WINDOWS\system32\ncobjapi.dll"
Wed 4 Aug 2004 415,744 A..H. --- "C:\WINDOWS\system32\samsrv.dll"
Wed 22 Sep 2004 253,688 A..H. --- "C:\WINDOWS\system32\drmclien.dll"
Wed 4 Aug 2004 64,000 A..H. --- "C:\WINDOWS\system32\samlib.dll"
Wed 4 Aug 2004 67,072 A..H. --- "C:\WINDOWS\system32\ntdsapi.dll"
Wed 4 Aug 2004 144,896 A..H. --- "C:\WINDOWS\system32\schannel.dll"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\cabinet.dll"
Wed 4 Aug 2004 48,128 A..H. --- "C:\WINDOWS\system32\msprivs.dll"
Wed 22 Sep 2004 95,232 A..H. --- "C:\WINDOWS\system32\drmstor.dll"
Wed 4 Aug 2004 110,080 A..H. --- "C:\WINDOWS\system32\imm32.dll"
Wed 4 Aug 2004 176,128 A..H. --- "C:\WINDOWS\system32\winmm.dll"
Wed 4 Aug 2004 129,536 A..H. --- "C:\WINDOWS\system32\msv1_0.dll"
Wed 4 Aug 2004 407,040 A..H. --- "C:\WINDOWS\system32\netlogon.dll"
Thu 17 Aug 2006 332,288 A..H. --- "C:\WINDOWS\system32\netapi32.dll"
Wed 4 Aug 2004 152,576 A..H. --- "C:\WINDOWS\system32\rsaenh.dll"
Wed 4 Aug 2004 99,328 A..H. --- "C:\WINDOWS\system32\winscard.dll"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\eventlog.dll"
Wed 4 Aug 2004 180,224 A..H. --- "C:\WINDOWS\system32\scecli.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\svchost.exe"
Wed 4 Aug 2004 245,248 A..H. --- "C:\WINDOWS\system32\mswsock.dll"
Wed 4 Aug 2004 19,968 A..H. --- "C:\WINDOWS\system32\wshtcpip.dll"
Wed 18 Oct 2006 249,856 ...H. --- "C:\WINDOWS\system32\drmupgds.exe"
Fri 19 May 2006 94,720 A..H. --- "C:\WINDOWS\system32\iphlpapi.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\winrnr.dll"
Wed 18 Oct 2006 211,456 A..H. --- "C:\WINDOWS\system32\qasf.dll"
Wed 4 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rtutils.dll"
Wed 4 Aug 2004 218,624 A..H. --- "C:\WINDOWS\system32\uxtheme.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\wtsapi32.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\dnsrslvr.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\lmhsvc.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\msidle.dll"
Wed 4 Aug 2004 118,784 A..H. --- "C:\WINDOWS\system32\ntmarta.dll"
Fri 13 Oct 2006 142,336 A..H. --- "C:\WINDOWS\system32\nwprovau.dll"
Wed 4 Aug 2004 71,680 A..H. --- "C:\WINDOWS\system32\msacm32.dll"
Wed 4 Aug 2004 42,496 A..H. --- "C:\WINDOWS\system32\audiosrv.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\cfgmgr32.dll"
Wed 18 Oct 2006 1,117,696 A..H. --- "C:\WINDOWS\system32\WMADMOE.dll"
Wed 4 Aug 2004 33,792 A..H. --- "C:\WINDOWS\system32\msgsvc.dll"
Wed 4 Aug 2004 182,784 A..H. --- "C:\WINDOWS\system32\ipsecsvc.dll"
Wed 4 Aug 2004 80,384 A..H. --- "C:\WINDOWS\system32\faultrep.dll"
Wed 4 Aug 2004 266,752 A..H. --- "C:\WINDOWS\system32\oakley.dll"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\regsvc.dll"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\winipsec.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\dmserver.dll"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\wmsdmoe2.dll"
Wed 4 Aug 2004 60,416 A..H. --- "C:\WINDOWS\system32\cryptsvc.dll"
Wed 4 Aug 2004 194,560 A..H. --- "C:\WINDOWS\system32\certcli.dll"
Wed 4 Aug 2004 58,880 A..H. --- "C:\WINDOWS\system32\atl.dll"
Wed 18 Oct 2006 1,329,152 A..H. --- "C:\WINDOWS\system32\WMSPDMOE.dll"
Wed 4 Aug 2004 34,304 A..H. --- "C:\WINDOWS\system32\pstorsvc.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\drprov.dll"
Wed 4 Aug 2004 96,768 A..H. --- "C:\WINDOWS\system32\psbase.dll"
Wed 4 Aug 2004 43,520 A..H. --- "C:\WINDOWS\system32\ntlanman.dll"
Wed 4 Aug 2004 80,896 A..H. --- "C:\WINDOWS\system32\netui0.dll"
Wed 4 Aug 2004 245,760 A..H. --- "C:\WINDOWS\system32\netui1.dll"
Wed 4 Aug 2004 174,592 A..H. --- "C:\WINDOWS\system32\w32time.dll"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\netrap.dll"
Wed 4 Aug 2004 413,696 A..H. --- "C:\WINDOWS\system32\msvcp60.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\davclnt.dll"
Wed 4 Aug 2004 137,216 A..H. --- "C:\WINDOWS\system32\dssenh.dll"
Wed 4 Aug 2004 22,528 A..H. --- "C:\WINDOWS\system32\wsock32.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\icmp.dll"
Wed 4 Aug 2004 87,040 A..H. --- "C:\WINDOWS\system32\mprapi.dll"
Wed 4 Aug 2004 194,048 A..H. --- "C:\WINDOWS\system32\activeds.dll"
Wed 4 Aug 2004 143,360 A..H. --- "C:\WINDOWS\system32\adsldpc.dll"
Wed 4 Aug 2004 90,624 A..H. --- "C:\WINDOWS\system32\trkwks.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\seclogon.dll"
Tue 2 Jan 2007 10,980,776 A..H. --- "C:\WINDOWS\system32\MRT.exe"
Wed 4 Aug 2004 38,912 A..H. --- "C:\WINDOWS\system32\sens.dll"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\shfolder.dll"
Wed 4 Aug 2004 77,312 A..H. --- "C:\WINDOWS\system32\browser.dll"
Wed 4 Aug 2004 236,544 A..H. --- "C:\WINDOWS\system32\rasapi32.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\WINDOWS\system32\rasman.dll"
Wed 4 Aug 2004 181,760 A..H. --- "C:\WINDOWS\system32\tapi32.dll"
Wed 4 Aug 2004 6,656 A..H. --- "C:\WINDOWS\system32\sensapi.dll"
Wed 4 Aug 2004 101,888 A..H. --- "C:\WINDOWS\system32\cscdll.dll"
Wed 4 Aug 2004 92,672 A..H. --- "C:\WINDOWS\system32\wlnotify.dll"
Wed 4 Aug 2004 326,656 A..H. --- "C:\WINDOWS\system32\cscui.dll"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\powrprof.dll"
Wed 4 Aug 2004 423,936 A..H. --- "C:\WINDOWS\system32\licdll.dll"
Wed 4 Aug 2004 96,768 A..H. --- "C:\WINDOWS\system32\dpcdll.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\userinit.exe"
Wed 4 Aug 2004 74,752 A..H. --- "C:\WINDOWS\system32\spoolss.dll"
Wed 4 Aug 2004 115,712 A..H. --- "C:\WINDOWS\system32\mstlsapi.dll"
Wed 4 Aug 2004 341,504 A..H. --- "C:\WINDOWS\system32\localspl.dll"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\WMVADVE.DLL"
Wed 4 Aug 2004 47,104 A..H. --- "C:\WINDOWS\system32\cnbjmon.dll"
Wed 4 Aug 2004 15,360 A..H. --- "C:\WINDOWS\system32\pjlmon.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\tcpmon.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\usbmon.dll"
Wed 4 Aug 2004 12,168 A..H. --- "C:\WINDOWS\system32\tsddd.dll"
Wed 4 Aug 2004 92,168 A..H. --- "C:\WINDOWS\system32\rdpdd.dll"
Wed 4 Aug 2004 101,888 A..H. --- "C:\WINDOWS\system32\win32spl.dll"
Wed 4 Aug 2004 75,264 A..H. --- "C:\WINDOWS\system32\inetpp.dll"
Wed 4 Aug 2004 385,536 A..H. --- "C:\WINDOWS\system32\themeui.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\msimg32.dll"
Mon 26 Jun 2006 8,192 A..H. --- "C:\WINDOWS\system32\rasadhlp.dll"
Wed 4 Aug 2004 114,688 A..H. --- "C:\WINDOWS\system32\aclui.dll"
Wed 4 Aug 2004 275,456 A..H. --- "C:\WINDOWS\system32\ulib.dll"
Wed 4 Aug 2004 101,888 A..H. --- "C:\WINDOWS\system32\actxprxy.dll"
Fri 13 Oct 2006 65,536 A..H. --- "C:\WINDOWS\system32\nwwks.dll"
Fri 13 Oct 2006 64,000 A..H. --- "C:\WINDOWS\system32\nwapi32.dll"
Wed 4 Aug 2004 388,608 A..H. --- "C:\WINDOWS\system32\cmd.exe"
Wed 4 Aug 2004 221,184 A..H. --- "C:\WINDOWS\system32\wmpns.dll"
Wed 4 Aug 2004 143,872 A..H. --- "C:\WINDOWS\system32\ntshrui.dll"
Wed 4 Aug 2004 84,992 A..H. --- "C:\WINDOWS\system32\avifil32.dll"
Wed 4 Aug 2004 120,832 A..H. --- "C:\WINDOWS\system32\msvfw32.dll"
Wed 4 Aug 2004 506,368 A..H. --- "C:\WINDOWS\system32\msxml.dll"
Wed 4 Aug 2004 151,552 A..H. --- "C:\WINDOWS\system32\msdart.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\rundll32.exe"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\regsvr32.exe"
Wed 4 Aug 2004 984,576 A..H. --- "C:\WINDOWS\system32\syssetup.dll"
Wed 4 Aug 2004 150,016 A..H. --- "C:\WINDOWS\system32\imapi.exe"
Wed 4 Aug 2004 55,808 A..H. --- "C:\WINDOWS\system32\ipconfig.exe"
Mon 26 Jun 2006 148,480 A..H. --- "C:\WINDOWS\system32\dnsapi.dll"
Mon 17 Oct 2005 118,272 A..H. --- "C:\WINDOWS\system32\t2embed.dll"
Wed 4 Aug 2004 42,496 A..H. --- "C:\WINDOWS\system32\net.exe"
Wed 4 Aug 2004 124,928 A..H. --- "C:\WINDOWS\system32\net1.exe"
Wed 4 Aug 2004 43,520 A..H. --- "C:\WINDOWS\system32\pstorec.dll"
Wed 4 Aug 2004 207,360 A..H. --- "C:\WINDOWS\system32\mobsync.dll"
Wed 4 Aug 2004 147,456 A..H. --- "C:\WINDOWS\system32\initpki.dll"
Wed 4 Aug 2004 51,712 A..H. --- "C:\WINDOWS\system32\msident.dll"
Thu 29 Dec 2005 280,064 A..H. --- "C:\WINDOWS\system32\gdi32.dll"
Wed 4 Aug 2004 62,976 A..H. --- "C:\WINDOWS\system32\pautoenr.dll"
Wed 4 Aug 2004 512,512 A..H. --- "C:\WINDOWS\system32\cryptui.dll"
Wed 4 Aug 2004 431,616 A..H. --- "C:\WINDOWS\system32\riched20.dll"
Wed 4 Aug 2004 63,488 A..H. --- "C:\WINDOWS\system32\cryptnet.dll"
Wed 4 Aug 2004 23,040 A..H. --- "C:\WINDOWS\system32\psapi.dll"
Wed 4 Aug 2004 97,280 A..H. --- "C:\WINDOWS\system32\loadperf.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\wmi.dll"
Wed 4 Aug 2004 1,708,032 A..H. --- "C:\WINDOWS\system32\netshell.dll"
Wed 4 Aug 2004 112,128 A..H. --- "C:\WINDOWS\system32\rastls.dll"
Wed 4 Aug 2004 69,632 A..H. --- "C:\WINDOWS\system32\raschap.dll"
Wed 4 Aug 2004 344,064 A..H. --- "C:\WINDOWS\system32\hnetcfg.dll"
Wed 4 Aug 2004 121,856 A..H. --- "C:\WINDOWS\system32\stobject.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\batmeter.dll"
Wed 4 Aug 2004 163,840 A..H. --- "C:\WINDOWS\system32\credui.dll"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\defrag.exe"
Wed 4 Aug 2004 82,432 A..H. --- "C:\WINDOWS\system32\dfrgfat.exe"
Wed 4 Aug 2004 430,592 A..H. --- "C:\WINDOWS\system32\vssapi.dll"
Wed 4 Aug 2004 104,960 A..H. --- "C:\WINDOWS\system32\dfrgntfs.exe"
Wed 4 Aug 2004 27,136 A..H. --- "C:\WINDOWS\system32\findstr.exe"
Wed 4 Aug 2004 69,120 A..H. --- "C:\WINDOWS\system32\notepad.exe"
Wed 4 Aug 2004 640,000 A..H. --- "C:\WINDOWS\system32\dbghelp.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\winver.exe"
Wed 4 Aug 2004 514,560 A..H. --- "C:\WINDOWS\system32\logonui.exe"
Wed 4 Aug 2004 560,640 A..H. --- "C:\WINDOWS\system32\printui.dll"
Wed 4 Aug 2004 20,992 A..H. --- "C:\WINDOWS\system32\sclgntfy.dll"
Wed 4 Aug 2004 68,096 A..H. --- "C:\WINDOWS\system32\shgina.dll"
Wed 4 Aug 2004 63,488 A..H. --- "C:\WINDOWS\system32\browselc.dll"
Wed 4 Aug 2004 1,179,648 A..H. --- "C:\WINDOWS\system32\d3d8.dll"
Wed 4 Aug 2004 90,624 A..H. --- "C:\WINDOWS\system32\mydocs.dll"
Wed 4 Aug 2004 304,128 A..H. --- "C:\WINDOWS\system32\duser.dll"
Wed 18 Oct 2006 100,864 A..H. --- "C:\WINDOWS\system32\logagent.exe"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\actmovie.exe"
Wed 4 Aug 2004 175,616 A..H. --- "C:\WINDOWS\system32\adsldp.dll"
Wed 4 Aug 2004 68,096 A..H. --- "C:\WINDOWS\system32\adsmsext.dll"
Wed 4 Aug 2004 263,680 A..H. --- "C:\WINDOWS\system32\adsnt.dll"
Wed 4 Aug 2004 44,544 A..H. --- "C:\WINDOWS\system32\alg.exe"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\alrsvc.dll"
Wed 4 Aug 2004 70,656 A..H. --- "C:\WINDOWS\system32\amstream.dll"
Wed 4 Aug 2004 167,936 A..H. --- "C:\WINDOWS\system32\appmgmts.dll"
Wed 4 Aug 2004 295,936 A..H. --- "C:\WINDOWS\system32\appmgr.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\asr_fmt.exe"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\asr_pfu.exe"
Wed 4 Aug 2004 65,024 A..H. --- "C:\WINDOWS\system32\asycfilt.dll"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\at.exe"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\atmadm.exe"
Wed 4 Aug 2004 285,696 A..H. --- "C:\WINDOWS\system32\atmfd.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\atmlib.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\auditusr.exe"
Wed 4 Aug 2004 602,624 A..H. --- "C:\WINDOWS\system32\autoconv.exe"
Wed 4 Aug 2004 580,608 A..H. --- "C:\WINDOWS\system32\autofmt.exe"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\autolfn.exe"
Wed 4 Aug 2004 17,408 A..H. --- "C:\WINDOWS\system32\bidispl.dll"
Wed 4 Aug 2004 78,336 A..H. --- "C:\WINDOWS\system32\browsewm.dll"
Wed 4 Aug 2004 20,992 A..H. --- "C:\WINDOWS\system32\bthci.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\bthserv.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\btpanui.dll"
Wed 4 Aug 2004 84,480 A..H. --- "C:\WINDOWS\system32\cabview.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\camocx.dll"
Wed 18 Oct 2006 991,744 A..H. --- "C:\WINDOWS\system32\drmv2clt.dll"
Mon 17 Oct 2005 80,896 A..H. --- "C:\WINDOWS\system32\fontsub.dll"
Wed 4 Aug 2004 457,728 A..H. --- "C:\WINDOWS\system32\certmgr.dll"
Sat 10 Sep 2005 2,067,968 A..H. --- "C:\WINDOWS\system32\cdosys.dll"
Wed 4 Aug 2004 56,320 A..H. --- "C:\WINDOWS\system32\cipher.exe"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\cisvc.exe"
Wed 4 Aug 2004 64,000 A..H. --- "C:\WINDOWS\system32\cleanmgr.exe"
Wed 4 Aug 2004 77,824 A..H. --- "C:\WINDOWS\system32\cliconfg.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\cliconfg.exe"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\clipsrv.exe"
Wed 4 Aug 2004 57,856 A..H. --- "C:\WINDOWS\system32\clusapi.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\cmcfg32.dll"
Wed 4 Aug 2004 343,040 A..H. --- "C:\WINDOWS\system32\cmdial32.dll"
Wed 4 Aug 2004 47,104 A..H. --- "C:\WINDOWS\system32\cmdl32.exe"
Wed 4 Aug 2004 39,936 A..H. --- "C:\WINDOWS\system32\cmmon32.exe"
Wed 4 Aug 2004 104,448 A..H. --- "C:\WINDOWS\system32\dmusic.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\cmsetACL.dll"
Wed 4 Aug 2004 63,488 A..H. --- "C:\WINDOWS\system32\cmstp.exe"
Wed 4 Aug 2004 39,936 A..H. --- "C:\WINDOWS\system32\cmutil.dll"
Wed 4 Aug 2004 52,224 A..H. --- "C:\WINDOWS\system32\dmutil.dll"
Wed 4 Aug 2004 252,928 A..H. --- "C:\WINDOWS\system32\compatUI.dll"
Wed 4 Aug 2004 229,376 A..H. --- "C:\WINDOWS\system32\compstui.dll"
Wed 4 Aug 2004 792,064 A..H. --- "C:\WINDOWS\system32\comres.dll"
Wed 4 Aug 2004 27,648 A..H. --- "C:\WINDOWS\system32\conime.exe"
Wed 18 Oct 2006 11,264 A..H. --- "C:\WINDOWS\system32\LAPRXY.dll"
Wed 4 Aug 2004 74,752 A..H. --- "C:\WINDOWS\system32\cryptdlg.dll"
Wed 4 Aug 2004 53,760 A..H. --- "C:\WINDOWS\system32\cryptext.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\cscript.exe"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\d3d8thk.dll"
Wed 4 Aug 2004 1,689,088 A..H. --- "C:\WINDOWS\system32\d3d9.dll"
Wed 4 Aug 2004 825,344 A..H. --- "C:\WINDOWS\system32\d3dim700.dll"
Fri 23 Jun 2006 151,040 A..H. --- "C:\WINDOWS\system32\cdfview.dll"
Wed 4 Aug 2004 54,272 A..H. --- "C:\WINDOWS\system32\dataclen.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\dbmsrpcn.dll"
Wed 4 Aug 2004 110,592 A..H. --- "C:\WINDOWS\system32\dbnetlib.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\dbnmpntw.dll"
Wed 4 Aug 2004 48,128 A..H. --- "C:\WINDOWS\system32\docprop2.dll"
Wed 4 Aug 2004 8,704 A..H. --- "C:\WINDOWS\system32\dciman32.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\ddeshare.exe"
Wed 4 Aug 2004 266,240 A..H. --- "C:\WINDOWS\system32\ddraw.dll"
Wed 4 Aug 2004 27,136 A..H. --- "C:\WINDOWS\system32\ddrawex.dll"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\devenum.dll"
Wed 4 Aug 2004 282,624 A..H. --- "C:\WINDOWS\system32\devmgr.dll"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\dfsshlex.dll"
Wed 4 Aug 2004 38,912 A..H. --- "C:\WINDOWS\system32\dfrgsnap.dll"
Wed 4 Aug 2004 123,904 A..H. --- "C:\WINDOWS\system32\dfrgui.dll"
Wed 4 Aug 2004 111,104 A..H. --- "C:\WINDOWS\system32\dgnet.dll"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\diantz.exe"
Wed 4 Aug 2004 68,608 A..H. --- "C:\WINDOWS\system32\digest.dll"
Wed 4 Aug 2004 159,232 A..H. --- "C:\WINDOWS\system32\dinput.dll"
Wed 4 Aug 2004 181,760 A..H. --- "C:\WINDOWS\system32\dinput8.dll"
Wed 4 Aug 2004 163,840 A..H. --- "C:\WINDOWS\system32\diskpart.exe"
Wed 4 Aug 2004 5,120 A..H. --- "C:\WINDOWS\system32\dllhost.exe"
Wed 4 Aug 2004 224,768 A..H. --- "C:\WINDOWS\system32\dmadmin.exe"
Wed 4 Aug 2004 28,672 A..H. --- "C:\WINDOWS\system32\dmband.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\WINDOWS\system32\dmcompos.dll"
Wed 4 Aug 2004 200,704 A..H. --- "C:\WINDOWS\system32\dmdskmgr.dll"
Wed 4 Aug 2004 181,248 A..H. --- "C:\WINDOWS\system32\dmime.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\dmloader.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\dmremote.exe"
Wed 4 Aug 2004 82,432 A..H. --- "C:\WINDOWS\system32\dmscript.dll"
Wed 4 Aug 2004 105,984 A..H. --- "C:\WINDOWS\system32\dmstyle.dll"
Wed 4 Aug 2004 103,424 A..H. --- "C:\WINDOWS\system32\dmsynth.dll"
Wed 4 Aug 2004 53,840 A..H. --- "C:\WINDOWS\system32\dosx.exe"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\dplaysvr.exe"
Wed 4 Aug 2004 229,888 A..H. --- "C:\WINDOWS\system32\dplayx.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\dpmodemx.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\dpnaddr.dll"
Wed 4 Aug 2004 375,296 A..H. --- "C:\WINDOWS\system32\dpnet.dll"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\dpnhpast.dll"
Wed 4 Aug 2004 60,928 A..H. --- "C:\WINDOWS\system32\dpnhupnp.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\dpnlobby.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\dpnsvr.exe"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\dpvacm.dll"
Wed 4 Aug 2004 212,480 A..H. --- "C:\WINDOWS\system32\dpvoice.dll"
Wed 4 Aug 2004 83,456 A..H. --- "C:\WINDOWS\system32\dpvsetup.exe"
Wed 4 Aug 2004 116,736 A..H. --- "C:\WINDOWS\system32\dpvvox.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\WINDOWS\system32\dpwsockx.dll"
Wed 4 Aug 2004 120,320 A..H. --- "C:\WINDOWS\system32\ir41_qc.dll"
Wed 4 Aug 2004 4,656 A..H. --- "C:\WINDOWS\system32\ds16gt.dLL"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\ds32gt.dll"
Wed 4 Aug 2004 181,760 A..H. --- "C:\WINDOWS\system32\dsdmo.dll"
Wed 4 Aug 2004 71,680 A..H. --- "C:\WINDOWS\system32\dsdmoprp.dll"
Wed 4 Aug 2004 92,672 A..H. --- "C:\WINDOWS\system32\dskquota.dll"
Wed 4 Aug 2004 367,616 A..H. --- "C:\WINDOWS\system32\dsound.dll"
Wed 4 Aug 2004 1,294,336 A..H. --- "C:\WINDOWS\system32\dsound3d.dll"
Wed 4 Aug 2004 142,336 A..H. --- "C:\WINDOWS\system32\dsprop.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\dsprpres.dll"
Wed 4 Aug 2004 239,104 A..H. --- "C:\WINDOWS\system32\dsquery.dll"
Wed 4 Aug 2004 51,200 A..H. --- "C:\WINDOWS\system32\dssec.dll"
Wed 4 Aug 2004 113,152 A..H. --- "C:\WINDOWS\system32\dsuiext.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\dswave.dll"
Wed 4 Aug 2004 10,752 A..H. --- "C:\WINDOWS\system32\dumprep.exe"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\dvdupgrd.exe"
Wed 4 Aug 2004 619,008 A..H. --- "C:\WINDOWS\system32\dx7vb.dll"
Wed 4 Aug 2004 1,227,264 A..H. --- "C:\WINDOWS\system32\dx8vb.dll"
Wed 4 Aug 2004 1,298,432 A..H. --- "C:\WINDOWS\system32\dxdiag.exe"
Wed 4 Aug 2004 2,113,536 A..H. --- "C:\WINDOWS\system32\dxdiagn.dll"
Fri 23 Jun 2006 1,054,208 A..H. --- "C:\WINDOWS\system32\danim.dll"
Wed 18 Oct 2006 212,992 ...H. --- "C:\WINDOWS\system32\MFPLAT.dll"
Wed 4 Aug 2004 180,224 A..H. --- "C:\WINDOWS\system32\dwwin.exe"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\efsadu.dll"
Wed 4 Aug 2004 183,296 A..H. --- "C:\WINDOWS\system32\els.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\encapi.dll"
Wed 4 Aug 2004 186,368 A..H. --- "C:\WINDOWS\system32\encdec.dll"
Wed 4 Aug 2004 23,040 A..H. --- "C:\WINDOWS\system32\ersvc.dll"
Wed 4 Aug 2004 193,024 A..H. --- "C:\WINDOWS\system32\eudcedit.exe"
Wed 4 Aug 2004 190,976 A..H. --- "C:\WINDOWS\system32\schedsvc.dll"
Wed 4 Aug 2004 380,957 A..H. --- "C:\WINDOWS\system32\expsrv.dll"
Thu 20 Oct 2005 1,082,368 A..H. --- "C:\WINDOWS\system32\esent.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\extrac32.exe"
Wed 4 Aug 2004 73,728 A..H. --- "C:\WINDOWS\system32\fdeploy.dll"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\feclient.dll"
Wed 4 Aug 2004 337,920 A..H. --- "C:\WINDOWS\system32\filemgmt.dll"
Wed 4 Aug 2004 87,552 A..H. --- "C:\WINDOWS\system32\fldrclnr.dll"
Wed 4 Aug 2004 382,976 A..H. --- "C:\WINDOWS\system32\fontext.dll"
Wed 4 Aug 2004 20,992 A..H. --- "C:\WINDOWS\system32\fontview.exe"
Wed 4 Aug 2004 9,344 A..H. --- "C:\WINDOWS\system32\framebuf.dll"
Wed 4 Aug 2004 193,024 A..H. --- "C:\WINDOWS\system32\fsquirt.exe"
Wed 4 Aug 2004 42,496 A..H. --- "C:\WINDOWS\system32\ftp.exe"
Wed 4 Aug 2004 60,416 A..H. --- "C:\WINDOWS\system32\fwcfg.dll"
Wed 4 Aug 2004 122,880 A..H. --- "C:\WINDOWS\system32\glu32.dll"
Wed 4 Aug 2004 566,784 A..H. --- "C:\WINDOWS\system32\gpedit.dll"
Wed 4 Aug 2004 101,888 A..H. --- "C:\WINDOWS\system32\gpkcsp.dll"
Wed 4 Aug 2004 9,728 A..H. --- "C:\WINDOWS\system32\gpkrsrc.dll"
Wed 4 Aug 2004 119,808 A..H. --- "C:\WINDOWS\system32\gpresult.exe"
Wed 4 Aug 2004 198,656 A..H. --- "C:\WINDOWS\system32\gptext.dll"
Wed 4 Aug 2004 39,424 A..H. --- "C:\WINDOWS\system32\grpconv.exe"
Wed 4 Aug 2004 614,912 A..H. --- "C:\WINDOWS\system32\h323msp.dll"
Wed 4 Jan 2006 68,096 A..H. --- "C:\WINDOWS\system32\webclnt.dll"
Wed 4 Aug 2004 20,992 ...H. --- "C:\WINDOWS\system32\hid.dll"
Wed 4 Aug 2004 330,752 A..H. --- "C:\WINDOWS\system32\hnetwiz.dll"
Wed 4 Aug 2004 329,728 A..H. --- "C:\WINDOWS\system32\netsetup.exe"
Wed 4 Aug 2004 144,896 A..H. --- "C:\WINDOWS\system32\hotplug.dll"
Wed 18 Oct 2006 259,072 ...H. --- "C:\WINDOWS\system32\MP43DECD.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\httpapi.dll"
Wed 4 Aug 2004 41,984 A..H. --- "C:\WINDOWS\system32\htui.dll"
Wed 4 Aug 2004 119,808 A..H. --- "C:\WINDOWS\system32\iasrad.dll"
Wed 4 Aug 2004 80,384 A..H. --- "C:\WINDOWS\system32\iccvid.dll"
Mon 22 Aug 2005 197,632 A..H. --- "C:\WINDOWS\system32\netman.dll"
Wed 4 Aug 2004 120,832 A..H. --- "C:\WINDOWS\system32\idq.dll"
Fri 15 Sep 2006 142,848 ...H. --- "C:\WINDOWS\system32\WudfHost.exe"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\MP43DMOD.dll"
Wed 4 Aug 2004 114,688 A..H. --- "C:\WINDOWS\system32\iexpress.exe"
Wed 4 Aug 2004 135,680 A..H. --- "C:\WINDOWS\system32\ifmon.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\igmpagnt.dll"
Wed 4 Aug 2004 36,921 A..H. --- "C:\WINDOWS\system32\imeshare.dll"
Thu 25 May 2006 69,721 A..H. --- "C:\WINDOWS\system32\SynTPFcs.dll"
Wed 4 Aug 2004 33,280 A..H. --- "C:\WINDOWS\system32\inetmib1.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\inetppui.dll"
Wed 4 Aug 2004 123,392 A..H. --- "C:\WINDOWS\system32\input.dll"
Wed 18 Oct 2006 317,440 ...H. --- "C:\WINDOWS\system32\MP4SDECD.dll"
Wed 4 Aug 2004 331,264 A..H. --- "C:\WINDOWS\system32\ipnathlp.dll"
Wed 4 Aug 2004 330,752 A..H. --- "C:\WINDOWS\system32\ippromon.dll"
Wed 4 Aug 2004 349,696 A..H. --- "C:\WINDOWS\system32\ipsecsnp.dll"
Wed 4 Aug 2004 384,000 A..H. --- "C:\WINDOWS\system32\ipsmsnap.dll"
Wed 4 Aug 2004 53,248 A..H. --- "C:\WINDOWS\system32\ipv6.exe"
Wed 4 Aug 2004 59,904 A..H. --- "C:\WINDOWS\system32\ipv6mon.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\ipxroute.exe"
Fri 27 May 2005 41,472 A..H. --- "C:\WINDOWS\system32\hhsetup.dll"
Fri 27 May 2005 155,136 A..H. --- "C:\WINDOWS\system32\itircl.dll"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\MP4SDMOD.dll"
Wed 4 Aug 2004 54,272 A..H. --- "C:\WINDOWS\system32\ixsso.dll"
Fri 19 May 2006 111,616 A..H. --- "C:\WINDOWS\system32\dhcpcsvc.dll"
Wed 18 Oct 2006 259,072 ...H. --- "C:\WINDOWS\system32\MPG4DECD.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdfi1.dll"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\kbdmaori.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdmlt47.dll"
Wed 4 Aug 2004 6,144 A..H. --- "C:\WINDOWS\system32\kbdmlt48.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdno1.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\kbdsmsfi.dll"
Wed 4 Aug 2004 7,680 A..H. --- "C:\WINDOWS\system32\kbdsmsno.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\kbdukx.dll"
Wed 4 Aug 2004 7,424 A..H. --- "C:\WINDOWS\system32\kd1394.dll"
Wed 4 Aug 2004 42,537 A..H. --- "C:\WINDOWS\system32\keyboard.sys"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\MPG4DMOD.dll"
Wed 4 Aug 2004 399,872 A..H. --- "C:\WINDOWS\system32\lmrt.dll"
Wed 4 Aug 2004 221,696 A..H. --- "C:\WINDOWS\system32\localsec.dll"
Wed 4 Aug 2004 11,776 A..H. --- "C:\WINDOWS\system32\localui.dll"
Wed 4 Aug 2004 75,264 A..H. --- "C:\WINDOWS\system32\locator.exe"
Wed 4 Aug 2004 59,392 A..H. --- "C:\WINDOWS\system32\logman.exe"
Wed 4 Aug 2004 22,016 A..H. --- "C:\WINDOWS\system32\lpk.dll"
Wed 4 Aug 2004 10,240 A..H. --- "C:\WINDOWS\system32\lprhelp.dll"
Wed 4 Aug 2004 150,528 A..H. --- "C:\WINDOWS\system32\keymgr.dll"
Wed 4 Aug 2004 72,704 A..H. --- "C:\WINDOWS\system32\magnify.exe"
Wed 4 Aug 2004 85,504 A..H. --- "C:\WINDOWS\system32\makecab.exe"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\mcastmib.dll"
Wed 4 Aug 2004 84,480 A..H. --- "C:\WINDOWS\system32\mciavi32.dll"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\mciqtz32.dll"
Wed 4 Aug 2004 23,040 A..H. --- "C:\WINDOWS\system32\mciseq.dll"
Wed 4 Aug 2004 23,552 A..H. --- "C:\WINDOWS\system32\mciwave.dll"
Wed 4 Aug 2004 118,272 A..H. --- "C:\WINDOWS\system32\mdminst.dll"
Wed 4 Aug 2004 39,936 A..H. --- "C:\WINDOWS\system32\mf3216.dll"
Wed 4 Aug 2004 1,028,096 A..H. --- "C:\WINDOWS\system32\mfc42.dll"
Wed 4 Aug 2004 1,024,000 A..H. --- "C:\WINDOWS\system32\mfc42u.dll"
Wed 4 Aug 2004 22,528 A..H. --- "C:\WINDOWS\system32\mfcsubs.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\mgmtapi.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\midimap.dll"
Wed 4 Aug 2004 60,928 A..H. --- "C:\WINDOWS\system32\miglibnt.dll"
Wed 4 Aug 2004 586,240 A..H. --- "C:\WINDOWS\system32\mlang.dll"
Wed 4 Aug 2004 815,104 A..H. --- "C:\WINDOWS\system32\mmc.exe"
Wed 4 Aug 2004 70,656 A..H. --- "C:\WINDOWS\system32\mmcbase.dll"
Wed 4 Aug 2004 1,192,960 A..H. --- "C:\WINDOWS\system32\mmcndmgr.dll"
Wed 4 Aug 2004 50,688 A..H. --- "C:\WINDOWS\system32\mmcshext.dll"
Wed 4 Aug 2004 68,768 A..H. --- "C:\WINDOWS\system32\mmsystem.dll"
Wed 4 Aug 2004 143,360 A..H. --- "C:\WINDOWS\system32\mobsync.exe"
Wed 4 Aug 2004 153,600 A..H. --- "C:\WINDOWS\system32\modemui.dll"
Wed 4 Aug 2004 216,064 A..H. --- "C:\WINDOWS\system32\moricons.dll"
Wed 4 Aug 2004 338,432 A..H. --- "C:\WINDOWS\system32\ir41_qcx.dll"
Wed 4 Aug 2004 138,240 A..H. --- "C:\WINDOWS\system32\mqad.dll"
Wed 4 Aug 2004 19,968 A..H. --- "C:\WINDOWS\system32\mqbkup.exe"
Wed 4 Aug 2004 47,104 A..H. --- "C:\WINDOWS\system32\mqdscli.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\mqise.dll"
Wed 4 Aug 2004 89,088 A..H. --- "C:\WINDOWS\system32\mqlogmgr.dll"
Wed 4 Aug 2004 225,280 A..H. --- "C:\WINDOWS\system32\mqoa.dll"
Wed 4 Aug 2004 660,992 A..H. --- "C:\WINDOWS\system32\mqqm.dll"
Wed 4 Aug 2004 177,152 A..H. --- "C:\WINDOWS\system32\mqrt.dll"
Wed 4 Aug 2004 123,392 A..H. --- "C:\WINDOWS\system32\mqrtdep.dll"
Wed 4 Aug 2004 95,744 A..H. --- "C:\WINDOWS\system32\mqsec.dll"
Wed 4 Aug 2004 517,632 A..H. --- "C:\WINDOWS\system32\mqsnap.dll"
Wed 4 Aug 2004 4,608 A..H. --- "C:\WINDOWS\system32\mqsvc.exe"
Wed 4 Aug 2004 117,248 A..H. --- "C:\WINDOWS\system32\mqtgsvc.exe"
Wed 4 Aug 2004 186,880 A..H. --- "C:\WINDOWS\system32\mqtrig.dll"
Wed 4 Aug 2004 48,640 A..H. --- "C:\WINDOWS\system32\mqupgrd.dll"
Wed 4 Aug 2004 471,552 A..H. --- "C:\WINDOWS\system32\mqutil.dll"
Wed 4 Aug 2004 3,584 A..H. --- "C:\WINDOWS\system32\msafd.dll"
Wed 4 Aug 2004 86,016 A..H. --- "C:\WINDOWS\system32\msapsspc.dll"
Wed 18 Oct 2006 179,712 A..H. --- "C:\WINDOWS\system32\msnetobj.dll"
Wed 4 Aug 2004 755,200 A..H. --- "C:\WINDOWS\system32\ir50_32.dll"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\mscpx32r.dLL"
Wed 4 Aug 2004 200,192 A..H. --- "C:\WINDOWS\system32\ir50_qc.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\mscpxl32.dLL"
Wed 4 Aug 2004 118,784 A..H. --- "C:\WINDOWS\system32\msdadiag.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\msdmo.dll"
Wed 18 Oct 2006 757,248 A..H. --- "C:\WINDOWS\system32\WMADMOD.dll"
Wed 4 Aug 2004 248,832 A..H. --- "C:\WINDOWS\system32\msieftp.dll"
Thu 25 May 2006 114,688 A..H. --- "C:\WINDOWS\system32\SynCtrl.dll"
Wed 4 Aug 2004 1,507,356 A..H. --- "C:\WINDOWS\system32\msjet40.dll"
Wed 11 May 2005 75,776 A..H. --- "C:\WINDOWS\system32\telnet.exe"
Wed 4 Aug 2004 151,583 A..H. --- "C:\WINDOWS\system32\msjint40.dll"
Wed 4 Aug 2004 53,279 A..H. --- "C:\WINDOWS\system32\msjter40.dll"
Wed 4 Aug 2004 241,693 A..H. --- "C:\WINDOWS\system32\msjtes40.dll"
Wed 4 Aug 2004 290,816 A..H. --- "C:\WINDOWS\system32\msnsspc.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\WINDOWS\system32\msorc32r.dll"
Wed 4 Aug 2004 143,360 A..H. --- "C:\WINDOWS\system32\msorcl32.dll"
Wed 4 Aug 2004 30,208 A..H. --- "C:\WINDOWS\system32\mspatcha.dll"
Wed 18 Oct 2006 222,208 A..H. --- "C:\WINDOWS\system32\WMASF.dll"
Wed 4 Aug 2004 315,423 A..H. --- "C:\WINDOWS\system32\msrd3x40.dll"
Wed 4 Aug 2004 11,264 A..H. --- "C:\WINDOWS\system32\msrle32.dll"
Wed 4 Aug 2004 134,656 A..H. --- "C:\WINDOWS\system32\mssap.dll"
Wed 18 Oct 2006 535,040 ...H. --- "C:\WINDOWS\system32\wmdrmsdk.dll"
Mon 23 Feb 2004 1,386,496 A..H. --- "C:\WINDOWS\system32\msvbvm60.dll"
Wed 4 Aug 2004 54,784 A..H. --- "C:\WINDOWS\system32\msvcirt.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\WINDOWS\system32\msvcrt40.dll"
Wed 4 Aug 2004 1,428,480 A..H. --- "C:\WINDOWS\system32\msvidctl.dll"
Wed 4 Aug 2004 72,704 A..H. --- "C:\WINDOWS\system32\msw3prt.dll"
Wed 4 Aug 2004 831,519 A..H. --- "C:\WINDOWS\system32\mswdat10.dll"
Wed 4 Aug 2004 204,288 A..H. --- "C:\WINDOWS\system32\mswebdvd.dll"
Wed 4 Aug 2004 614,429 A..H. --- "C:\WINDOWS\system32\mswstr10.dll"
Wed 4 Aug 2004 701,440 A..H. --- "C:\WINDOWS\system32\msxml2.dll"
Wed 1 Mar 2006 11,776 A..H. --- "C:\WINDOWS\system32\xolehlp.dll"
Wed 18 Oct 2006 157,184 A..H. --- "C:\WINDOWS\system32\wmidx.dll"
Wed 4 Aug 2004 53,760 A..H. --- "C:\WINDOWS\system32\narrator.exe"
Wed 4 Aug 2004 4,096 A..H. --- "C:\WINDOWS\system32\nddeapir.exe"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\nddenb32.dll"
Wed 4 Aug 2004 622,080 A..H. --- "C:\WINDOWS\system32\netcfgx.dll"
Wed 4 Aug 2004 111,104 A..H. --- "C:\WINDOWS\system32\netdde.exe"
Wed 4 Aug 2004 139,264 A..H. --- "C:\WINDOWS\system32\netid.dll"
Wed 4 Aug 2004 875,008 A..H. --- "C:\WINDOWS\system32\netplwiz.dll"
Wed 4 Aug 2004 86,016 A..H. --- "C:\WINDOWS\system32\netsh.exe"
Wed 4 Aug 2004 36,864 A..H. --- "C:\WINDOWS\system32\netstat.exe"
Wed 4 Aug 2004 248,832 A..H. --- "C:\WINDOWS\system32\newdev.dll"
Wed 4 Aug 2004 103,936 A..H. --- "C:\WINDOWS\system32\nlhtml.dll"
Wed 4 Aug 2004 54,784 A..H. --- "C:\WINDOWS\system32\npptools.dll"
Wed 4 Aug 2004 76,800 A..H. --- "C:\WINDOWS\system32\nslookup.exe"
Wed 4 Aug 2004 1,200,128 A..H. --- "C:\WINDOWS\system32\ntbackup.exe"
Wed 4 Aug 2004 34,560 A..H. --- "C:\WINDOWS\system32\ntio404.sys"
Wed 4 Aug 2004 35,648 A..H. --- "C:\WINDOWS\system32\ntio411.sys"
Wed 4 Aug 2004 35,424 A..H. --- "C:\WINDOWS\system32\ntio412.sys"
Wed 4 Aug 2004 34,560 A..H. --- "C:\WINDOWS\system32\ntio804.sys"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\ntlsapi.dll"
Wed 4 Aug 2004 40,960 A..H. --- "C:\WINDOWS\system32\ntmsapi.dll"
Wed 4 Aug 2004 179,712 A..H. --- "C:\WINDOWS\system32\ntmsdba.dll"
Wed 4 Aug 2004 488,448 A..H. --- "C:\WINDOWS\system32\ntmsmgr.dll"
Wed 4 Aug 2004 435,200 A..H. --- "C:\WINDOWS\system32\ntmssvc.dll"
Wed 4 Aug 2004 91,136 A..H. --- "C:\WINDOWS\system32\ntprint.dll"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\wmsdmod.dll"
Fri 27 May 2005 137,216 A..H. --- "C:\WINDOWS\system32\itss.dll"
Wed 4 Aug 2004 285,696 A..H. --- "C:\WINDOWS\system32\objsel.dll"
Wed 18 Oct 2006 603,648 A..H. --- "C:\WINDOWS\system32\WMSPDMOD.dll"
Wed 4 Aug 2004 26,224 A..H. --- "C:\WINDOWS\system32\odbc16gt.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\WINDOWS\system32\odbc32gt.dll"
Wed 4 Aug 2004 32,768 A..H. --- "C:\WINDOWS\system32\odbcad32.exe"
Wed 4 Aug 2004 24,576 A..H. --- "C:\WINDOWS\system32\odbcbcp.dll"
Wed 4 Aug 2004 69,632 A..H. --- "C:\WINDOWS\system32\odbcconf.exe"
Wed 4 Aug 2004 135,168 A..H. --- "C:\WINDOWS\system32\odbcconf.dll"
Wed 4 Aug 2004 106,496 A..H. --- "C:\WINDOWS\system32\odbccp32.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\odbccr32.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\odbccu32.dll"
Wed 4 Aug 2004 53,279 A..H. --- "C:\WINDOWS\system32\odbcji32.dll"
Wed 4 Aug 2004 278,559 A..H. --- "C:\WINDOWS\system32\odbcjt32.dll"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\odbcp32r.dll"
Wed 4 Aug 2004 147,456 A..H. --- "C:\WINDOWS\system32\odbctrac.dll"
Wed 4 Aug 2004 120,832 A..H. --- "C:\WINDOWS\system32\offfilt.dll"
Wed 4 Aug 2004 107,008 A..H. --- "C:\WINDOWS\system32\oleprn.dll"
Wed 4 Aug 2004 83,456 A..H. --- "C:\WINDOWS\system32\olepro32.dll"
Wed 4 Aug 2004 48,128 A..H. --- "C:\WINDOWS\system32\inetres.dll"
Wed 4 Aug 2004 713,728 A..H. --- "C:\WINDOWS\system32\opengl32.dll"
Wed 4 Aug 2004 215,552 A..H. --- "C:\WINDOWS\system32\osk.exe"
Wed 4 Aug 2004 116,224 A..H. --- "C:\WINDOWS\system32\p2p.dll"
Wed 4 Aug 2004 86,016 A..H. --- "C:\WINDOWS\system32\p2pgasvc.dll"
Wed 4 Aug 2004 312,320 A..H. --- "C:\WINDOWS\system32\p2pgraph.dll"
Wed 4 Aug 2004 88,064 A..H. --- "C:\WINDOWS\system32\p2pnetsh.dll"
Wed 4 Aug 2004 526,848 A..H. --- "C:\WINDOWS\system32\p2psvc.dll"
Wed 4 Aug 2004 58,368 A..H. --- "C:\WINDOWS\system32\packager.exe"
Wed 4 Aug 2004 283,648 A..H. --- "C:\WINDOWS\system32\pdh.dll"
Wed 4 Aug 2004 39,936 A..H. --- "C:\WINDOWS\system32\perfctrs.dll"
Wed 4 Aug 2004 26,624 A..H. --- "C:\WINDOWS\system32\perfdisk.dll"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\perfmon.exe"
Wed 4 Aug 2004 25,088 A..H. --- "C:\WINDOWS\system32\perfos.dll"
Wed 4 Aug 2004 34,816 A..H. --- "C:\WINDOWS\system32\perfproc.dll"
Wed 4 Aug 2004 176,128 A..H. --- "C:\WINDOWS\system32\photowiz.dll"
Wed 4 Aug 2004 35,328 A..H. --- "C:\WINDOWS\system32\pid.dll"
Wed 4 Aug 2004 24,064 A..H. --- "C:\WINDOWS\system32\pidgen.dll"
Wed 4 Aug 2004 17,920 A..H. --- "C:\WINDOWS\system32\ping.exe"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\WMVADVD.dll"
Wed 4 Aug 2004 48,640 A..H. --- "C:\WINDOWS\system32\pnrpnsp.dll"
Wed 4 Aug 2004 105,472 A..H. --- "C:\WINDOWS\system32\polstore.dll"
Wed 4 Aug 2004 49,152 A..H. --- "C:\WINDOWS\system32\powercfg.exe"
Wed 4 Aug 2004 109,568 A..H. --- "C:\WINDOWS\system32\progman.exe"
Wed 4 Aug 2004 50,176 A..H. --- "C:\WINDOWS\system32\proquota.exe"
Wed 4 Aug 2004 9,216 A..H. --- "C:\WINDOWS\system32\proxycfg.exe"
Wed 18 Oct 2006 2,450,944 A..H. --- "C:\WINDOWS\system32\wmvcore.dll"
Wed 4 Aug 2004 192,512 A..H. --- "C:\WINDOWS\system32\qcap.dll"
Wed 4 Aug 2004 279,040 A..H. --- "C:\WINDOWS\system32\qdv.dll"
Wed 4 Aug 2004 385,024 A..H. --- "C:\WINDOWS\system32\qdvd.dll"
Wed 4 Aug 2004 562,176 A..H. --- "C:\WINDOWS\system32\qedit.dll"
Wed 4 Aug 2004 733,696 A..H. --- "C:\WINDOWS\system32\qedwipes.dll"
Thu 22 Jun 2006 69,120 A..H. --- "C:\WINDOWS\system32\ciodm.dll"
Wed 4 Aug 2004 89,088 A..H. --- "C:\WINDOWS\system32\rasauto.dll"
Wed 4 Aug 2004 657,920 A..H. --- "C:\WINDOWS\system32\rasdlg.dll"
Wed 18 Oct 2006 1,543,680 ...H. --- "C:\WINDOWS\system32\WMVDECOD.dll"
Wed 4 Aug 2004 56,832 A..H. --- "C:\WINDOWS\system32\rasphone.exe"
Wed 4 Aug 2004 206,336 A..H. --- "C:\WINDOWS\system32\rasppp.dll"
Wed 4 Aug 2004 16,896 A..H. --- "C:\WINDOWS\system32\rassapi.dll"
Wed 4 Aug 2004 58,880 A..H. --- "C:\WINDOWS\system32\rastapi.dll"
Wed 4 Aug 2004 102,400 A..H. --- "C:\WINDOWS\system32\rcbdyctl.dll"
Wed 4 Aug 2004 35,840 A..H. --- "C:\WINDOWS\system32\rcimlby.exe"
Wed 4 Aug 2004 21,504 A..H. --- "C:\WINDOWS\system32\rcp.exe"
Wed 4 Aug 2004 3,338 A..H. --- "C:\WINDOWS\system32\redir.exe"
Wed 4 Aug 2004 50,176 A..H. --- "C:\WINDOWS\system32\reg.exe"
Wed 4 Aug 2004 397,824 A..H. --- "C:\WINDOWS\system32\regwizc.dll"
Thu 6 Oct 2005 1,839,488 A..H. --- "C:\WINDOWS\system32\win32k.sys"
Wed 4 Aug 2004 58,880 A..H. --- "C:\WINDOWS\system32\resutils.dll"
Wed 4 Aug 2004 13,824 A..H. --- "C:\WINDOWS\system32\rexec.exe"
Wed 4 Aug 2004 537,088 A..H. --- "C:\WINDOWS\system32\msftedit.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\rsh.exe"
Wed 4 Aug 2004 39,936 A..H. --- "C:\WINDOWS\system32\rshx32.dll"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\rsmps.dll"
Wed 4 Aug 2004 107,520 A..H. --- "C:\WINDOWS\system32\rsnotify.exe"
Wed 4 Aug 2004 77,312 A..H. --- "C:\WINDOWS\system32\rtcshare.exe"
Wed 4 Aug 2004 31,744 A..H. --- "C:\WINDOWS\system32\rtipxmib.dll"
Wed 4 Aug 2004 14,336 A..H. --- "C:\WINDOWS\system32\runonce.exe"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\savedump.exe"
Wed 4 Aug 2004 270,848 A..H. --- "C:\WINDOWS\system32\sbe.dll"
Wed 4 Aug 2004 159,232 A..H. --- "C:\WINDOWS\system32\sbeio.dll"
Wed 4 Aug 2004 69,632 A..H. --- "C:\WINDOWS\system32\scarddlg.dll"
Wed 4 Aug 2004 95,744 A..H. --- "C:\WINDOWS\system32\scardsvr.exe"
Wed 4 Aug 2004 169,984 A..H. --- "C:\WINDOWS\system32\sccbase.dll"
Wed 4 Aug 2004 171,008 A..H. --- "C:\WINDOWS\system32\sccsccp.dll"
Wed 4 Aug 2004 159,744 A..H. --- "C:\WINDOWS\system32\scrobj.dll"
Wed 4 Aug 2004 151,552 A..H. --- "C:\WINDOWS\system32\scrrun.dll"
Wed 4 Aug 2004 121,856 A..H. --- "C:\WINDOWS\system32\schtasks.exe"
Wed 4 Aug 2004 77,312 A..H. --- "C:\WINDOWS\system32\sdbinst.exe"
Wed 4 Aug 2004 29,184 A..H. --- "C:\WINDOWS\system32\sdhcinst.dll"
Wed 4 Aug 2004 18,432 A..H. --- "C:\WINDOWS\system32\secedit.exe"
Wed 4 Aug 2004 5,632 A..H. --- "C:\WINDOWS\system32\security.dll"
Wed 4 Aug 2004 29,184 A..H. --- "C:\WINDOWS\system32\sendcmsg.dll"
Wed 4 Aug 2004 55,296 A..H. --- "C:\WINDOWS\system32\sendmail.dll"
Wed 4 Aug 2004 31,232 A..H. --- "C:\WINDOWS\system32\sethc.exe"
Wed 4 Aug 2004 23,040 A..H. --- "C:\WINDOWS\system32\setup.exe"
Wed 4 Aug 2004 140,288 A..H. --- "C:\WINDOWS\system32\sfc_os.dll"
Wed 4 Aug 2004 549,376 A..H. --- "C:\WINDOWS\system32\shdoclc.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\WINDOWS\system32\shimeng.dll"
Wed 4 Aug 2004 438,272 A..H. --- "C:\WINDOWS\system32\shimgvw.dll"
Wed 4 Aug 2004 42,496 A..H. --- "C:\WINDOWS\system32\shmgrate.exe"
Wed 4 Aug 2004 77,824 A..H. --- "C:\WINDOWS\system32\shrpubw.exe"
Wed 4 Aug 2004 27,648 A..H. --- "C:\WINDOWS\system32\shscrap.dll"
Wed 4 Aug 2004 19,456 A..H. --- "C:\WINDOWS\system32\shutdown.exe"
Wed 4 Aug 2004 13,312 A..H. --- "C:\WINDOWS\system32\sigtab.dll"
Wed 4 Aug 2004 70,144 A..H. --- "C:\WINDOWS\system32\sigverif.exe"
Wed 4 Aug 2004 26,112 A..H. --- "C:\WINDOWS\system32\skeys.exe"
Wed 4 Aug 2004 306,176 A..H. --- "C:\WINDOWS\system32\slbcsp.dll"
Wed 4 Aug 2004 98,304 A..H. --- "C:\WINDOWS\system32\slbiop.dll"
Wed 4 Aug 2004 8,192 A..H. --- "C:\WINDOWS\system32\smbinst.exe"
Wed 4 Aug 2004 363,008 A..H. --- "C:\WINDOWS\system32\smlogcfg.dll"
Wed 4 Aug 2004 89,600 A..H. --- "C:\WINDOWS\system32\smlogsvc.exe"
Wed 4 Aug 2004 18,944 A..H. --- "C:\WINDOWS\system32\snmpapi.dll"
Wed 4 Aug 2004 182,272 A..H. --- "C:\WINDOWS\system32\snmpsnap.dll"
Wed 4 Aug 2004 12,800 A..H. --- "C:\WINDOWS\system32\spiisupd.exe"
Wed 4 Aug 2004 442,368 A..H. --- "C:\WINDOWS\system32\sqlsrv32.dll"
Wed 4 Aug 2004 180,800 A..H. --- "C:\WINDOWS\system32\sqlunirl.dll"
Wed 4 Aug 2004 34,816 A..H. --- "C:\WINDOWS\system32\ssdpapi.dll"
Wed 4 Aug 2004 71,680 A..H. --- "C:\WINDOWS\system32\ssdpsrv.dll"
Wed 4 Aug 2004 67,584 A..H. --- "C:\WINDOWS\system32\sti.dll"
Wed 4 Aug 2004 136,704 A..H. --- "C:\WINDOWS\system32\sti_ci.dll"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\stimon.exe"
Wed 4 Aug 2004 75,776 A..H. --- "C:\WINDOWS\system32\strmfilt.dll"
Wed 4 Aug 2004 57,856 A..H. --- "C:\WINDOWS\system32\synceng.dll"
Wed 4 Aug 2004 191,488 A..H. --- "C:\WINDOWS\system32\syncui.dll"
Wed 4 Aug 2004 105,984 A..H. --- "C:\WINDOWS\system32\sysocmgr.exe"
Wed 1 Mar 2006 91,136 A..H. --- "C:\WINDOWS\system32\mtxoci.dll"
Wed 4 Aug 2004 858,624 A..H. --- "C:\WINDOWS\system32\tapi3.dll"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\wmvdmod.dll"
Wed 4 Aug 2004 135,680 A..H. --- "C:\WINDOWS\system32\taskmgr.exe"
Wed 4 Aug 2004 14,848 A..H. --- "C:\WINDOWS\system32\tcpmib.dll"
Wed 4 Aug 2004 45,568 A..H. --- "C:\WINDOWS\system32\tcpmonui.dll"
Wed 18 Oct 2006 4,096 A..H. --- "C:\WINDOWS\system32\wmvdmoe2.dll"
Wed 1 Mar 2006 66,560 A..H. --- "C:\WINDOWS\system32\mtxclu.dll"
Wed 4 Aug 2004 358,400 A..H. --- "C:\WINDOWS\system32\termmgr.dll"
Wed 4 Aug 2004 7,168 A..H. --- "C:\WINDOWS\system32\tlntsvrp.dll"
Wed 4 Aug 2004 78,336 A..H. --- "C:\WINDOWS\system32\tlntsess.exe"
Wed 4 Aug 2004 61,440 A..H. --- "C:\WINDOWS\system32\tlntadmn.exe"
Wed 4 Aug 2004 73,216 A..H. --- "C:\WINDOWS\system32\tlntsvr.exe"
Wed 4 Aug 2004 259,584 A..H. --- "C:\WINDOWS\system32\tracerpt.exe"
Wed 4 Aug 2004 12,288 A..H. --- "C:\WINDOWS\system32\tracert.exe"
Wed 4 Aug 2004 15,872 A..H. --- "C:\WINDOWS\system32\w3ssl.dll"
Wed 4 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\twext.dll"
Tue 26 Jul 2005 397,824 A..H. ---
  • 0

#9
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi honkynel,


Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uimsg"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"5pTIYLEW2I"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgact"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68dfbd60-3a49-11dd-883f-001731f5f1a5}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2d5e404-2b11-11dd-8817-001731f5f1a5}]
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Updating Java and Clearing Cache:
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going Here
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Settings button, then the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
    • Applications & Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.


I see you have Azureus & BearShare installed on your system.
While these programs themselves are legal, most of the files downloaded with them, are not.
These programs can also be some of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling Azureus & BearShare as outlined below.


Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Azureus
    Azureus Vuze
    BearShare
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java™ SE Runtime Environment 6 Update 1

    Please take note of any other programs that you don't recognise in that list, and include them in your next response



Delete bad services
Please hgihlight all of the text in the Code box below.
Now, copy (Ctrl+C) and paste (Ctrl+V) the following to a new Notepad file.
Save the file, making sure that the Save as type box is set to "All Files", and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop LckFldService
sc delete LckFldService
exit

Double click FixServices.bat. A window will open and close. This is normal.


Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\nzpkclb
    C:\Documents and Settings\Neil Fagan\Application Data\Azureus
    C:\Documents and Settings\Neil Fagan\Application Data\BearShare
    C:\Program Files\Azureus
    C:\Program Files\BearShare Applications
    C:\Program Files\nzpkclb
    C:\WINDOWS\system32\ezsidmv.dat
    C:\DOCUME~1\NEILFA~1\LOCALS~1\Temp\_iu14D2N.tmp
    C:\WINDOWS\system32\xivmbchi.exe
    C:\Documents and Settings\Neil Fagan\Desktop\FlashPlayerH264Ext.exe
  • Return to OTMoveIt, right click on the Paste list of Files/Folders to be moved window (under the Yellow bar) and choose Paste.
  • Make sure that there is a tick next to Unregister Dll's and OCX's
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place, like C:\Kavscan.txt
  • Please post this log in your next reply.


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
  • Also include the text from C:\Kavscan.txt & C:\otmove.txt
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0

#10
honkynel

honkynel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Well done mate!
My pc is running 110% better thank you. At least that's how I percieve it at this moment in time.
You might say it's still wrong but it's deffo better (no windows security pop-ups etc.) than it was.
thank you.
here are my logs...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:26, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186408917187
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} - http://drmlicense.on...e/en/crlocx.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7824 bytes

kavscan.txt

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 07, 2008 00:33:08
Records in database: 1064003
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 115934
Threat name: 7
Infected objects: 12
Suspicious objects: 1
Duration of the scan: 01:30:46


File name / Threat name / Threats count
C:\Documents and Settings\Neil Fagan\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP347\A0081638.dll Infected: not-a-virus:AdTool.Win32.Zango.ae 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP348\A0081732.dll Infected: not-a-virus:AdWare.Win32.Shopper.v 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081840.exe Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081841.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081844.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081846.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081852.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081855.dll Infected: not-a-virus:WebToolbar.Win32.Zango.aw 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081856.dll Infected: not-a-virus:WebToolbar.Win32.Zango.aw 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP350\A0081873.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck 1
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP350\A0082930.exe Infected: not-a-virus:AdTool.Win32.Zango.ag 1
C:\Deckard\System Scanner\20080805110109\backup\DOCUME~1\NEILFA~1\LOCALS~1\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1

The selected area was scanned.


otmove.txt

C:\Program Files\nzpkclb moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\active\6656B0436436969E6A85450C7C6238261A11EB39 moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\active moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\dht\net3 moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\dht moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\logs\save moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\logs moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\media\azpd moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\media moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\net moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\plugins\azemp moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\plugins moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\shares moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\tmp moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\torrents moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus\updates moved successfully.
C:\Documents and Settings\Neil Fagan\Application Data\Azureus moved successfully.
File/Folder C:\Documents and Settings\Neil Fagan\Application Data\BearShare not found.
C:\Program Files\Azureus\plugins\azupnpav moved successfully.
C:\Program Files\Azureus\plugins\azrating moved successfully.
C:\Program Files\Azureus\plugins\azupdater moved successfully.
C:\Program Files\Azureus\plugins\azplugins moved successfully.
C:\Program Files\Azureus\plugins moved successfully.
C:\Program Files\Azureus moved successfully.
C:\Program Files\BearShare Applications\BearShare moved successfully.
C:\Program Files\BearShare Applications moved successfully.
File/Folder C:\Program Files\nzpkclb not found.
C:\WINDOWS\system32\ezsidmv.dat moved successfully.
File/Folder C:\DOCUME~1\NEILFA~1\LOCALS~1\Temp\_iu14D2N.tmp not found.
C:\WINDOWS\system32\xivmbchi.exe moved successfully.
File/Folder C:\Documents and Settings\Neil Fagan\Desktop\FlashPlayerH264Ext.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08062008_233712
  • 0

Advertisements


#11
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
This line

C:\Documents and Settings\Neil Fagan\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

is a little problematic.
The simple answer is to trash that file & setup another in Outlook.
That loses all you contacts, emails etc.

Let's try a fairly new online scanner that apparently can clean a .pst file.
One drawback, it is a very slow scan.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install.
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan -->>(This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Browse to the C:\Program Files\EsetOnlineScanner folder & use Notepad to open the log.txt file
  • Copy and paste that text as your next reply to this topic.

  • 0

#12
honkynel

honkynel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
here you are
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3336 (20080807)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=b290504c4072ae4fae4de2a8fb31f5eb
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-07 01:31:02
# local_time=2008-08-07 02:31:02 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=368466
# found=21
# scan_time=1995
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP347\A0081638.dll Win32/Adware.180Solutions application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP348\A0081732.dll Win32/Adware.Toolbar.Shopper application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081839.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081840.exe Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081841.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081842.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081843.exe Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081844.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081846.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081847.exe probably a variant of Win32/Adware.180Solutions application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081848.dll Win32/Adware.180Solutions application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081850.exe multiple infiltrations (deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081850.exe »NSIS »Resource.dll Win32/Adware.Toolbar.ZangoBar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081850.exe »NSIS »Uninst.dll Win32/Adware.HotBar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081850.exe »NSIS »LaunchHelp.dll Win32/Adware.HotBar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081852.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP349\A0081854.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP350\A0081873.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP350\A0081874.dll Win32/Adware.HotBar application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{E8F510EB-36CF-4732-ABB4-0921A7225276}\RP350\A0082930.exe Win32/Adware.180Solutions application (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\08062008_233712\WINDOWS\system32\xivmbchi.exe a variant of Win32/TrojanDownloader.FakeAlert.BP trojan (unable to clean - deleted) 00000000000000000000000000000000
  • 0

#13
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
That didn't really do what I'd hoped.-

Can you run an update on your AVG.
When the update is complete, navigate to the C:\Documents and Settings\Neil Fagan\Local Settings\Application Data\Microsoft\Outlook folder.
Right click on the Outlook.pst file and scan it with AVG.
Send me the results of that scan.
  • 0

#14
honkynel

honkynel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I scanned the .pst file and AVG said there was no threat found.
  • 0

#15
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Alright, it sounds like that may have been a false positive on Kaspersky's part. So...

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Cleanup with OTMoveIt:
  • Please double-click OTMoveIt2.exe to run it.
  • Click the Clean up button
  • Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
  • Click Yes to the reboot.

To Clear Restore points, please do the following:
  • Go to Start > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP