Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

clicksearchclick [CLOSED]

Started by ashjd , Jun 12 2005 04:53 PM

  • This topic is locked This topic is locked

#1
ashjd
Posted 12 June 2005 - 04:53 PM

ashjd

    New Member

  • Member
  • Pip
  • 4 posts
Hi there. Clicksearchclick.com web page keeps appearing as my homepage and most the time when i click on certain links. This is why i am unable to carry out your preperations as it just links to clicksearchclick :tazz: I have run the free microsoft antispyware as well as ad-adware but these did not help.

Will formatting the harddrive and reinstallling Windows xp proffessional solve the problem?

Thanks for your help in advance
Cheers, Ash
  • 0

Advertisements

#2
ashjd
Posted 13 June 2005 - 06:13 AM

ashjd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have managed to get the hijack this thing working ....

Logfile of HijackThis v1.99.1
Scan saved at 13:12:20, on 13/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John.JOHN-FABW6F91RH\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bham.ac.uk:8008
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118617465416
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Cheers
  • 0

#3
ScHwErV
Posted 13 June 2005 - 06:29 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
ashjd

Hello and welcome to Geeks To Go!

Before we get started, I am going to need you to do a few things to make sure the fix I provide will work.

I need you to uninstall Microsoft Antispyware. Its "protection" features will hinder our ability to clean your computer.

After you do that, please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Along with those results, please post a fresh HiJackThis log.

ScHwErV :tazz:
  • 0

#4
ashjd
Posted 13 June 2005 - 08:29 AM

ashjd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey, thanks for such a quick reply,

I have uninstalled the Microsoft antispyware and scanned with bitdefender with the following results...


//-----------------------------------------------------------------
//
// Product: BitDefender 8 Professional Plus
// Version: 8.0
//
// Created on: 13/06/2005 15:13:11
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\WINDOWS\System32\
Folders : 147
Files : 6669
Archives : 22
Packed files : 227
Identified viruses : 10
Infected files : 18
Warnings : 0
Suspect files : 2
Disinfected files : 0
Deleted files : 3
Copied files : 0
Moved files : 17
Renamed files : 0
I/O errors : 10
Scan time : 00:06:55
Scan speed (files/sec) : 16

Virus definitions : 173494
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY(2).DLL Infected Trojan.Websearch.I
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY(2).DLL Disinfection failed
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY(2).DLL Moved
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY(3).DLL Infected Trojan.Websearch.I
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY(3).DLL Disinfection failed
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY(3).DLL Moved
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY.DLL Infected Trojan.Websearch.I
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY.DLL Disinfection failed
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SECURITY.DLL Moved
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST.DLL Infected Trojan.WebSearch.J
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST.DLL Deleted
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST.EXE Infected Trojan.Websearch.J
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST.EXE Disinfection failed
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST.EXE Moved
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST32.DLL Infected Trojan.Websearch.J
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST32.DLL Disinfection failed
C:\WINDOWS\System32\Services\{B34A05EF-021C-41F8-917D-ADA6901A27EE}\SVCHOST32.DLL Moved
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SECURITY.DLL Infected Trojan.Websearch.I
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SECURITY.DLL Disinfection failed
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SECURITY.DLL Moved
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.DLL Infected Trojan.WebSearch.J
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.DLL Deleted
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE Infected Trojan.Websearch.J
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE Disinfection failed
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE Moved
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST32.DLL Infected Trojan.Websearch.J
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST32.DLL Disinfection failed
C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST32.DLL Moved
C:\WINDOWS\System32\vxgame1.exe Suspect BehavesLike:Trojan.FWDisable
C:\WINDOWS\System32\vxgame1.exe Disinfection failed
C:\WINDOWS\System32\vxgame1.exe Moved
C:\WINDOWS\System32\vxgame2.exe Infected Dropped:Backdoor.Agent.IW
C:\WINDOWS\System32\vxgame2.exe Disinfection failed
C:\WINDOWS\System32\vxgame2.exe Moved
C:\WINDOWS\System32\vxgamet1.exe Infected Trojan.Downloader.Small.AQT
C:\WINDOWS\System32\vxgamet1.exe Disinfection failed
C:\WINDOWS\System32\vxgamet1.exe Moved
C:\WINDOWS\System32\vxgamet2.exe Infected Trojan.LowZones.Y
C:\WINDOWS\System32\vxgamet2.exe Disinfection failed
C:\WINDOWS\System32\vxgamet2.exe Moved
C:\WINDOWS\System32\vxh8jkdq1.exe Infected Dropped:Trojan.Downloader.Small.AJP
C:\WINDOWS\System32\vxh8jkdq1.exe Disinfection failed
C:\WINDOWS\System32\vxh8jkdq1.exe Moved
C:\WINDOWS\System32\vxh8jkdq5.exe Infected Trojan.Downloader.Small.AWA
C:\WINDOWS\System32\vxh8jkdq5.exe Disinfection failed
C:\WINDOWS\System32\vxh8jkdq5.exe Moved
C:\WINDOWS\System32\vxh8jkdq6.exe Infected Trojan.Downloader.Small.AUX
C:\WINDOWS\System32\vxh8jkdq6.exe Disinfection failed
C:\WINDOWS\System32\vxh8jkdq6.exe Moved
C:\WINDOWS\System32\vxh8jkdq7.exe Suspect BehavesLike:Trojan.Downloader
C:\WINDOWS\System32\vxh8jkdq7.exe Disinfection failed
C:\WINDOWS\System32\vxh8jkdq7.exe Moved
C:\WINDOWS\System32\vxh8jkdq8.exe Infected Dropped:Trojan.Downloader.Small.AJP
C:\WINDOWS\System32\vxh8jkdq8.exe Disinfection failed
C:\WINDOWS\System32\vxh8jkdq8.exe Moved
C:\WINDOWS\System32\~update.exe Infected Trojan.Crypt.C
C:\WINDOWS\System32\~update.exe Deleted

Scanned files

C:\=>Master Boot Record 80 OK
C:\=>Partition Boot 1 (primary) (active) OK
C:\WINDOWS\System32\$$$_.log OK
C:\WINDOWS\System32\$winnt$.inf OK
C:\WINDOWS\System32\1033\dwintl.dll OK
C:\WINDOWS\System32\12520437.cpx OK
C:\WINDOWS\System32\12520850.cpx OK
C:\WINDOWS\System32\6to4svc.dll OK
C:\WINDOWS\System32\a3d.dll OK
C:\WINDOWS\System32\aaaamon.dll OK
C:\WINDOWS\System32\access.cpl OK
C:\WINDOWS\System32\acctres.dll OK
C:\WINDOWS\System32\accwiz.exe OK
C:\WINDOWS\System32\acelpdec.ax OK
C:\WINDOWS\System32\acledit.dll OK
C:\WINDOWS\System32\aclui.dll OK
C:\WINDOWS\System32\activeds.dll OK
C:\WINDOWS\System32\activeds.tlb OK
C:\WINDOWS\System32\actmovie.exe OK
C:\WINDOWS\System32\actxprxy.dll OK
C:\WINDOWS\System32\admparse.dll OK
C:\WINDOWS\System32\adptif.dll OK
C:\WINDOWS\System32\adsldp.dll OK
C:\WINDOWS\System32\adsldpc.dll OK
C:\WINDOWS\System32\adsmsext.dll OK
C:\WINDOWS\System32\adsnds.dll OK
C:\WINDOWS\System32\adsnt.dll OK
C:\WINDOWS\System32\adsnw.dll OK
C:\WINDOWS\System32\advapi32.dll OK
C:\WINDOWS\System32\advpack.dll OK
C:\WINDOWS\System32\AegisE5.dll OK
C:\WINDOWS\System32\agrsmdel.exe OK
C:\WINDOWS\System32\ahui.exe OK
C:\WINDOWS\System32\alg.exe OK
C:\WINDOWS\System32\alrsvc.dll OK
C:\WINDOWS\System32\amcompat.tlb OK
C:\WINDOWS\System32\amstream.dll OK
C:\WINDOWS\System32\ansi.sys OK
C:\WINDOWS\System32\apcups.dll OK
C:\WINDOWS\System32\append.exe OK
C:\WINDOWS\System32\apphelp.dll OK
C:\WINDOWS\System32\appmgmts.dll OK
C:\WINDOWS\System32\appmgr.dll OK
C:\WINDOWS\System32\appwiz.cpl OK
C:\WINDOWS\System32\arp.exe OK
C:\WINDOWS\System32\asctrls.ocx OK
C:\WINDOWS\System32\asferror.dll OK
C:\WINDOWS\System32\asfsipc.dll OK
C:\WINDOWS\System32\asr_fmt.exe OK
C:\WINDOWS\System32\asr_ldm.exe OK
C:\WINDOWS\System32\asycfilt.dll OK
C:\WINDOWS\System32\at.exe OK
C:\WINDOWS\System32\atkctrs.dll OK
C:\WINDOWS\System32\atl.dll OK
C:\WINDOWS\System32\atmadm.exe OK
C:\WINDOWS\System32\atmfd.dll OK
C:\WINDOWS\System32\atmlib.dll OK
C:\WINDOWS\System32\atmpvcno.dll OK
C:\WINDOWS\System32\atrace.dll OK
C:\WINDOWS\System32\attrib.exe OK
C:\WINDOWS\System32\audiosrv.dll OK
C:\WINDOWS\System32\authz.dll OK
C:\WINDOWS\System32\autochk.exe OK
C:\WINDOWS\System32\autoconv.exe OK
C:\WINDOWS\System32\autodisc.dll OK
C:\WINDOWS\System32\AUTOEXEC.NT OK
C:\WINDOWS\System32\autofmt.exe OK
C:\WINDOWS\System32\autolfn.exe OK
C:\WINDOWS\System32\avicap.dll OK
C:\WINDOWS\System32\avicap32.dll OK
C:\WINDOWS\System32\avifil32.dll OK
C:\WINDOWS\System32\avifile.dll OK
C:\WINDOWS\System32\avmeter.dll OK
C:\WINDOWS\System32\avtapi.dll OK
C:\WINDOWS\System32\avwav.dll OK
C:\WINDOWS\System32\B11gUSB.dll OK
C:\WINDOWS\System32\basesrv.dll OK
C:\WINDOWS\System32\batmeter.dll OK
C:\WINDOWS\System32\batt.dll OK
C:\WINDOWS\System32\bidispl.dll OK
C:\WINDOWS\System32\bios1.rom OK
C:\WINDOWS\System32\bios4.rom OK
C:\WINDOWS\System32\blackbox.dll OK
C:\WINDOWS\System32\bootcfg.exe OK
C:\WINDOWS\System32\bootok.exe OK
C:\WINDOWS\System32\bootvid.dll OK
C:\WINDOWS\System32\bootvrfy.exe OK
C:\WINDOWS\System32\bopomofo.uce OK
C:\WINDOWS\System32\bre32.dll OK
C:\WINDOWS\System32\browselc.dll OK
C:\WINDOWS\System32\browser.dll OK
C:\WINDOWS\System32\browseui.dll OK
C:\WINDOWS\System32\browsewm.dll OK
C:\WINDOWS\System32\cabinet.dll OK
C:\WINDOWS\System32\cabview.dll OK
C:\WINDOWS\System32\cacls.exe OK
C:\WINDOWS\System32\calc.exe OK
C:\WINDOWS\System32\camocx.dll OK
C:\WINDOWS\System32\capesnpn.dll OK
C:\WINDOWS\System32\cards.dll OK
C:\WINDOWS\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\FP4.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HPCRDP.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IASNT4.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IMS.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MAPIMIG.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSMSGS.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSTSWEB.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MW770.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5IIS.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NTPRINT.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem10.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem11.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem13.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem14.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem16.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem18.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem21.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem23.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem24.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem25.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem26.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem4.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem6.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem9.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\OEMBIOS.CAT OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp OK
C:\WINDOWS\System32\CatRoot2\dberr.txt OK
C:\WINDOWS\System32\CatRoot2\edb.chk OK
C:\WINDOWS\System32\CatRoot2\edb.log OK
C:\WINDOWS\System32\CatRoot2\edb00001.log OK
C:\WINDOWS\System32\CatRoot2\res1.log OK
C:\WINDOWS\System32\CatRoot2\res2.log OK
C:\WINDOWS\System32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb OK
C:\WINDOWS\System32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp OK
C:\WINDOWS\System32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb OK
C:\WINDOWS\System32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp OK
C:\WINDOWS\System32\catsrv.dll OK
C:\WINDOWS\System32\catsrvps.dll OK
C:\WINDOWS\System32\catsrvut.dll OK
C:\WINDOWS\System32\ccfgnt.dll OK
C:\WINDOWS\System32\ccPasswd.dll OK
C:\WINDOWS\System32\ccrpftv6.ocx OK
C:\WINDOWS\System32\ccTrust.dll OK
C:\WINDOWS\System32\cdfview.dll OK
C:\WINDOWS\System32\cdm.dll OK
C:\WINDOWS\System32\cdmodem.dll OK
C:\WINDOWS\System32\cdosys.dll OK
C:\WINDOWS\System32\cdplayer.exe.manifest OK
C:\WINDOWS\System32\cehelper.dll OK
C:\WINDOWS\System32\certcli.dll OK
C:\WINDOWS\System32\certmgr.dll OK
C:\WINDOWS\System32\certmgr.msc OK
C:\WINDOWS\System32\cewmdm.dll OK
C:\WINDOWS\System32\cfgbkend.dll OK
C:\WINDOWS\System32\cfgmgr32.dll OK
C:\WINDOWS\System32\charmap.exe OK
C:\WINDOWS\System32\chcp.com OK
C:\WINDOWS\System32\chkdsk.exe OK
C:\WINDOWS\System32\chkntfs.exe OK
C:\WINDOWS\System32\ciadmin.dll OK
C:\WINDOWS\System32\ciadv.msc OK
C:\WINDOWS\System32\cic.dll OK
C:\WINDOWS\System32\cidaemon.exe OK
C:\WINDOWS\System32\ciodm.dll OK
C:\WINDOWS\System32\cipher.exe OK
C:\WINDOWS\System32\cisvc.exe OK
C:\WINDOWS\System32\ckcnv.exe OK
C:\WINDOWS\System32\clb.dll OK
C:\WINDOWS\System32\clbcatex.dll OK
C:\WINDOWS\System32\clbcatq.dll OK
C:\WINDOWS\System32\cleanmgr.exe OK
C:\WINDOWS\System32\CleanUp.exe OK
C:\WINDOWS\System32\cliconf.chm OK
C:\WINDOWS\System32\cliconf.chm=>/#SYSTEM OK
C:\WINDOWS\System32\cliconf.chm=>/_what_is_microsoft_sql_server_client_configurationy.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_what_is_microsoft_sql_server_client_configurationy.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_general.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_general.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_named_pipes_protocol_default_value_setup.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_named_pipes_protocol_default_value_setup.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_tcp!ip_protocol_default_value_setup.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_tcp!ip_protocol_default_value_setup.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_multiprotocol_protocol_default_value_setup.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_multiprotocol_protocol_default_value_setup.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_nwlink_ipx!spx_protocol_default_value_setup.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_nwlink_ipx!spx_protocol_default_value_setup.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_appletalk_protocol_default_value_setup.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_appletalk_protocol_default_value_setup.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_banyan_vines_protocol_default_value_setup.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_banyan_vines_protocol_default_value_setup.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_via_protocol_default_value_setup.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_via_protocol_default_value_setup.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_alias.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_alias.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_namedpipes.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_namedpipes.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_tcpip.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_tcpip.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_multi.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_multi.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx1.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx1.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx2.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx2.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_apple.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_apple.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_vines.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_vines.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_add_(or_edit)_via_library_configuration.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_add_(or_edit)_via_library_configuration.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_others.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_others.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_dblib.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_dblib.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/idh_netlib.htm OK
C:\WINDOWS\System32\cliconf.chm=>/idh_netlib.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_managing_clients.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_managing_clients.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_check_the_library_version_numbers.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_check_the_library_version_numbers.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_set_db.2d.library_conversion_preference.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_set_db.2d.library_conversion_preference.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_alias_a_client_to_an_alternate_pipe.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_alias_a_client_to_an_alternate_pipe.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_topic_unavailable_in_help.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_topic_unavailable_in_help.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/_sql_server_2000_copyright_and_disclaimer.htm OK
C:\WINDOWS\System32\cliconf.chm=>/_sql_server_2000_copyright_and_disclaimer.htm=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coUA.css OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coUA_Ex.css OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coUA_Print.css OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/vs70_5.css OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto.css OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/shared.js OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/vs70link.js OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/vs70link.js=>(JAVASCRIPT 1) OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/vs70link.js=>(JAVASCRIPT 4) OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/vs70.js OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto.js OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto.js=>(JAVASCRIPT 1) OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto.js=>(JAVASCRIPT 2) OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto.js=>(JAVASCRIPT 3) OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/banner.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/banner2.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/banner_.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/banner_2.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/caution.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coC.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coCb.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coE.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coEb.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/elle.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/important.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/note.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/relglyph.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/relglyph_.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/relglyph_c.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/shortcutclick.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/shortcutcold.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/shortcuthot.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/spacer.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/warning.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/keybrd.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/keybrd_c.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/keybrd_.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto_.gif OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/mailto_c.gif OK
C:\WINDOWS\System32\cliconf.chm=>/cliconf.hhc OK
C:\WINDOWS\System32\cliconf.chm=>/#WINDOWS OK
C:\WINDOWS\System32\cliconf.chm=>/#IVB OK
C:\WINDOWS\System32\cliconf.chm=>/$WWKeywordLinks/Property OK
C:\WINDOWS\System32\cliconf.chm=>/$WWAssociativeLinks/Property OK
C:\WINDOWS\System32\cliconf.chm=>/$OBJINST OK
C:\WINDOWS\System32\cliconf.chm=>/$FIftiMain OK
C:\WINDOWS\System32\cliconf.chm=>/#IDXHDR OK
C:\WINDOWS\System32\cliconf.chm=>/#TOCIDX OK
C:\WINDOWS\System32\cliconf.chm=>/#TOPICS OK
C:\WINDOWS\System32\cliconf.chm=>/#URLTBL OK
C:\WINDOWS\System32\cliconf.chm=>/#URLSTR OK
C:\WINDOWS\System32\cliconf.chm=>/#STRINGS OK
C:\WINDOWS\System32\cliconfg.dll OK
C:\WINDOWS\System32\cliconfg.exe OK
C:\WINDOWS\System32\cliconfg.rll OK
C:\WINDOWS\System32\clipbrd.exe OK
C:\WINDOWS\System32\clipsrv.exe OK
C:\WINDOWS\System32\clusapi.dll OK
C:\WINDOWS\System32\cmcfg32.dll OK
C:\WINDOWS\System32\cmd.exe OK
C:\WINDOWS\System32\cmdial32.dll OK
C:\WINDOWS\System32\cmdl32.exe OK
C:\WINDOWS\System32\cmdlib.wsc OK
C:\WINDOWS\System32\cmdlib.wsc=>(VBSCRIPT 1) OK
C:\WINDOWS\System32\cmmgr32.hlp OK
C:\WINDOWS\System32\cmmon32.exe OK
C:\WINDOWS\System32\cmos.ram OK
C:\WINDOWS\System32\cmpbk32.dll OK
C:\WINDOWS\System32\cmprops.dll OK
C:\WINDOWS\System32\cmstp.exe OK
C:\WINDOWS\System32\cmutil.dll OK
C:\WINDOWS\System32\cnbjmon.dll OK
C:\WINDOWS\System32\cnetcfg.dll OK
C:\WINDOWS\System32\CNMLM66.DLL OK
C:\WINDOWS\System32\CNMVS66.DLL OK
C:\WINDOWS\System32\cnvfat.dll OK
C:\WINDOWS\System32\colbact.dll OK
C:\WINDOWS\System32\Com\comadmin.dll OK
C:\WINDOWS\System32\Com\comempty.dat OK
C:\WINDOWS\System32\Com\comexp.msc OK
C:\WINDOWS\System32\Com\comrepl.exe OK
C:\WINDOWS\System32\Com\comrereg.exe OK
C:\WINDOWS\System32\Com\mtsadmin.tlb OK
C:\WINDOWS\System32\comaddin.dll OK
C:\WINDOWS\System32\comcat.dll OK
C:\WINDOWS\System32\comct332.ocx OK
C:\WINDOWS\System32\comctl32.dll OK
C:\WINDOWS\System32\comdlg32.dll OK
C:\WINDOWS\System32\comdlg32.ocx OK
C:\WINDOWS\System32\comm.drv OK
C:\WINDOWS\System32\command.com OK
C:\WINDOWS\System32\commdlg.dll OK
C:\WINDOWS\System32\comp.exe OK
C:\WINDOWS\System32\compact.exe OK
C:\WINDOWS\System32\compatUI.dll OK
C:\WINDOWS\System32\compmgmt.msc OK
C:\WINDOWS\System32\compobj.dll OK
C:\WINDOWS\System32\compstui.dll OK
C:\WINDOWS\System32\comrepl.dll OK
C:\WINDOWS\System32\comres.dll OK
C:\WINDOWS\System32\comsnap.dll OK
C:\WINDOWS\System32\comsvcs.dll OK
C:\WINDOWS\System32\comuid.dll OK
C:\WINDOWS\System32\config\AppEvent.Evt OK
C:\WINDOWS\System32\config\default OK
C:\WINDOWS\System32\config\default.LOG OK
C:\WINDOWS\System32\config\default.sav OK
C:\WINDOWS\System32\config\SAM OK
C:\WINDOWS\System32\config\SAM.LOG OK
C:\WINDOWS\System32\config\SecEvent.Evt OK
C:\WINDOWS\System32\config\SECURITY OK
C:\WINDOWS\System32\config\SECURITY.LOG OK
C:\WINDOWS\System32\config\software OK
C:\WINDOWS\System32\config\software.LOG OK
C:\WINDOWS\System32\config\software.sav OK
C:\WINDOWS\System32\config\SysEvent.Evt OK
C:\WINDOWS\System32\config\system OK
C:\WINDOWS\System32\config\system.LOG OK
C:\WINDOWS\System32\config\system.sav OK
C:\WINDOWS\System32\config\systemprofile\Application Data\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak OK
C:\WINDOWS\System32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt OK
C:\WINDOWS\System32\config\systemprofile\Cookies\index.dat OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\History\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\History\History.IE5\index.dat OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\History\History.IE5\MSHist012004012720040128\index.dat OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[10].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[11].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[7].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[8].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\igd[9].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\Layer3Forwarding[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\Layer3Forwarding[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\Layer3Forwarding[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\Layer3Forwarding[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\Layer3Forwarding[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[7].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[8].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANCommonInterfaceConfig[9].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANIPConnection[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANIPConnection[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANIPConnection[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANIPConnection[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7BNI8EO3\WANIPConnection[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[7].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\igd[8].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\Layer3Forwarding[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\Layer3Forwarding[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\Layer3Forwarding[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\WANCommonInterfaceConfig[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\WANCommonInterfaceConfig[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\WANCommonInterfaceConfig[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\WANCommonInterfaceConfig[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\WANIPConnection[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\WANIPConnection[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9L8DKSKC\WANIPConnection[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\igd[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\igd[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\igd[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\igd[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\igd[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\igd[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\igd[7].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANCommonInterfaceConfig[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANCommonInterfaceConfig[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANCommonInterfaceConfig[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANCommonInterfaceConfig[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANCommonInterfaceConfig[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANCommonInterfaceConfig[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANCommonInterfaceConfig[8].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANIPConnection[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANIPConnection[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANIPConnection[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANIPConnection[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANIPConnection[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2R88QY9\WANIPConnection[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[10].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[11].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[12].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[13].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[14].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[7].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[8].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\igd[9].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\Layer3Forwarding[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\Layer3Forwarding[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANCommonInterfaceConfig[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[1].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[2].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[3].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[4].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[5].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[6].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[7].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZJ0S6C72\WANIPConnection[8].xml OK
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\ntuser.dat OK
C:\WINDOWS\System32\config\systemprofile\SendTo\Compressed (zipped) Folder.ZFSendToTarget OK
C:\WINDOWS\System32\config\systemprofile\SendTo\Desktop (create shortcut).DeskLink OK
C:\WINDOWS\System32\config\systemprofile\SendTo\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\SendTo\Mail Recipient.MAPIMail OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk=>C:\WINDOWS\system32\magnify.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk=>C:\WINDOWS\system32\narrator.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk=>C:\WINDOWS\system32\osk.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk=>C:\WINDOWS\system32\utilman.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk=>C:\WINDOWS\system32\cmd.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk=>C:\WINDOWS\system32\notepad.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk=>C:\WINDOWS\system32\mobsync.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk=>C:\WINDOWS\system32\tourstart.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk=>C:\WINDOWS\explorer.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk=>C:\WINDOWS\system32\rcimlby.exe OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk OK
C:\WINDOWS\System32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk=>C:\Program Files\Windows Media Player\wmplayer.exe OK
C:\WINDOWS\System32\config\systemprofile\Templates\amipro.sam OK
C:\WINDOWS\System32\config\systemprofile\Templates\excel.xls OK
C:\WINDOWS\System32\config\systemprofile\Templates\excel4.xls OK
C:\WINDOWS\System32\config\systemprofile\Templates\lotus.wk4 OK
C:\WINDOWS\System32\config\systemprofile\Templates\powerpnt.ppt OK
C:\WINDOWS\System32\config\systemprofile\Templates\presenta.shw OK
C:\WINDOWS\System32\config\systemprofile\Templates\quattro.wb2 OK
C:\WINDOWS\System32\config\systemprofile\Templates\sndrec.wav OK
C:\WINDOWS\System32\config\systemprofile\Templates\winword.doc OK
C:\WINDOWS\System32\config\systemprofile\Templates\winword2.doc OK
C:\WINDOWS\System32\config\systemprofile\Templates\wordpfct.wpd OK
C:\WINDOWS\System32\config\systemprofile\Templates\wordpfct.wpg OK
C:\WINDOWS\System32\config\TempKey.LOG OK
C:\WINDOWS\System32\config\userdiff OK
C:\WINDOWS\System32\config\userdiff.LOG OK
C:\WINDOWS\System32\CONFIG.NT OK
C:\WINDOWS\System32\CONFIG.TMP OK
C:\WINDOWS\System32\confmsp.dll OK
C:\WINDOWS\System32\conime.exe OK
C:\WINDOWS\System32\console.dll OK
C:\WINDOWS\System32\control.exe OK
C:\WINDOWS\System32\convert.exe OK
C:\WINDOWS\System32\corpol.dll OK
C:\WINDOWS\System32\country.sys OK
C:\WINDOWS\System32\CRASH.DMP OK
C:\WINDOWS\System32\credui.dll OK
C:\WINDOWS\System32\crtdll.dll OK
C:\WINDOWS\System32\crypt32.dll OK
C:\WINDOWS\System32\cryptdlg.dll OK
C:\WINDOWS\System32\cryptdll.dll OK
C:\WINDOWS\System32\cryptext.dll OK
C:\WINDOWS\System32\cryptnet.dll OK
C:\WINDOWS\System32\cryptsvc.dll OK
C:\WINDOWS\System32\cryptui.dll OK
C:\WINDOWS\System32\cscdll.dll OK
C:\WINDOWS\System32\cscript.exe OK
C:\WINDOWS\System32\cscui.dll OK
C:\WINDOWS\System32\csrsrv.dll OK
C:\WINDOWS\System32\csrss.exe OK
C:\WINDOWS\System32\csseqchk.dll OK
C:\WINDOWS\System32\ctfmon.exe OK
C:\WINDOWS\System32\ctl3d32.dll OK
C:\WINDOWS\System32\ctl3dv2.dll OK
C:\WINDOWS\System32\ctype.nls OK
C:\WINDOWS\System32\c_037.nls OK
C:\WINDOWS\System32\c_10000.nls OK
C:\WINDOWS\System32\c_10006.nls OK
C:\WINDOWS\System32\c_10007.nls OK
C:\WINDOWS\System32\c_10010.nls OK
C:\WINDOWS\System32\c_10017.nls OK
C:\WINDOWS\System32\c_10029.nls OK
C:\WINDOWS
  • 0

#5
ScHwErV
Posted 14 June 2005 - 02:26 PM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Can I get a fresh HiJackThis log?

ScHwErV :tazz:
  • 0

#6
ashjd
Posted 15 June 2005 - 05:35 AM

ashjd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hiya, heres the fresh hijack log. The affects are not as bad now, just the homepage is changed and running slower.

Thanks again, Ash :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 12:34:34, on 15/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tp4mon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\John.JOHN-FABW6F91RH\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bham.ac.uk:8008
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118617465416
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#7
ScHwErV
Posted 15 June 2005 - 07:53 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
I noticed that you have HiJackThis running in a temp folder on your computer. I would suggest you move it to a more permanent location, in order for HiJackThis to keep its backups somewhere they wont be deleted if you clear your temp files. Just follow the instructions below to give HiJackThis a new home.

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...ndex.php?aff=19
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\System32\Services\{B3A652AF-622D-466C-9D07-80DED8A30698}\SVCHOST.EXE

After that, Reboot.

After you reboot, please post back with a fresh HiJackThis log and let me know how things are running now.

ScHwErV :tazz:
  • 0

#8
ScHwErV
Posted 29 June 2005 - 06:37 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP