Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtmonde


  • Please log in to reply
12 replies to this topic

#1 curlybob

curlybob

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 15 October 2007 - 08:58 AM

Hi, I downloaded a keygen last week and instantly realised it was a virus. I identified that it was a vitumonde virus and have attempted for the last 4 days to get rid of it, only failing every time. I have run Ad aware SE, Ad aware 2007, homecall, symantec virtumonde removal, stinger, David Lipman AV multi scanning tool, VirtumundoBegone, bazooka and my Mcafee anti virus program, most have identified the virus but none can erase, if they say it has been removed it comes back on reboot.

Although the severity is not too extreme I get a lot of pop-ups when using explorer 'not many while using firefox'

I have downloaded the Sygate personal firewall and that seems to help over the Microsoft firewall.

Any ideas on how I can remove the virus? I am not too technical but can be walked though procedures.

Thanks & Kind regards, Rob


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:53, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7912 bytes

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 15 October 2007 - 09:12 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum curlybob :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 curlybob

curlybob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 15 October 2007 - 09:46 AM

combofix.txt:

ComboFix 07-10-14.5 - Rob 2007-10-15 15:33:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.169 [GMT 1:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\system32\mhkbpixd.dll
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.ini

.
((((((((((((((((((((((((( Files Created from 202.-04-05 to 202.1.5 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0063E565-2BFB-481A-8FE6-611468F821FA}]
C:\WINDOWS\system32\jkhhh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89E883DD-ED27-4325-86CA-44EBA665B720}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 07:00 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"lycosInside"="C:\Program Files\lycos\Lyc_SysTray.exe" []
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 W8335XP;802.11g/b Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\Mrvw125.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 13:03:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 15:37:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 15:39:27 - machine was rebooted
.
--- E O F ---

abc.bat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:08, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {0063E565-2BFB-481A-8FE6-611468F821FA} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89E883DD-ED27-4325-86CA-44EBA665B720} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8801 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 15 October 2007 - 09:57 AM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {0063E565-2BFB-481A-8FE6-611468F821FA} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89E883DD-ED27-4325-86CA-44EBA665B720} - (no file)
O4 - HKCU\..\Run: [lycosInside] C:\Program Files\lycos\Lyc_SysTray.exe

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 curlybob

curlybob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 15 October 2007 - 11:30 AM

Hi Richie,

I have done all the scans and the final logs are below, I am still not 100% sure that the virus has been removed, the sygate firewall seems to be defending my system from some heavy amunition! but I am not getting any pop-ups from the web, only NDIS is trying to access my internet connection every minute or so and I have some system 32 want to access the internet which I believe are Virtu pop-ups. Perhaps I should monitor for the next few days and let you know how I go in a few days time? This seems to be a sticky sucker.

My scan details are listed below,

Thank you for your help this far, Rob

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/15/2007 at 05:08 PM

Application Version : 3.9.1008

Core Rules Database Version : 3324
Trace Rules Database Version: 1325

Scan type : Complete Scan
Total Scan Time : 00:34:05

Memory items scanned : 611
Memory threats detected : 0
Registry items scanned : 6489
Registry threats detected : 0
File items scanned : 32118
File threats detected : 3

Adware.Vundo Variant
C:\VUNDOFIX BACKUPS\FCCYAXU.DLL.BAD
C:\WINDOWS\SYSTEM32\DDABX.DLL
C:\WINDOWS\SYSTEM32\FCCYAXU.DLL


Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:56, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8854 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 15 October 2007 - 01:02 PM

Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.
Copy and paste the contents of that report in your next reply.


Copy and paste the following bold text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: sys32.bat to your desktop.

cd "%windir%\system32"
dir /a:-d /o:-ds>sys32.txt
start notepad sys32.txt
echo %systemroot%
cls

Double click the sys32.bat file to run it,the icon will look like thisPosted Image
A log will open in Notepad.
Please copy and paste that log into your next reply.

Edited by RichieUK, 15 October 2007 - 01:03 PM.

Posted Image
Posted Image

#7 curlybob

curlybob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 19 October 2007 - 08:35 AM

Hi, Appologies for the delayed response:
Panda Scan results:



Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\mfgxqf7m.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\mfgxqf7m.default\cookies.txt[.com.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\mfgxqf7m.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\mfgxqf7m.default\cookies.txt[systemdoctor.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Rob\Cookies\rob@ads.pointroll[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Rob\Cookies\rob@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Rob\Cookies\rob@doubleclick[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Rob\Cookies\rob@tribalfusion[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Rob\Desktop\Virus scanners\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Rob\Desktop\Virus scanners\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
sys32.bat file reults:
Volume in drive C has no label.
Volume Serial Number is E808-7FC1

Directory of C:\WINDOWS\system32

19/10/2007 14:33 0 sys32.txt
19/10/2007 12:16 0 asfiles.txt
19/10/2007 09:21 2,550 Uninstall.ico
19/10/2007 09:21 1,406 Help.ico
19/10/2007 09:21 30,590 pavas.ico
19/10/2007 08:26 2,422 wpa.dbl
15/10/2007 11:39 693,721 btqpqtpk.ini
14/10/2007 14:42 606,437 hhhkj.ini
13/10/2007 20:22 603,405 hhhkj.bak2
13/10/2007 19:25 693,901 jwactysu.ini
12/10/2007 17:13 693,601 hrrtbpit.ini
12/10/2007 17:11 606,169 lnnmp.ini
12/10/2007 12:18 598,997 lnnmp.bak2
12/10/2007 11:46 622,208 kjkkj.ini
11/10/2007 20:34 693,481 ubwrnpkm.ini
11/10/2007 20:10 598,908 kjkkj.bak2
10/10/2007 15:54 409 mlkkj.ini
05/10/2007 10:07 279,552 swreg.exe
03/10/2007 17:16 5,387 jupdate-1.6.0_03-b05.log
01/10/2007 11:12 23,815 outlookIntegration.xml
01/10/2007 11:12 2,494 MSFLXGRD.DEP
01/10/2007 11:12 244,416 MSFLXGRD.OCX
01/10/2007 11:12 76,288 MSFLXGRD.oca
01/10/2007 11:12 17,920 FLEXWIZ.oca
01/10/2007 11:12 226,328 FLEXWIZ.OCX
01/10/2007 11:12 1,398 mapisvc.inf
01/10/2007 11:11 57,344 lyc_language.dll
28/09/2007 08:16 239,144 FNTCACHE.DAT
28/09/2007 06:19 18,089,592 MRT.exe
24/09/2007 23:31 69,632 javacpl.cpl
24/09/2007 23:31 139,264 javaws.exe
24/09/2007 22:30 135,168 javaw.exe
24/09/2007 22:30 135,168 java.exe
19/09/2007 11:55 98,304 CmdLineExt.dll
14/09/2007 11:19 439,594 perfh009.dat
14/09/2007 11:19 71,172 perfc009.dat
14/09/2007 11:19 517,354 PerfStringBackup.INI
07/09/2007 18:44 146,650 BuzzingBee.wav
07/09/2007 18:44 940,794 LoopyMusic.wav
07/09/2007 18:34 128,994 TZLog.log
07/09/2007 18:26 2,422 wpa.bak
07/09/2007 12:55 0 h323log.txt
07/09/2007 12:07 317 $winnt$.inf
07/09/2007 12:05 2,577 CONFIG.NT
07/09/2007 12:05 2,577 config.bak
07/09/2007 12:05 16,832 amcompat.tlb
07/09/2007 12:05 23,392 nscompat.tlb
07/09/2007 12:03 488 logonui.exe.manifest
07/09/2007 12:03 488 WindowsLogon.manifest
07/09/2007 12:03 749 sapi.cpl.manifest
07/09/2007 12:03 749 wuaucpl.cpl.manifest
07/09/2007 12:03 749 cdplayer.exe.manifest
07/09/2007 12:03 749 nwc.cpl.manifest
07/09/2007 12:03 749 ncpa.cpl.manifest
07/09/2007 12:01 21,640 emptyregdb.dat
21/08/2007 07:15 683,520 inetcomm.dll
20/08/2007 11:04 824,832 wininet.dll
20/08/2007 11:04 102,400 occache.dll
20/08/2007 11:04 105,984 url.dll
20/08/2007 11:04 232,960 webcheck.dll
20/08/2007 11:04 671,232 mstime.dll
20/08/2007 11:04 1,152,000 urlmon.dll
20/08/2007 11:04 193,024 msrating.dll
20/08/2007 11:04 477,696 mshtmled.dll
20/08/2007 11:04 3,584,512 mshtml.dll
20/08/2007 11:04 27,648 jsproxy.dll
20/08/2007 11:04 52,224 msfeedsbs.dll
20/08/2007 11:04 459,264 msfeeds.dll
20/08/2007 11:04 44,544 iernonce.dll
20/08/2007 11:04 267,776 iertutil.dll
20/08/2007 11:04 1,824,768 inetcpl.cpl
20/08/2007 11:04 6,058,496 ieframe.dll
20/08/2007 11:04 230,400 ieaksie.dll
20/08/2007 11:04 383,488 ieapfltr.dll
20/08/2007 11:04 384,512 iedkcs32.dll
20/08/2007 11:04 63,488 icardie.dll
20/08/2007 11:04 124,928 advpack.dll
20/08/2007 11:04 132,608 extmgr.dll
20/08/2007 11:04 153,088 ieakeng.dll
20/08/2007 11:04 214,528 dxtrans.dll
17/08/2007 11:20 13,824 ieudinit.exe
17/08/2007 11:20 63,488 ie4uinit.exe
17/08/2007 08:34 161,792 ieakui.dll
30/07/2007 19:19 1,712,984 wuaueng.dll
30/07/2007 19:19 549,720 wuapi.dll
30/07/2007 19:19 25,944 wuaucpl.cpl.mui
30/07/2007 19:19 325,976 wucltui.dll
30/07/2007 19:19 203,096 wuweb.dll
30/07/2007 19:19 216,408 wuaucpl.cpl
30/07/2007 19:19 92,504 cdm.dll
30/07/2007 19:19 53,080 wuauclt.exe
30/07/2007 19:19 43,352 wups2.dll
30/07/2007 19:19 25,944 wuapi.dll.mui
30/07/2007 19:18 34,136 wucltui.dll.mui
30/07/2007 19:18 33,624 wups.dll
30/07/2007 19:18 20,312 wuaueng.dll.mui
18/07/2007 13:42 60,416 tzchange.exe
09/07/2007 14:09 584,192 rpcrt4.dll
29/06/2007 06:24 49,152 QuickTime.qts
29/06/2007 06:24 65,536 QuickTimeVR.qtx
28/06/2007 18:55 77,824 xvid.ax
28/06/2007 18:54 180,224 xvidvfw.dll
28/06/2007 18:52 765,952 xvidcore.dll
26/06/2007 07:08 1,104,896 msxml3.dll
19/06/2007 14:31 282,112 gdi32.dll
15/06/2007 09:12 474,112 shlwapi.dll
15/06/2007 09:12 1,498,112 shdocvw.dll
15/06/2007 09:12 151,040 cdfview.dll
15/06/2007 09:12 1,022,976 browseui.dll
15/06/2007 09:12 1,054,208 danim.dll
14/06/2007 11:08 350,720 xpsp3res.dll
17/05/2007 12:28 549,376 oleaut32.dll
15/05/2007 15:43 1,320,800 msxml6.dll
08/05/2007 15:03 1,275,392 msxml4.dll
30/04/2007 08:20 5,537,792 wmp.dll
25/04/2007 15:21 144,896 schannel.dll
24/04/2007 11:32 1,485,696 LegitCheckControl.dll
18/04/2007 17:12 2,854,400 msi.dll
17/04/2007 10:32 2,455,488 ieapfltr.dat
16/04/2007 16:52 984,576 kernel32.dll
13/04/2007 15:19 7,680 lsdelete.exe
13/04/2007 03:21 271,360 mscoree.dll
02/04/2007 06:58 546,304 hhctrl.ocx
23/03/2007 06:07 1,683,280 XpsSvcs.dll
23/03/2007 06:07 583,504 XPSSHHDR.dll
22/03/2007 20:25 124,928 prntvpt.dll
17/03/2007 14:43 292,864 winsrv.dll
08/03/2007 16:36 40,960 mf3216.dll
08/03/2007 16:36 577,536 user32.dll
08/03/2007 14:47 1,843,584 win32k.sys
08/03/2007 06:10 991,232 ieframe.dll.mui
28/02/2007 10:08 2,136,064 ntoskrnl.exe
28/02/2007 09:38 2,015,744 ntkrnlpa.exe
05/02/2007 21:17 185,344 upnphost.dll
19/01/2007 12:53 51,056 sirenacm.dll
28/12/2006 00:00 66,560 eswia7e.dll
28/12/2006 00:00 208,896 esint7e.dll
19/12/2006 22:52 134,656 shsvcs.dll
19/12/2006 22:52 8,453,632 shell32.dll
19/12/2006 19:16 333,824 wiaservc.dll
08/12/2006 03:04 76,800 E_FLBCAE.DLL
07/12/2006 05:14 2,330,624 wmvcore.dll
01/12/2006 05:20 212,480 swxcacls.exe
29/11/2006 17:21 370,688 swsc.exe
27/11/2006 15:54 433,152 riched20.dll
27/11/2006 15:54 539,136 msftedit.dll
27/11/2006 02:34 49,152 VFind.exe
22/11/2006 10:52 520,192 ati2sgag.exe
21/11/2006 20:25 261,120 ati2dvag.dll
21/11/2006 20:20 118,784 atipdlxx.dll
21/11/2006 20:20 106,496 Oemdspif.dll
21/11/2006 20:19 26,112 Ati2mdxx.exe
21/11/2006 20:19 42,496 ati2edxx.dll
21/11/2006 20:19 90,112 ati2evxx.dll
21/11/2006 20:18 430,080 ati2evxx.exe
21/11/2006 20:17 53,248 ATIDDC.DLL
21/11/2006 20:12 2,526,688 ati3duag.dll
21/11/2006 20:11 5,279,744 atioglxx.dll
21/11/2006 20:08 1,090,016 ativvaxx.dll
21/11/2006 20:07 3,107,788 ativvaxx.dat
21/11/2006 19:57 217,088 atikvmag.dll
21/11/2006 19:56 17,408 atitvo32.dll
21/11/2006 19:51 294,912 ati2cqag.dll
21/11/2006 19:50 6,684,672 atioglx1.dll
21/11/2006 19:49 307,200 atiiiexx.dll
21/11/2006 19:21 303,104 ATIDEMGR.dll
17/11/2006 03:06 280 epoPGPsdk.dll.sig
17/11/2006 03:06 348,160 msvcr71.dll
17/11/2006 03:06 499,712 msvcp71.dll
17/11/2006 03:06 1,495,552 epoPGPsdk.dll
13/11/2006 07:02 36,352 tsgqec.dll
13/11/2006 07:02 116,736 aaclient.dll
13/11/2006 07:02 288,768 rhttpaa.dll
13/11/2006 07:02 1,866,240 mstscax.dll
07/11/2006 21:03 156,160 msls31.dll
07/11/2006 21:03 180,736 ieui.dll
07/11/2006 21:03 191,488 iepeers.dll
07/11/2006 21:03 413,696 vbscript.dll
07/11/2006 09:06 600,576 mstsc.exe
07/11/2006 03:26 71,680 admparse.dll
07/11/2006 03:26 55,296 iesetup.dll
07/11/2006 03:26 92,672 inseng.dll
07/11/2006 03:25 10,240 advpack.dll.mui
07/11/2006 03:24 56,483 ieuinit.inf
01/11/2006 20:17 927,504 mfc40u.dll
01/11/2006 06:18 446,464 EPSMTL32.DLL
01/11/2006 06:18 909,312 EPSTP32U.EXE
31/10/2006 00:10 97 PICSDK.ini
31/10/2006 00:10 71,840 EPPicMgr.dll
31/10/2006 00:10 120,992 EpPicPrt.dll
30/10/2006 03:33 9,480 icardres.dll
30/10/2006 03:33 26,112 infocardcpl.cpl
30/10/2006 03:33 83,968 infocardapi.dll
30/10/2006 03:33 556,296 icardagt.exe
30/10/2006 03:33 572,176 icardres.dll.mui
24/10/2006 12:30 412,160 photometadatahandler.dll
24/10/2006 12:30 716,288 WindowsCodecs.dll
24/10/2006 12:30 276,992 WMPhoto.dll
24/10/2006 12:29 352,256 WindowsCodecsExt.dll
20/10/2006 21:30 1,980,704 milcore.dll
20/10/2006 21:30 769,312 PresentationNative_v0300.dll
20/10/2006 21:30 478,496 evr.dll
20/10/2006 21:29 344,352 PresentationHost.exe
20/10/2006 21:29 159,008 UIAutomationCore.dll
20/10/2006 21:29 104,224 PresentationCFFRasterizerNative_v0300.dll
20/10/2006 21:29 20,768 PresentationHostProxy.dll
20/10/2006 21:29 69,408 dxva2.dll
20/10/2006 00:10 80,024 PICSDK.dll
20/10/2006 00:10 108,704 PICEntry.dll
20/10/2006 00:10 501,912 PICSDK2.dll
19/10/2006 14:56 713,216 sxs.dll
19/10/2006 13:33 86,728 msxml6r.dll
19/10/2006 08:16 138,101 atiicdxx.dat
17/10/2006 17:20 6,223 atifglpf.xml
17/10/2006 12:06 443,904 html.iec
17/10/2006 12:06 78,336 ieencode.dll
17/10/2006 12:05 206,336 WinFXDocObj.exe
17/10/2006 12:05 40,960 licmgr10.dll
17/10/2006 12:00 491,520 jscript.dll
17/10/2006 11:58 12,288 msfeedssync.exe
17/10/2006 11:58 44,544 pngfilt.dll
17/10/2006 11:58 346,624 dxtmsft.dll
17/10/2006 11:57 36,352 imgutil.dll
17/10/2006 11:56 45,568 mshta.exe
17/10/2006 11:55 66,560 tdc.ocx
17/10/2006 11:28 48,128 mshtmler.dll
17/10/2006 11:19 1,383,424 mshtml.tlb
16/10/2006 17:15 122,880 oledlg.dll
16/10/2006 16:10 14,640 spmsg.dll
16/10/2006 16:10 23,856 spupdsvc.exe
14/10/2006 09:13 981,760 mfc42u.dll
13/10/2006 13:35 64,000 nwapi32.dll
13/10/2006 13:35 65,536 nwwks.dll
13/10/2006 13:35 142,336 nwprovau.dll
11/10/2006 17:24 58,880 pnrpnsp.dll
11/10/2006 17:24 104,960 p2pgasvc.dll
11/10/2006 17:24 116,224 p2pnetsh.dll
11/10/2006 17:24 153,088 p2p.dll
11/10/2006 17:24 313,344 p2pgraph.dll
11/10/2006 17:24 553,984 p2psvc.dll
04/10/2006 14:33 35,840 umandlg.dll
04/10/2006 09:48 50,176 utilman.exe
04/10/2006 09:48 215,552 osk.exe
04/10/2006 09:48 53,760 narrator.exe
04/10/2006 09:48 72,704 magnify.exe
03/10/2006 19:47 109,360 GEARAspi.dll
29/09/2006 06:56 28,248 AdobePDF.dll
23/09/2006 12:12 74,715 IE7Eula.rtf
01/09/2006 07:44 1,988 ticrf.rat
01/09/2006 07:44 8,798 icrav03.rat
25/08/2006 16:45 617,472 comctl32.dll
24/08/2006 16:15 150,808 rgb9rast_2.dll
22/08/2006 04:05 498,742 dxmasf.dll
21/08/2006 13:21 16,896 fltlib.dll
21/08/2006 10:14 23,040 fltmc.exe
21/08/2006 09:52 246,814 strmdll.dll
17/08/2006 13:28 132,096 wkssvc.dll
17/08/2006 13:28 332,288 netapi32.dll
17/08/2006 13:28 721,920 lsasrv.dll
16/08/2006 12:58 100,352 6to4svc.dll
02/08/2006 12:39 73,728 asuninst.exe
01/08/2006 08:02 49,152 ChCfg.exe
22/07/2006 00:40 143,360 RtlCPAPI.dll
21/07/2006 09:24 72,704 hlink.dll
14/07/2006 16:51 121,856 xmllite.dll
29/06/2006 13:07 14,048 spmsg2.dll
29/06/2006 08:05 23,552 normaliz.dll
29/06/2006 08:05 26,112 idndl.dll
28/06/2006 17:59 24,576 nlsdl.dll
26/06/2006 18:37 8,192 rasadhlp.dll
26/06/2006 18:37 148,480 dnsapi.dll
22/06/2006 11:47 181,248 rasmans.dll
22/06/2006 06:06 1,435,648 query.dll
22/06/2006 06:06 69,120 ciodm.dll
08/06/2006 12:06 39,284 normnfd.nls
08/06/2006 12:06 45,794 normnfc.nls
08/06/2006 12:06 59,342 normidna.nls
08/06/2006 12:06 60,294 normnfkd.nls
08/06/2006 12:06 66,384 normnfkc.nls
01/06/2006 19:47 27,648 jgpl400.dll
01/06/2006 19:47 163,840 jgdw400.dll
19/05/2006 13:59 94,720 iphlpapi.dll
19/05/2006 13:59 111,616 dhcpcsvc.dll
19/04/2006 03:00 62,976 E_FD4BCAE.DLL
03/04/2006 10:59 128 xposer.cfg
03/04/2006 10:59 128 asinst.cfg
24/03/2006 05:37 49,152 wdigest.dll
17/03/2006 01:38 28,672 verclsid.exe
10/03/2006 00:00 3,584 eswiaml.dll
03/03/2006 13:33 329,728 wpdsp.dll
03/03/2006 13:33 38,912 wpd_ci.dll
03/03/2006 13:33 331,776 wpdmtpdr.dll
03/03/2006 13:33 66,560 wpdmtpus.dll
03/03/2006 13:33 114,176 wpdmtp.dll
03/03/2006 13:32 61,952 wpdconns.dll
03/03/2006 13:32 10,752 wpdtrace.dll
03/03/2006 13:26 581,632 drmv2clt.dll
03/03/2006 13:26 429,056 blackbox.dll
01/03/2006 20:42 11,776 xolehlp.dll
01/03/2006 20:42 66,560 mtxclu.dll
01/03/2006 20:42 91,136 mtxoci.dll
01/03/2006 20:42 161,280 msdtcuiu.dll
01/03/2006 20:42 426,496 msdtcprx.dll
01/03/2006 20:42 956,416 msdtctm.dll
10/01/2006 06:58 266,240 RTSndMgr.Cpl
04/01/2006 04:35 68,096 webclnt.dll
28/10/2005 23:49 84,480 pintool.exe
28/10/2005 23:49 25,600 bcsprsrc.dll
28/10/2005 23:49 133,120 axaltocm.dll
28/10/2005 23:49 151,552 ifxcardm.dll
28/10/2005 16:40 96,792 basecsp.dll
20/10/2005 23:20 1,082,368 esent.dll
17/10/2005 22:14 118,272 t2embed.dll
17/10/2005 22:14 80,896 fontsub.dll
11/10/2005 10:56 73,728 atiexdxx.dll
11/10/2005 08:39 1,669,120 msvidctl.dll
23/09/2005 07:28 32,768 netfxperf.dll
23/09/2005 07:28 74,240 mscories.dll
23/09/2005 07:28 150,016 mscorier.dll
23/09/2005 07:28 83,456 dfshim.dll
21/09/2005 03:25 299,008 ALSndMgr.Cpl
10/09/2005 02:53 2,067,968 cdosys.dll
01/09/2005 02:41 19,968 linkinfo.dll
30/08/2005 05:13 1,287,680 quartz.dll
23/08/2005 04:35 123,392 umpnpmgr.dll
22/08/2005 19:29 197,632 netman.dll
05/08/2005 14:02 224,256 psisrndr.ax
05/08/2005 14:01 58,368 Msdvbnp.ax
05/08/2005 14:01 62,976 mpeg2data.ax
05/08/2005 14:01 159,744 VBICodec.ax
05/08/2005 14:01 167,936 wstpager.ax
05/08/2005 14:01 239,104 psisdecd.dll
05/08/2005 14:01 240,640 wstrenderer.ax
05/08/2005 14:01 282,112 sbe.dll
05/08/2005 14:01 356,352 encdec.dll
05/08/2005 13:06 165,376 mpg2splt.ax
05/08/2005 13:05 64,512 msnp.ax
04/08/2005 02:05 47,104 uwdf.exe
04/08/2005 02:05 38,912 wdfmgr.exe
04/08/2005 02:05 15,872 wdfapi.dll
03/08/2005 18:29 407,552 wmspdmod.dll
03/08/2005 18:29 826,368 wmvdmod.dll
03/08/2005 18:29 940,544 wmspdmoe.dll
03/08/2005 18:29 1,003,008 wmvdmoe2.dll
03/08/2005 18:29 1,216,000 wmvadvd.dll
03/08/2005 18:29 1,512,448 WMVADVE.DLL
03/08/2005 18:29 6,656 laprxy.dll
03/08/2005 18:29 25,088 MsPMSNSv.dll
03/08/2005 18:29 29,184 WMDMLOG.dll
03/08/2005 18:29 37,376 WMDMPS.dll
03/08/2005 18:29 96,768 logagent.exe
03/08/2005 18:29 106,496 mfplat.dll
03/08/2005 18:29 115,200 msnetobj.dll
03/08/2005 18:29 150,016 wmidx.dll
03/08/2005 18:29 173,568 MsPMSP.dll
03/08/2005 18:29 178,936 drmupgds.exe
03/08/2005 18:29 180,224 wmdrmsdk.dll
03/08/2005 18:29 207,872 cewmdm.dll
03/08/2005 18:29 221,184 qasf.dll
03/08/2005 18:29 227,840 wmasf.dll
03/08/2005 18:29 290,816 WMDRMNet.dll
03/08/2005 18:29 315,904 MSWMDM.dll
03/08/2005 18:29 344,064 WMDRMdev.dll
03/08/2005 18:29 353,520 MSSCP.dll
03/08/2005 18:29 359,936 wmadmod.dll
03/08/2005 18:29 716,288 wmadmoe.dll
03/08/2005 18:29 771,584 wmsdmod.dll
03/08/2005 18:29 988,672 wmnetmgr.dll
03/08/2005 18:29 1,119,744 wmsdmoe2.dll
27/07/2005 19:36 13,028 eula.txt
26/07/2005 05:39 37,888 olecnv32.dll
26/07/2005 05:39 101,376 txflog.dll
26/07/2005 05:39 397,824 rpcss.dll
26/07/2005 05:39 74,752 olecli32.dll
26/07/2005 05:39 1,285,120 ole32.dll
26/07/2005 05:39 243,200 es.dll
26/07/2005 05:39 540,160 comuid.dll
26/07/2005 05:39 97,792 comrepl.dll
26/07/2005 05:39 1,267,200 comsvcs.dll
26/07/2005 05:39 60,416 colbact.dll
26/07/2005 05:39 110,080 clbcatex.dll
26/07/2005 05:39 498,688 clbcatq.dll
26/07/2005 05:39 625,152 catsrvut.dll
26/07/2005 05:39 225,792 catsrv.dll
23/07/2005 03:40 192,512 hpzcoi09.dll
23/07/2005 03:40 258,048 hpzcon09.dll
08/07/2005 17:27 76,800 remotesp.tsp
08/07/2005 17:27 249,344 tapisrv.dll
29/06/2005 02:55 385,024 qdvd.dll
29/06/2005 02:46 74,240 mscms.dll
29/06/2005 02:46 254,976 icm32.dll
24/06/2005 02:15 3,371,008 wmploc.dll
21/06/2005 23:00 52,736 wzcsapi.dll
21/06/2005 23:00 383,488 wzcdlg.dll
21/06/2005 23:00 474,624 wzcsvc.dll
21/06/2005 23:00 1,705,472 netshell.dll
15/06/2005 18:49 295,936 kerberos.dll
11/06/2005 00:53 57,856 spoolsv.exe
01/06/2005 00:20 111,932 EPPICPrinterDB.dat
27/05/2005 03:04 41,472 hhsetup.dll
27/05/2005 03:04 137,216 itss.dll
27/05/2005 03:04 155,136 itircl.dll
11/05/2005 00:45 75,776 telnet.exe
04/05/2005 14:45 15,360 msisip.dll
04/05/2005 14:45 78,848 msiexec.exe
04/05/2005 14:45 271,360 msihnd.dll
04/05/2005 14:45 884,736 msimsg.dll
22/04/2005 03:14 28,672 vxblock.dll
22/04/2005 03:14 49,152 lfpcd13n.dll
22/04/2005 03:14 53,248 lftga13n.dll
22/04/2005 03:14 53,248 lfpcx13n.dll
22/04/2005 03:14 55,808 lfpsd13n.dll
22/04/2005 03:14 57,344 lfbmp13n.dll
22/04/2005 03:14 61,440 lfwmf13n.dll
22/04/2005 03:14 65,536 lfeps13n.dll
22/04/2005 03:14 69,632 lfgif13n.dll
22/04/2005 03:14 91,136 msls2.dll
22/04/2005 03:14 98,304 lffax13n.dll
22/04/2005 03:14 151,552 pxmas.dll
22/04/2005 03:14 155,648 lftif13n.dll
22/04/2005 03:14 159,744 Lfpng13n.dll
22/04/2005 03:14 163,840 ltfil13n.DLL
22/04/2005 03:14 206,336 ltefx13n.DLL
22/04/2005 03:14 212,480 PCDLIB32.DLL
22/04/2005 03:14 286,720 pxwave.dll
22/04/2005 03:14 299,008 LTDIS13n.dll
22/04/2005 03:14 352,256 pxdrv.dll
22/04/2005 03:14 401,408 LFCMP13n.DLL
22/04/2005 03:14 450,560 ltimg13n.dll
22/04/2005 03:14 462,848 ltkrn13n.dll
22/04/2005 03:14 491,520 px.dll
22/04/2005 03:14 1,009,664 Ltwvc13n.dll
22/04/2005 03:14 1,693,696 Ltclr13n.dll
10/03/2005 08:49 295,424 termsrv.dll
02/03/2005 19:09 56,832 authz.dll
16/02/2005 15:18 90,184 NeroCo.dll
28/01/2005 13:44 96,768 drmstor.dll
28/01/2005 13:44 258,296 drmclien.dll
07/01/2005 17:07 25,088 HdAProp.dll
07/01/2005 17:07 61,952 HdAShCut.exe
07/01/2005 17:07 5,120 HdAudRes.dll
07/12/2004 20:32 96,768 srvsvc.dll
17/11/2004 18:41 347,136 hypertrm.dll
15/10/2004 18:32 83,096 SSSensor.dll
15/10/2004 18:31 99,480 FwsVpn.dll
15/10/2004 18:31 218,264 SetAid.dll
10/09/2004 21:12 49,152 E_DCINST.DLL
10/08/2004 13:00 2 desktop.ini
10/08/2004 13:00 51 pscript.sep
10/08/2004 13:00 64 cmos.ram
10/08/2004 13:00 75 View Channels.scf
10/08/2004 13:00 81 dsound.vxd
10/08/2004 13:00 114 pcl.sep
10/08/2004 13:00 140 perffilt.h
10/08/2004 13:00 168 l_except.nls
10/08/2004 13:00 343 prodspec.ini
10/08/2004 13:00 427 perfci.h
10/08/2004 13:00 435 perfwci.h
10/08/2004 13:00 487 login.cmd
10/08/2004 13:00 697 noise.tha
10/08/2004 13:00 741 noise.dat
10/08/2004 13:00 751 noise.eng
10/08/2004 13:00 751 noise.enu
10/08/2004 13:00 768 msdtcprf.h
10/08/2004 13:00 817 mscdexnt.exe
10/08/2004 13:00 862 termcap
10/08/2004 13:00 882 fastopen.exe
10/08/2004 13:00 882 share.exe
10/08/2004 13:00 929 homepage.inf
10/08/2004 13:00 1,129 vwipxspx.exe
10/08/2004 13:00 1,131 loadfix.com
10/08/2004 13:00 1,152 mmtask.tsk
10/08/2004 13:00 1,152 perffilt.ini
10/08/2004 13:00 1,161 usrlogon.cmd
10/08/2004 13:00 1,492 mmdriver.inf
10/08/2004 13:00 1,688 AUTOEXEC.NT
10/08/2004 13:00 1,688 autoexec.bak
10/08/2004 13:00 1,696 noise.chs
10/08/2004 13:00 1,696 noise.cht
10/08/2004 13:00 1,744 sound.drv
10/08/2004 13:00 1,788 Dcache.bin
10/08/2004 13:00 1,818 rasctrnm.h
10/08/2004 13:00 1,931 msdtcprf.ini
10/08/2004 13:00 2,000 keyboard.drv
10/08/2004 13:00 2,032 mouse.drv
10/08/2004 13:00 2,080 winoldap.mod
10/08/2004 13:00 2,112 winspool.exe
10/08/2004 13:00 2,151 12520437.cpx
10/08/2004 13:00 2,176 vga.drv
10/08/2004 13:00 2,233 12520850.cpx
10/08/2004 13:00 2,560 lz32.dll
10/08/2004 13:00 2,577 CONFIG.TMP
10/08/2004 13:00 2,656 netware.drv
10/08/2004 13:00 2,732 perfwci.ini
10/08/2004 13:00 2,736 wowdeb.exe
10/08/2004 13:00 2,755 mqprfsym.h
10/08/2004 13:00 2,864 winsock.dll
10/08/2004 13:00 2,891 perfci.ini
10/08/2004 13:00 3,010 pschdcnt.h
10/08/2004 13:00 3,072 fixmapi.exe
10/08/2004 13:00 3,072 rnr20.dll
10/08/2004 13:00 3,072 systray.exe
10/08/2004 13:00 3,167 rsaci.rat
10/08/2004 13:00 3,178 rsvpcnts.h
10/08/2004 13:00 3,200 wowfax.dll
10/08/2004 13:00 3,214 sysprint.sep
10/08/2004 13:00 3,252 nw16.exe
10/08/2004 13:00 3,286 tslabels.h
10/08/2004 13:00 3,338 redir.exe
10/08/2004 13:00 3,360 system.drv
10/08/2004 13:00 3,458 rasctrs.ini
10/08/2004 13:00 3,577 sysprtj.sep
10/08/2004 13:00 3,584 msafd.dll
10/08/2004 13:00 3,584 iprop.dll
10/08/2004 13:00 3,584 riched32.dll
10/08/2004 13:00 3,584 icmp.dll
10/08/2004 13:00 3,584 comcat.dll
10/08/2004 13:00 3,584 mll_hp.dll
10/08/2004 13:00 3,584 regedt32.exe
10/08/2004 13:00 3,584 dpnaddr.dll
10/08/2004 13:00 3,584 dpnlobby.dll
10/08/2004 13:00 3,708 pubprn.vbs
10/08/2004 13:00 4,048 timer.drv
10/08/2004 13:00 4,096 nddeapir.exe
10/08/2004 13:00 4,096 unlodctr.exe
10/08/2004 13:00 4,096 wdl.trm
10/08/2004 13:00 4,096 actmovie.exe
10/08/2004 13:00 4,096 iprtprio.dll
10/08/2004 13:00 4,096 dsprpres.dll
10/08/2004 13:00 4,096 mtxex.dll
10/08/2004 13:00 4,096 rdpcfgex.dll
10/08/2004 13:00 4,126 msdxmlc.dll
10/08/2004 13:00 4,208 storage.dll
10/08/2004 13:00 4,310 odbcconf.rsp
10/08/2004 13:00 4,461 oembios.dat
10/08/2004 13:00 4,569 secupd.dat
10/08/2004 13:00 4,608 msimg32.dll
10/08/2004 13:00 4,608 regwiz.exe
10/08/2004 13:00 4,608 vjoy.dll
10/08/2004 13:00 4,608 bootok.exe
10/08/2004 13:00 4,608 dllhst3g.exe
10/08/2004 13:00 4,608 mchgrcoi.dll
10/08/2004 13:00 4,608 mssip32.dll
10/08/2004 13:00 4,608 mqsvc.exe
10/08/2004 13:00 4,656 ds16gt.dLL
10/08/2004 13:00 4,768 himem.sys
10/08/2004 13:00 5,120 shell.dll
10/08/2004 13:00 5,120 dllhost.exe
10/08/2004 13:00 5,120 sfc.dll
10/08/2004 13:00 5,120 bootvrfy.exe
10/08/2004 13:00 5,120 dcomcnfg.exe
10/08/2004 13:00 5,120 kbddv.dll
10/08/2004 13:00 5,120 lodctr.exe
10/08/2004 13:00 5,120 winnls.dll
10/08/2004 13:00 5,632 kbdlt.dll
10/08/2004 13:00 5,632 mll_qic.dll
10/08/2004 13:00 5,632 cisvc.exe
10/08/2004 13:00 5,632 wmi.dll
10/08/2004 13:00 5,632 write.exe
10/08/2004 13:00 5,632 kbdycc.dll
10/08/2004 13:00 5,632 kbdtat.dll
10/08/2004 13:00 5,632 kbduzb.dll
10/08/2004 13:00 5,632 kbdbu.dll
10/08/2004 13:00 5,632 kbdru1.dll
10/08/2004 13:00 5,632 kbdblr.dll
10/08/2004 13:00 5,632 kbdru.dll
10/08/2004 13:00 5,632 kbdro.dll
10/08/2004 13:00 5,632 kbdpl1.dll
10/08/2004 13:00 5,632 perfnw.dll
10/08/2004 13:00 5,632 kbdgae.dll
10/08/2004 13:00 5,632 softpub.dll
10/08/2004 13:00 5,632 winver.exe
10/08/2004 13:00 5,632 kbdmon.dll
10/08/2004 13:00 5,632 kbdhe.dll
10/08/2004 13:00 5,632 kbdhe220.dll
10/08/2004 13:00 5,632 kbdhe319.dll
10/08/2004 13:00 5,632 skdll.dll
10/08/2004 13:00 5,632 kbdmaori.dll
10/08/2004 13:00 5,632 kbdhu1.dll
10/08/2004 13:00 5,632 kbdazel.dll
10/08/2004 13:00 5,632 kbdus.dll
10/08/2004 13:00 5,632 security.dll
10/08/2004 13:00 5,632 kbdlt1.dll
10/08/2004 13:00 5,632 kbdir.dll
10/08/2004 13:00 5,632 kbdit.dll
10/08/2004 13:00 5,632 kbdit142.dll
10/08/2004 13:00 5,632 kbdkaz.dll
10/08/2004 13:00 5,632 kbdaze.dll
10/08/2004 13:00 5,632 kbduk.dll
10/08/2004 13:00 5,632 kbdur.dll
10/08/2004 13:00 5,632 kbdkyr.dll
10/08/2004 13:00 5,632 tapiperf.dll
10/08/2004 13:00 6,144 kbdinbe1.dll
10/08/2004 13:00 6,144 kbdic.dll
10/08/2004 13:00 6,144 kbdlv.dll
10/08/2004 13:00 6,144 kbdlv1.dll
10/08/2004 13:00 6,144 kbdusl.dll
10/08/2004 13:00 6,144 kbdmac.dll
10/08/2004 13:00 6,144 kbdhela2.dll
10/08/2004 13:00 6,144 kbdmlt47.dll
10/08/2004 13:00 6,144 kbdmlt48.dll
10/08/2004 13:00 6,144 msdtc.exe
10/08/2004 13:00 6,144 kbdusr.dll
10/08/2004 13:00 6,144 kbdgr1.dll
10/08/2004 13:00 6,144 kbdgr.dll
10/08/2004 13:00 6,144 kbdne.dll
10/08/2004 13:00 6,144 kbdusx.dll
10/08/2004 13:00 6,144 kbdgkl.dll
10/08/2004 13:00 6,144 kbdno.dll
10/08/2004 13:00 6,144 kbdtuq.dll
10/08/2004 13:00 6,144 kbdbe.dll
10/08/2004 13:00 6,144 kbdpo.dll
10/08/2004 13:00 6,144 kbdfr.dll
10/08/2004 13:00 6,144 kbdbene.dll
10/08/2004 13:00 6,144 kbdbr.dll
10/08/2004 13:00 6,144 kbdfi.dll
10/08/2004 13:00 6,144 kbdsf.dll
10/08/2004 13:00 6,144 kbdsp.dll
10/08/2004 13:00 6,144 kbdsw.dll
10/08/2004 13:00 6,144 svcpack.dll
10/08/2004 13:00 6,144 csrss.exe
10/08/2004 13:00 6,144 kbdca.dll
10/08/2004 13:00 6,144 kbdfc.dll
10/08/2004 13:00 6,144 kbdda.dll
10/08/2004 13:00 6,144 lpq.exe
10/08/2004 13:00 6,144 kbdes.dll
10/08/2004 13:00 6,144 kbdest.dll
10/08/2004 13:00 6,144 kbdfo.dll
10/08/2004 13:00 6,144 kbdtuf.dll
10/08/2004 13:00 6,144 nwevent.dll
10/08/2004 13:00 6,656 wuauserv.dll
10/08/2004 13:00 6,656 kbdla.dll
10/08/2004 13:00 6,656 kbdinmal.dll
10/08/2004 13:00 6,656 kbdinben.dll
10/08/2004 13:00 6,656 sensapi.dll
10/08/2004 13:00 6,656 kbdhu.dll
10/08/2004 13:00 6,656 kbdhela3.dll
10/08/2004 13:00 6,656 kbdsg.dll
10/08/2004 13:00 6,656 routetab.dll
10/08/2004 13:00 6,656 kbdcz2.dll
10/08/2004 13:00 6,656 kbdcz1.dll
10/08/2004 13:00 6,656 kbdcr.dll
10/08/2004 13:00 6,656 KBDAL.DLL
10/08/2004 13:00 6,656 kbdsl.dll
10/08/2004 13:00 6,656 kbdycl.dll
10/08/2004 13:00 6,656 kbdpl.dll
10/08/2004 13:00 6,656 msswchx.exe
10/08/2004 13:00 6,656 kbdsl1.dll
10/08/2004 13:00 6,656 msidle.dll
10/08/2004 13:00 6,708 esentprf.hxx
10/08/2004 13:00 6,761 oembios.sig
10/08/2004 13:00 6,877 pschdprf.ini
10/08/2004 13:00 6,948 kanji_1.uce
10/08/2004 13:00 7,040 kdcom.dll
10/08/2004 13:00 7,046 l_intl.nls
10/08/2004 13:00 7,052 nlsfunc.exe
10/08/2004 13:00 7,168 wshnetbs.dll
10/08/2004 13:00 7,168 kbdnec.dll
10/08/2004 13:00 7,168 stdole32.tlb
10/08/2004 13:00 7,168 kbdcz.dll
10/08/2004 13:00 7,168 hccoin.dll
10/08/2004 13:00 7,168 mscat32.dll
10/08/2004 13:00 7,168 kbdfi1.dll
10/08/2004 13:00 7,168 kbdukx.dll
10/08/2004 13:00 7,168 recover.exe
10/08/2004 13:00 7,168 diskcopy.com
10/08/2004 13:00 7,168 bitsprx3.dll
10/08/2004 13:00 7,168 tlntsvrp.dll
10/08/2004 13:00 7,168 msr2cenu.dll
10/08/2004 13:00 7,168 forcedos.exe
10/08/2004 13:00 7,168 kbdno1.dll
10/08/2004 13:00 7,208 secupd.sig
10/08/2004 13:00 7,424 kd1394.dll
10/08/2004 13:00 7,680 hostname.exe
10/08/2004 13:00 7,680 mciole32.dll
10/08/2004 13:00 7,680 chcp.com
10/08/2004 13:00 7,680 vcdex.dll
10/08/2004 13:00 7,680 kbdsmsfi.dll
10/08/2004 13:00 7,680 ncxpnt.dll
10/08/2004 13:00 7,680 ckcnv.exe
10/08/2004 13:00 7,680 mll_mtf.dll
10/08/2004 13:00 7,680 kbdcan.dll
10/08/2004 13:00 7,680 kbdsmsno.dll
10/08/2004 13:00 8,191 bios4.rom
10/08/2004 13:00 8,192 qosname.dll
10/08/2004 13:00 8,192 streamci.dll
10/08/2004 13:00 8,192 psnppagn.dll
10/08/2004 13:00 8,192 tsbyuv.dll
10/08/2004 13:00 8,192 mciole16.dll
10/08/2004 13:00 8,192 mag_hook.dll
10/08/2004 13:00 8,192 tssoft32.acm
10/08/2004 13:00 8,192 bitsprx2.dll
10/08/2004 13:00 8,192 control.exe
10/08/2004 13:00 8,192 mqperf.dll
10/08/2004 13:00 8,192 kbdhept.dll
10/08/2004 13:00 8,192 smbinst.exe
10/08/2004 13:00 8,192 lpr.exe
10/08/2004 13:00 8,192 mountvol.exe
10/08/2004 13:00 8,192 ntlsapi.dll
10/08/2004 13:00 8,192 igmpagnt.dll
10/08/2004 13:00 8,192 winhlp32.exe
10/08/2004 13:00 8,192 d3d8thk.dll
10/08/2004 13:00 8,192 cidaemon.exe
10/08/2004 13:00 8,386 ctype.nls
10/08/2004 13:00 8,424 exe2bin.exe
10/08/2004 13:00 8,484 kanji_2.uce
10/08/2004 13:00 8,704 dciman32.dll
10/08/2004 13:00 8,704 eventvwr.exe
10/08/2004 13:00 8,704 batt.dll
10/08/2004 13:00 9,008 ver.dll
10/08/2004 13:00 9,029 ansi.sys
10/08/2004 13:00 9,216 diskcomp.com
10/08/2004 13:00 9,216 find.exe
10/08/2004 13:00 9,216 wifeman.dll
10/08/2004 13:00 9,216 proxycfg.exe
10/08/2004 13:00 9,216 print.exe
10/08/2004 13:00 9,216 wshatm.dll
10/08/2004 13:00 9,216 subst.exe
10/08/2004 13:00 9,216 iissuba.dll
10/08/2004 13:00 9,216 lprmonui.dll
10/08/2004 13:00 9,216 msg711.acm
10/08/2004 13:00 9,216 scrnsave.scr
10/08/2004 13:00 9,216 winfax.dll
10/08/2004 13:00 9,216 finger.exe
10/08/2004 13:00 9,344 framebuf.dll
10/08/2004 13:00 9,344 vga.dll
10/08/2004 13:00 9,728 reset.exe
10/08/2004 13:00 9,728 label.exe
10/08/2004 13:00 9,728 sprestrt.exe
10/08/2004 13:00 9,728 sfc.exe
10/08/2004 13:00 9,728 gpkrsrc.dll
10/08/2004 13:00 9,728 rsvpperf.dll
10/08/2004 13:00 9,936 lzexpand.dll
10/08/2004 13:00 10,110 mqperf.ini
10/08/2004 13:00 10,112 modex.dll
10/08/2004 13:00 10,240 scriptpw.dll
10/08/2004 13:00 10,240 panmap.dll
10/08/2004 13:00 10,240 lprhelp.dll
10/08/2004 13:00 10,240 mcd32.dll
10/08/2004 13:00 10,368 wowexec.exe
10/08/2004 13:00 10,496 mcdsrv32.dll
10/08/2004 13:00 10,544 comm.drv
10/08/2004 13:00 10,752 pschdprf.dll
10/08/2004 13:00 10,752 mqcertui.dll
10/08/2004 13:00 10,752 clb.dll
10/08/2004 13:00 10,752 dumprep.exe
10/08/2004 13:00 10,752 doskey.exe
10/08/2004 13:00 10,790 edit.hlp
10/08/2004 13:00 11,264 atmadm.exe
10/08/2004 13:00 11,264 chkntfs.exe
10/08/2004 13:00 11,264 tree.com
10/08/2004 13:00 11,264 attrib.exe
10/08/2004 13:00 11,264 msrle32.dll
10/08/2004 13:00 11,264 icaapi.dll
10/08/2004 13:00 11,264 autolfn.exe
10/08/2004 13:00 11,264 rasdial.exe
10/08/2004 13:00 11,264 atrace.dll
10/08/2004 13:00 11,753 setver.exe
10/08/2004 13:00 11,776 spnpinst.exe
10/08/2004 13:00 11,776 chkdsk.exe
10/08/2004 13:00 11,776 WshRm.dll
10/08/2004 13:00 11,776 regsvr32.exe
10/08/2004 13:00 11,776 winmsd.exe
10/08/2004 13:00 11,776 localui.dll
10/08/2004 13:00 11,776 rasautou.exe
10/08/2004 13:00 11,776 rasctrs.dll
10/08/2004 13:00 11,776 wshisn.dll
10/08/2004 13:00 12,082 rsvp.ini
10/08/2004 13:00 12,168 tsddd.dll
10/08/2004 13:00 12,288 tcmsetup.exe
10/08/2004 13:00 12,288 msdatsrc.tlb
10/08/2004 13:00 12,288 mstinit.exe
10/08/2004 13:00 12,288 tracert.exe
10/08/2004 13:00 12,288 bootvid.dll
10/08/2004 13:00 12,288 mscpx32r.dLL
10/08/2004 13:00 12,288 odbcp32r.dll
10/08/2004 13:00 12,288 mmdrv.dll
10/08/2004 13:00 12,288 nmevtmsg.dll
10/08/2004 13:00 12,288 netrap.dll
10/08/2004 13:00 12,288 perfts.dll
10/08/2004 13:00 12,498 append.exe
10/08/2004 13:00 12,642 edlin.exe
10/08/2004 13:00 12,800 replace.exe
10/08/2004 13:00 12,800 mrinfo.exe
10/08/2004 13:00 12,800 rasser.dll
10/08/2004 13:00 12,800 spiisupd.exe
10/08/2004 13:00 12,876 korean.uce
10/08/2004 13:00 13,223 tslabels.ini
10/08/2004 13:00 13,256 noise.nld
10/08/2004 13:00 13,312 msswch.dll
10/08/2004 13:00 13,312 savedump.exe
10/08/2004 13:00 13,312 verifier.dll
10/08/2004 13:00 13,312 lsass.exe
10/08/2004 13:00 13,312 irclass.dll
10/08/2004 13:00 13,312 win87em.dll
10/08/2004 13:00 13,312 atkctrs.dll
10/08/2004 13:00 13,312 ntvdmd.dll
10/08/2004 13:00 13,312 sigtab.dll
10/08/2004 13:00 13,312 umdmxfrm.dll
10/08/2004 13:00 13,600 wfwnet.drv
10/08/2004 13:00 13,730 noise.sve
10/08/2004 13:00 13,824 uniplat.dll
10/08/2004 13:00 13,824 senscfg.dll
10/08/2004 13:00 13,824 rexec.exe
10/08/2004 13:00 13,824 sisbkup.dll
10/08/2004 13:00 13,824 lmhsvc.dll
10/08/2004 13:00 13,824 rdsaddin.exe
10/08/2004 13:00 13,824 convert.exe
10/08/2004 13:00 13,824 wowfaxui.dll
10/08/2004 13:00 13,824 wscntfy.exe
10/08/2004 13:00 13,824 cmsetACL.dll
10/08/2004 13:00 13,888 toolhelp.dll
10/08/2004 13:00 14,336 wship6.dll
10/08/2004 13:00 14,336 ssstars.scr
10/08/2004 13:00 14,336 serialui.dll
10/08/2004 13:00 14,336 ntlanui2.dll
10/08/2004 13:00 14,336 svchost.exe
10/08/2004 13:00 14,336 msdmo.dll
10/08/2004 13:00 14,336 auditusr.exe
10/08/2004 13:00 14,336 runonce.exe
10/08/2004 13:00 14,336 cmpbk32.dll
10/08/2004 13:00 14,336 drprov.dll
10/08/2004 13:00 14,710 kb16.com
10/08/2004 13:00 14,848 serwvdrv.dll
10/08/2004 13:00 14,848 tscon.exe
10/08/2004 13:00 14,848 stimon.exe
10/08/2004 13:00 14,848 tsdiscon.exe
10/08/2004 13:00 14,848 rsh.exe
10/08/2004 13:00 14,848 shadow.exe
10/08/2004 13:00 14,848 slbrccsp.dll
10/08/2004 13:00 14,848 fc.exe
10/08/2004 13:00 14,848 msidntld.dll
10/08/2004 13:00 14,848 msadp32.acm
10/08/2004 13:00 14,848 mcastmib.dll
10/08/2004 13:00 14,848 help.exe
10/08/2004 13:00 14,848 tcpmib.dll
10/08/2004 13:00 14,848 hnetmon.dll
10/08/2004 13:00 14,848 mgmtapi.dll
10/08/2004 13:00 15,360 pjlmon.dll
10/08/2004 13:00 15,360 pentnt.exe
10/08/2004 13:00 15,360 logoff.exe
10/08/2004 13:00 15,360 taskman.exe
10/08/2004 13:00 15,360 tsd32.dll
10/08/2004 13:00 15,360 ctfmon.exe
10/08/2004 13:00 15,860 prnqctl.vbs
10/08/2004 13:00 15,872 more.com
10/08/2004 13:00 15,872 rwinsta.exe
10/08/2004 13:00 15,872 inetppui.dll
10/08/2004 13:00 15,872 cdmodem.dll
10/08/2004 13:00 15,872 w3ssl.dll
10/08/2004 13:00 15,872 cmcfg32.dll
10/08/2004 13:00 15,872 perfmon.exe
10/08/2004 13:00 15,872 dmremote.exe
10/08/2004 13:00 15,872 expand.exe
10/08/2004 13:00 15,872 sysinv.dll
10/08/2004 13:00 15,872 comp.exe
10/08/2004 13:00 16,384 avmeter.dll
10/08/2004 13:00 16,384 deskadp.dll
10/08/2004 13:00 16,384 tskill.exe
10/08/2004 13:00 16,384 icfgnt5.dll
10/08/2004 13:00 16,384 runas.exe
10/08/2004 13:00 16,384 ds32gt.dll
10/08/2004 13:00 16,384 odbc32gt.dll
10/08/2004 13:00 16,384 prflbmsg.dll
10/08/2004 13:00 16,384 fmifs.dll
10/08/2004 13:00 16,384 imaadp32.acm
10/08/2004 13:00 16,384 simpdata.tlb
10/08/2004 13:00 16,740 shiftjis.uce
10/08/2004 13:00 16,896 qappsrv.exe
10/08/2004 13:00 16,896 upnpcont.exe
10/08/2004 13:00 16,896 vss_ps.dll
10/08/2004 13:00 16,896 cfgmgr32.dll
10/08/2004 13:00 16,896 rassapi.dll
10/08/2004 13:00 16,896 tsshutdn.exe
10/08/2004 13:00 16,896 usbmon.dll
10/08/2004 13:00 16,896 winrnr.dll
10/08/2004 13:00 16,896 mqise.dll
10/08/2004 13:00 16,896 tftp.exe
10/08/2004 13:00 16,896 oleaccrc.dll
10/08/2004 13:00 16,896 perfnet.dll
10/08/2004 13:00 16,896 deskmon.dll
10/08/2004 13:00 17,408 msyuv.dll
10/08/2004 13:00 17,408 alrsvc.dll
10/08/2004 13:00 17,408 mmfutil.dll
10/08/2004 13:00 17,408 winshfhc.dll
10/08/2004 13:00 17,408 bidispl.dll
10/08/2004 13:00 17,408 nwapi16.dll
10/08/2004 13:00 17,408 compact.exe
10/08/2004 13:00 17,408 powrprof.dll
10/08/2004 13:00 17,408 mcicda.dll
10/08/2004 13:00 17,408 ipconf.tsp
10/08/2004 13:00 17,408 esentprf.dll
10/08/2004 13:00 17,664 watchdog.sys
10/08/2004 13:00 17,920 dvdupgrd.exe
10/08/2004 13:00 17,920 ping.exe
10/08/2004 13:00 17,920 iaspolcy.dll
10/08/2004 13:00 17,920 stdole2.tlb
10/08/2004 13:00 17,920 nddeapi.dll
10/08/2004 13:00 17,920 diskperf.exe
10/08/2004 13:00 17,920 ureg.dll
10/08/2004 13:00 18,176 vga64k.dll
10/08/2004 13:00 18,432 deskperf.dll
10/08/2004 13:00 18,432 cacls.exe
10/08/2004 13:00 18,432 ups.exe
10/08/2004 13:00 18,432 secedit.exe
10/08/2004 13:00 18,432 dpnsvr.exe
10/08/2004 13:00 18,432 dmintf.dll
10/08/2004 13:00 18,432 wtsapi32.dll
10/08/2004 13:00 18,432 win.com
10/08/2004 13:00 18,832 v7vga.rom
10/08/2004 13:00 18,896 sysedit.exe
10/08/2004 13:00 18,944 mimefilt.dll
10/08/2004 13:00 18,944 version.dll
10/08/2004 13:00 18,944 rsmps.dll
10/08/2004 13:00 18,944 midimap.dll
10/08/2004 13:00 18,944 nddenb32.dll
10/08/2004 13:00 18,944 snmpapi.dll
10/08/2004 13:00 18,944 qmgrprxy.dll
10/08/2004 13:00 18,944 ssmyst.scr
10/08/2004 13:00 18,944 seclogon.dll
10/08/2004 13:00 18,944 winstrm.dll
10/08/2004 13:00 18,944 wmiprop.dll
10/08/2004 13:00 19,200 tapi.dll
10/08/2004 13:00 19,456 arp.exe
10/08/2004 13:00 19,456 mode.com
10/08/2004 13:00 19,456 vwipxspx.dll
10/08/2004 13:00 19,456 dswave.dll
10/08/2004 13:00 19,456 shutdown.exe
10/08/2004 13:00 19,456 dmocx.dll
10/08/2004 13:00 19,456 tcpsvcs.exe
10/08/2004 13:00 19,618 noise.ita
10/08/2004 13:00 19,684 noise.esn
10/08/2004 13:00 19,694 graphics.com
10/08/2004 13:00 19,968 route.exe
10/08/2004 13:00 19,968 wshtcpip.dll
10/08/2004 13:00 19,968 rdpsnd.dll
10/08/2004 13:00 19,968 ssbezier.scr
10/08/2004 13:00 19,968 mqbkup.exe
10/08/2004 13:00 19,968 ws2help.dll
10/08/2004 13:00 19,968 msgsm32.acm
10/08/2004 13:00 20,480 nbtstat.exe
10/08/2004 13:00 20,480 cliconfg.exe
10/08/2004 13:00 20,480 nwcfg.dll
10/08/2004 13:00 20,480 wmp.ocx
10/08/2004 13:00 20,480 wmpcd.dll
10/08/2004 13:00 20,480 qprocess.exe
10/08/2004 13:00 20,480 wmpcore.dll
10/08/2004 13:00 20,480 wmpui.dll
10/08/2004 13:00 20,480 msacm32.drv
10/08/2004 13:00 20,480 encapi.dll
10/08/2004 13:00 20,480 msorc32r.dll
10/08/2004 13:00 20,480 mtxdm.dll
10/08/2004 13:00 20,510 odfox32.dll
10/08/2004 13:00 20,510 odexl32.dll
10/08/2004 13:00 20,510 odpdx32.dll
10/08/2004 13:00 20,511 oddbse32.dll
10/08/2004 13:00 20,511 odtext32.dll
10/08/2004 13:00 20,535 vfpodbc.dll
10/08/2004 13:00 20,634 debug.exe
10/08/2004 13:00 20,992 ipxwan.dll
10/08/2004 13:00 20,992 hid.dll
10/08/2004 13:00 20,992 fontview.exe
10/08/2004 13:00 20,992 msg.exe
10/08/2004 13:00 20,992 ssmarque.scr
10/08/2004 13:00 20,992 bthci.dll
10/08/2004 13:00 20,992 sclgntfy.dll
10/08/2004 13:00 21,232 graphics.pro
10/08/2004 13:00 21,504 feclient.dll
10/08/2004 13:00 21,504 ipxrip.dll
10/08/2004 13:00 21,504 dpvacm.dll
10/08/2004 13:00 21,504 pathping.exe
10/08/2004 13:00 21,504 rcp.exe
10/08/2004 13:00 21,527 prnjobs.vbs
10/08/2004 13:00 22,016 w32topl.dll
10/08/2004 13:00 22,016 qwinsta.exe
10/08/2004 13:00 22,016 lpk.dll
10/08/2004 13:00 22,016 rpcns4.dll
10/08/2004 13:00 22,016 olesvr32.dll
10/08/2004 13:00 22,016 mpnotify.exe
10/08/2004 13:00 22,040 sorttbls.nls
10/08/2004 13:00 22,528 wsock32.dll
10/08/2004 13:00 22,528 mfcsubs.dll
10/08/2004 13:00 22,528 rasmxs.dll
10/08/2004 13:00 22,984 bopomofo.uce
10/08/2004 13:00 23,040 setup.exe
10/08/2004 13:00 23,040 mciseq.dll
10/08/2004 13:00 23,040 psapi.dll
10/08/2004 13:00 23,040 ersvc.dll
10/08/2004 13:00 23,552 mciwave.dll
10/08/2004 13:00 23,552 rasrad.dll
10/08/2004 13:00 23,552 ipxroute.exe
10/08/2004 13:00 23,552 dmserver.dll
10/08/2004 13:00 23,552 sfmapi.dll
10/08/2004 13:00 23,552 dpmodemx.dll
10/08/2004 13:00 23,552 iasacct.dll
10/08/2004 13:00 23,552 rsvpmsg.dll
10/08/2004 13:00 23,552 sort.exe
10/08/2004 13:00 24,006 gb2312.uce
10/08/2004 13:00 24,064 pidgen.dll
10/08/2004 13:00 24,064 olesvr.dll
10/08/2004 13:00 24,576 odbcbcp.dll
10/08/2004 13:00 24,576 gdi.exe
10/08/2004 13:00 24,576 dbmsrpcn.dll
10/08/2004 13:00 24,576 cliconfg.rll
10/08/2004 13:00 24,576 rsmsink.exe
10/08/2004 13:00 24,576 userinit.exe
10/08/2004 13:00 24,576 davclnt.dll
10/08/2004 13:00 24,576 httpapi.dll
10/08/2004 13:00 24,603 sqlwid.dll
10/08/2004 13:00 24,661 spxcoins.dll
10/08/2004 13:00 24,772 geo.nls
10/08/2004 13:00 25,088 slayerxp.dll
10/08/2004 13:00 25,088 at.exe
10/08/2004 13:00 25,088 lnkstub.exe
10/08/2004 13:00 25,088 defrag.exe
10/08/2004 13:00 25,088 shfolder.dll
10/08/2004 13:00 25,088 mslbui.dll
10/08/2004 13:00 25,088 perfos.dll
10/08/2004 13:00 25,088 mtxlegih.dll
10/08/2004 13:00 25,264 mciseq.drv
10/08/2004 13:00 25,415 prndrvr.vbs
10/08/2004 13:00 25,600 comaddin.dll
10/08/2004 13:00 25,600 format.com
10/08/2004 13:00 25,600 utildll.dll
10/08/2004 13:00 25,600 aaaamon.dll
10/08/2004 13:00 25,600 msvidc32.dll
10/08/2004 13:00 25,600 netsetup.cpl
10/08/2004 13:00 25,600 routemon.exe
10/08/2004 13:00 25,600 udhisapi.dll
10/08/2004 13:00 26,112 vdmdbg.dll
10/08/2004 13:00 26,112 graftabl.com
10/08/2004 13:00 26,112 adptif.dll
10/08/2004 13:00 26,112 skeys.exe
10/08/2004 13:00 26,112 ntdsbcli.dll
10/08/2004 13:00 26,209 ntmsmgr.msc
10/08/2004 13:00 26,224 odbc16gt.dll
10/08/2004 13:00 26,624 efsadu.dll
10/08/2004 13:00 26,624 perfdisk.dll
10/08/2004 13:00 26,624 cnvfat.dll
10/08/2004 13:00 26,624 scredir.dll
10/08/2004 13:00 26,624 msxmlr.dll
10/08/2004 13:00 27,097 country.sys
10/08/2004 13:00 27,136 ddrawex.dll
10/08/2004 13:00 27,136 ctl3d32.dll
10/08/2004 13:00 27,136 findstr.exe
10/08/2004 13:00 27,200 ctl3dv2.dll
10/08/2004 13:00 27,648 profmap.dll
10/08/2004 13:00 27,648 shscrap.dll
10/08/2004 13:00 27,648 conime.exe
10/08/2004 13:00 27,648 ccfgnt.dll
10/08/2004 13:00 27,866 ntdos.sys
10/08/2004 13:00 28,112 drwatson.exe
10/08/2004 13:00 28,160 telephon.cpl
10/08/2004 13:00 28,160 mciwave.drv
10/08/2004 13:00 28,420 bios1.rom
10/08/2004 13:00 28,626 perfd009.dat
10/08/2004 13:00 28,672 batmeter.dll
10/08/2004 13:00 28,672 nmmkcert.dll
10/08/2004 13:00 28,672 dmband.dll
10/08/2004 13:00 28,672 rsfsaps.dll
10/08/2004 13:00 28,672 dbnmpntw.dll
10/08/2004 13:00 28,672 wshcon.dll
10/08/2004 13:00 28,672 dfsshlex.dll
10/08/2004 13:00 28,746 msrecr40.dll
10/08/2004 13:00 29,146 ntdos804.sys
10/08/2004 13:00 29,146 ntdos404.sys
10/08/2004 13:00 29,184 sendcmsg.dll
10/08/2004 13:00 29,184 sdhcinst.dll
10/08/2004 13:00 29,274 ntdos412.sys
10/08/2004 13:00 29,370 ntdos411.sys
10/08/2004 13:00 29,454 prnport.vbs
10/08/2004 13:00 29,696 hidphone.tsp
10/08/2004 13:00 29,696 safrdm.dll
10/08/2004 13:00 29,696 lights.exe
10/08/2004 13:00 30,160 compobj.dll
10/08/2004 13:00 30,208 bthserv.dll
10/08/2004 13:00 30,208 dplaysvr.exe
10/08/2004 13:00 30,208 asr_fmt.exe
10/08/2004 13:00 30,208 mspatcha.dll
10/08/2004 13:00 30,208 atmlib.dll
10/08/2004 13:00 30,208 ddeshare.exe
10/08/2004 13:00 30,720 vbisurf.ax
10/08/2004 13:00 30,720 plustab.dll
10/08/2004 13:00 30,720 iologmsg.dll
10/08/2004 13:00 30,720 xcopy.exe
10/08/2004 13:00 30,749 vbajet32.dll
10/08/2004 13:00 31,232 sc.exe
10/08/2004 13:00 31,232 traffic.dll
10/08/2004 13:00 31,232 sethc.exe
10/08/2004 13:00 31,744 rtipxmib.dll
10/08/2004 13:00 31,744 tracert6.exe
10/08/2004 13:00 31,744 ntsd.exe
10/08/2004 13:00 32,256 wupdmgr.exe
10/08/2004 13:00 32,256 asr_ldm.exe
10/08/2004 13:00 32,256 wpnpinst.exe
10/08/2004 13:00 32,256 wpabaln.exe
10/08/2004 13:00 32,256 iashlpr.dll
10/08/2004 13:00 32,546 prnmngr.vbs
10/08/2004 13:00 32,674 winhelp.hlp
10/08/2004 13:00 32,760 fsmgmt.msc
10/08/2004 13:00 32,768 mnmsrvc.exe
10/08/2004 13:00 32,768 asr_pfu.exe
10/08/2004 13:00 32,768 relog.exe
10/08/2004 13:00 32,768 cnetcfg.dll
10/08/2004 13:00 32,768 isrdbg32.dll
10/08/2004 13:00 32,768 odbcad32.exe
10/08/2004 13:00 32,768 winipsec.dll
10/08/2004 13:00 32,768 csrsrv.dll
10/08/2004 13:00 32,768 odbccp32.cpl
10/08/2004 13:00 32,816 commdlg.dll
10/08/2004 13:00 32,968 ntmsoprq.msc
10/08/2004 13:00 33,040 dplay.dll
10/08/2004 13:00 33,079 devmgmt.msc
10/08/2004 13:00 33,280 cryptdll.dll
10/08/2004 13:00 33,280 msobjs.dll
10/08/2004 13:00 33,280 eventcls.dll
10/08/2004 13:00 33,280 rundll32.exe
10/08/2004 13:00 33,280 inetmib1.dll
10/08/2004 13:00 33,280 kmddsp.tsp
10/08/2004 13:00 33,280 ping6.exe
10/08/2004 13:00 33,280 clipsrv.exe
10/08/2004 13:00 33,464 services.msc
10/08/2004 13:00 33,673 diskmgmt.msc
10/08/2004 13:00 33,792 msgsvc.dll
10/08/2004 13:00 33,792 vssadmin.exe
10/08/2004 13:00 33,792 regini.exe
10/08/2004 13:00 33,840 ntio.sys
10/08/2004 13:00 34,304 pstorsvc.dll
10/08/2004 13:00 34,560 mnmdd.dll
10/08/2004 13:00 34,560 ntio804.sys
10/08/2004 13:00 34,560 ntio404.sys
10/08/2004 13:00 34,816 atmpvcno.dll
10/08/2004 13:00 34,816 perfproc.dll
10/08/2004 13:00 34,816 ssdpapi.dll
10/08/2004 13:00 34,816 d3dpmesh.dll
10/08/2004 13:00 34,871 gpedit.msc
10/08/2004 13:00 35,328 dpnhpast.dll
10/08/2004 13:00 35,328 pifmgr.dll
10/08/2004 13:00 35,328 winchat.exe
10/08/2004 13:00 35,328 pid.dll
10/08/2004 13:00 35,328 mciqtz32.dll
10/08/2004 13:00 35,328 corpol.dll
10/08/2004 13:00 35,424 ntio412.sys
10/08/2004 13:00 35,648 ntio411.sys
10/08/2004 13:00 35,755 prncnfg.vbs
10/08/2004 13:00 35,840 dmloader.dll
10/08/2004 13:00 35,840 jgmd400.dll
10/08/2004 13:00 35,840 narrhook.dll
10/08/2004 13:00 35,840 ncpa.cpl
10/08/2004 13:00 35,840 rcimlby.exe
10/08/2004 13:00 35,840 mssign32.dll
10/08/2004 13:00 36,352 ncobjapi.dll
10/08/2004 13:00 36,352 typeperf.exe
10/08/2004 13:00 36,364 secpol.msc
10/08/2004 13:00 36,864 ntmsevt.dll
10/08/2004 13:00 36,864 netstat.exe
10/08/2004 13:00 36,864 nwc.cpl
10/08/2004 13:00 36,864 mscpxl32.dLL
10/08/2004 13:00 36,864 syskey.exe
10/08/2004 13:00 36,864 mqoa10.tlb
10/08/2004 13:00 36,864 ntsdexts.dll
10/08/2004 13:00 36,921 imeshare.dll
10/08/2004 13:00 37,916 msxml2r.dll
10/08/2004 13:00 38,302 compmgmt.msc
10/08/2004 13:00 38,912 sens.dll
10/08/2004 13:00 38,912 cfgbkend.dll
10/08/2004 13:00 38,912 dfrgsnap.dll
10/08/2004 13:00 39,274 mem.exe
10/08/2004 13:00 39,424 esentutl.exe
10/08/2004 13:00 39,424 ddeml.dll
10/08/2004 13:00 39,424 grpconv.exe
10/08/2004 13:00 39,744 ole2.dll
10/08/2004 13:00 39,936 cmutil.dll
10/08/2004 13:00 39,936 cmmon32.exe
10/08/2004 13:00 39,936 perfctrs.dll
10/08/2004 13:00 39,936 ipxrtmgr.dll
10/08/2004 13:00 39,936 rshx32.dll
10/08/2004 13:00 40,448 webhits.dll
10/08/2004 13:00 40,448 wiasf.ax
10/08/2004 13:00 40,448 osuninst.exe
10/08/2004 13:00 40,505 cmdlib.wsc
10/08/2004 13:00 40,960 ntmsapi.dll
10/08/2004 13:00 41,019 usrsvpia.dll
10/08/2004 13:00 41,397 dfrg.msc
10/08/2004 13:00 41,472 iasads.dll
10/08/2004 13:00 41,472 g711codc.ax
10/08/2004 13:00 41,762 ciadv.msc
10/08/2004 13:00 41,984 msports.dll
10/08/2004 13:00 41,984 htui.dll
10/08/2004 13:00 42,166 lusrmgr.msc
10/08/2004 13:00 42,339 certmgr.msc
10/08/2004 13:00 42,496 net.exe
10/08/2004 13:00 42,496 ftp.exe
10/08/2004 13:00 42,496 wsnmp32.dll
10/08/2004 13:00 42,496 audiosrv.dll
10/08/2004 13:00 42,496 shmgrate.exe
10/08/2004 13:00 42,537 keyboard.sys
10/08/2004 13:00 42,768 dpwsock.dll
10/08/2004 13:00 42,809 key01.sys
10/08/2004 13:00 43,520 ntlanman.dll
10/08/2004 13:00 43,520 racpldlg.dll
10/08/2004 13:00 43,520 pstorec.dll
10/08/2004 13:00 43,520 safrcdlg.dll
10/08/2004 13:00 44,032 dimap.dll
10/08/2004 13:00 44,032 ipsec6.exe
10/08/2004 13:00 44,032 twext.dll
10/08/2004 13:00 44,032 msxml3r.dll
10/08/2004 13:00 44,032 rtutils.dll
10/08/2004 13:00 44,451 rsop.msc
10/08/2004 13:00 44,544 hticons.dll
10/08/2004 13:00 44,544 alg.exe
10/08/2004 13:00 44,544 jgaw400.dll
10/08/2004 13:00 44,544 tscupgrd.exe
10/08/2004 13:00 45,083 dispex.dll
10/08/2004 13:00 45,116 usrvoica.dll
10/08/2004 13:00 45,568 jgsd400.dll
10/08/2004 13:00 45,568 dnsrslvr.dll
10/08/2004 13:00 45,568 extrac32.exe
10/08/2004 13:00 45,568 tcpmon.dll
10/08/2004 13:00 45,568 tcpmonui.dll
10/08/2004 13:00 45,568 drwtsn32.exe
10/08/2004 13:00 45,568 safrslv.dll
10/08/2004 13:00 46,080 docprop.dll
10/08/2004 13:00 46,133 sqlsodbc.chm
10/08/2004 13:00 46,258 mib.bin
10/08/2004 13:00 46,592 pmspl.dll
10/08/2004 13:00 47,104 mprui.dll
10/08/2004 13:00 47,104 cmdl32.exe
10/08/2004 13:00 47,104 cnbjmon.dll
10/08/2004 13:00 47,104 mqdscli.dll
10/08/2004 13:00 47,104 ssmypics.scr
10/08/2004 13:00 47,616 iyuv_32.dll
10/08/2004 13:00 47,616 d3dxof.dll
10/08/2004 13:00 47,872 user.exe
10/08/2004 13:00 47,952 jobexec.dll
10/08/2004 13:00 48,128 inetres.dll
10/08/2004 13:00 48,128 docprop2.dll
10/08/2004 13:00 48,128 msprivs.dll
10/08/2004 13:00 48,640 mqupgrd.dll
10/08/2004 13:00 48,794 ntimage.gif
10/08/2004 13:00 49,152 mprdim.dll
10/08/2004 13:00 49,152 powercfg.exe
10/08/2004 13:00 49,152 rsm.exe
10/08/2004 13:00 49,152 rsmui.exe
10/08/2004 13:00 49,179 sqlwoa.dll
10/08/2004 13:00 49,196 noise.fra
10/08/2004 13:00 49,209 usrv80a.dll
10/08/2004 13:00 49,211 usrvpa.dll
10/08/2004 13:00 49,211 usrsdpia.dll
10/08/2004 13:00 49,664 regapi.dll
10/08/2004 13:00 49,664 w32tm.exe
10/08/2004 13:00 50,176 proquota.exe
10/08/2004 13:00 50,176 loghours.dll
10/08/2004 13:00 50,176 reg.exe
10/08/2004 13:00 50,176 mdhcp.dll
10/08/2004 13:00 50,176 xmlprovi.dll
10/08/2004 13:00 50,176 eventcreate.exe
10/08/2004 13:00 50,620 command.com
10/08/2004 13:00 50,688 camocx.dll
10/08/2004 13:00 50,688 smss.exe
10/08/2004 13:00 50,688 wstdecod.dll
10/08/2004 13:00 50,688 mmcshext.dll
10/08/2004 13:00 50,688 btpanui.dll
10/08/2004 13:00 51,200 dssec.dll
10/08/2004 13:00 51,200 syncapp.exe
10/08/2004 13:00 51,200 dfrgres.dll
10/08/2004 13:00 51,200 wmerrenu.dll
10/08/2004 13:00 51,456 vga256.dll
10/08/2004 13:00 51,712 migpwd.exe
10/08/2004 13:00 51,712 msident.dll
10/08/2004 13:00 51,712 vdmredir.dll
10/08/2004 13:00 52,224 dmutil.dll
10/08/2004 13:00 52,224 tsappcmp.dll
10/08/2004 13:00 52,736 basesrv.dll
10/08/2004 13:00 53,248 ipv6.exe
10/08/2004 13:00 53,279 odbcji32.dll
10/08/2004 13:00 53,279 msjter40.dll
10/08/2004 13:00 53,305 usrlbva.dll
10/08/2004 13:00 53,478 tcpmon.ini
10/08/2004 13:00 53,520 dpserial.dll
10/08/2004 13:00 53,760 cryptext.dll
10/08/2004 13:00 53,760 winsta.dll
10/08/2004 13:00 53,840 dosx.exe
10/08/2004 13:00 54,272 stclient.dll
10/08/2004 13:00 54,272 ixsso.dll
10/08/2004 13:00 54,272 dataclen.dll
10/08/2004 13:00 54,784 msvcirt.dll
10/08/2004 13:00 54,784 icmui.dll
10/08/2004 13:00 54,784 npptools.dll
10/08/2004 13:00 55,296 mqoa20.tlb
10/08/2004 13:00 55,296 dvdplay.exe
10/08/2004 13:00 55,296 freecell.exe
10/08/2004 13:00 55,296 sendmail.dll
10/08/2004 13:00 55,296 getmac.exe
10/08/2004 13:00 55,808 ipconfig.exe
10/08/2004 13:00 55,808 wmiscmgr.dll
10/08/2004 13:00 55,808 secur32.dll
10/08/2004 13:00 55,808 eventlog.dll
10/08/2004 13:00 56,320 fsutil.exe
10/08/2004 13:00 56,320 servdeps.dll
10/08/2004 13:00 56,320 cipher.exe
10/08/2004 13:00 56,678 eventvwr.msc
10/08/2004 13:00 56,832 sol.exe
10/08/2004 13:00 56,832 rasphone.exe
10/08/2004 13:00 56,832 ndptsp.tsp
10/08/2004 13:00 57,344 msasn1.dll
10/08/2004 13:00 57,344 gpupdate.exe
10/08/2004 13:00 57,344 dpwsockx.dll
10/08/2004 13:00 57,856 ntlanui.dll
10/08/2004 13:00 57,856 synceng.dll
10/08/2004 13:00 57,856 clusapi.dll
10/08/2004 13:00 58,273 perfmon.msc
10/08/2004 13:00 58,368 packager.exe
10/08/2004 13:00 58,368 driverquery.exe
10/08/2004 13:00 58,880 resutils.dll
10/08/2004 13:00 58,880 atl.dll
10/08/2004 13:00 58,880 rastapi.dll
10/08/2004 13:00 58,880 msdtclog.dll
10/08/2004 13:00 58,880 licwmi.dll
10/08/2004 13:00 59,392 iassvcs.dll
10/08/2004 13:00 59,392 logman.exe
10/08/2004 13:00 59,904 regsvc.dll
10/08/2004 13:00 59,904 ipv6mon.dll
10/08/2004 13:00 59,904 devenum.dll
10/08/2004 13:00 59,904 mpr.dll
10/08/2004 13:00 59,904 cabinet.dll
10/08/2004 13:00 60,416 fwcfg.dll
10/08/2004 13:00 60,416 remotepg.dll
10/08/2004 13:00 60,416 msratelc.dll
10/08/2004 13:00 60,416 cryptsvc.dll
10/08/2004 13:00 60,458 ideograf.uce
10/08/2004 13:00 60,928 ocmanage.dll
10/08/2004 13:00 60,928 miglibnt.dll
10/08/2004 13:00 60,928 mqgentr.dll
10/08/2004 13:00 60,928 dpnhupnp.dll
10/08/2004 13:00 61,168 msacm.dll
10/08/2004 13:00 61,172 cmmgr32.hlp
10/08/2004 13:00 61,440 dmcompos.dll
10/08/2004 13:00 61,440 dmview.ocx
10/08/2004 13:00 61,440 msvcrt40.dll
10/08/2004 13:00 61,440 tlntadmn.exe
10/08/2004 13:00 61,440 rasman.dll
10/08/2004 13:00 61,500 usrcntra.dll
10/08/2004 13:00 61,508 usrprbda.exe
10/08/2004 13:00 61,952 acelpdec.ax
10/08/2004 13:00 61,952 dpnwsock.dll
10/08/2004 13:00 62,464 iasnap.dll
10/08/2004 13:00 62,464 dpnmodem.dll
10/08/2004 13:00 62,464 rdpclip.exe
10/08/2004 13:00 62,976 pautoenr.dll
10/08/2004 13:00 62,976 dsauth.dll
10/08/2004 13:00 62,976 rsopprov.exe
10/08/2004 13:00 63,488 cmstp.exe
10/08/2004 13:00 63,488 browselc.dll
10/08/2004 13:00 63,488 cryptnet.dll
10/08/2004 13:00 63,488 wmimgmt.msc
10/08/2004 13:00 64,000 samlib.dll
10/08/2004 13:00 64,000 avicap32.dll
10/08/2004 13:00 64,000 cleanmgr.exe
10/08/2004 13:00 64,512 acctres.dll
10/08/2004 13:00 65,024 asycfilt.dll
10/08/2004 13:00 65,024 msaudite.dll
10/08/2004 13:00 65,489 wbcache.enu
10/08/2004 13:00 65,489 wbcache.fra
10/08/2004 13:00 65,489 wbcache.deu
10/08/2004 13:00 65,489 wbcache.nld
10/08/2004 13:00 65,489 wbcache.ita
10/08/2004 13:00 65,489 wbcache.esn
10/08/2004 13:00 65,489 wbcache.sve
10/08/2004 13:00 65,536 wextract.exe
10/08/2004 13:00 65,536 icwphbk.dll
10/08/2004 13:00 65,536 shimeng.dll
10/08/2004 13:00 65,536 odbccr32.dll
10/08/2004 13:00 65,536 wshext.dll
10/08/2004 13:00 65,536 odbccu32.dll
10/08/2004 13:00 65,536 jgsh400.dll
10/08/2004 13:00 66,082 c_1254.nls
10/08/2004 13:00 66,082 c_10006.nls
10/08/2004 13:00 66,082 c_1255.nls
10/08/2004 13:00 66,082 c_10029.nls
10/08/2004 13:00 66,082 c_1256.nls
10/08/2004 13:00 66,082 c_20905.nls
10/08/2004 13:00 66,082 c_10079.nls
10/08/2004 13:00 66,082 c_28593.nls
10/08/2004 13:00 66,082 C_28594.NLS
10/08/2004 13:00 66,082 c_20127.nls
10/08/2004 13:00 66,082 c_10017.nls
10/08/2004 13:00 66,082 c_21866.nls
10/08/2004 13:00 66,082 C_28595.NLS
10/08/2004 13:00 66,082 c_875.nls
10/08/2004 13:00 66,082 C_28597.NLS
10/08/2004 13:00 66,082 c_28605.nls
10/08/2004 13:00 66,082 c_10007.nls
10/08/2004 13:00 66,082 c_28598.nls
10/08/2004 13:00 66,082 c_1253.nls
10/08/2004 13:00 66,082 c_10010.nls
10/08/2004 13:00 66,082 c_500.nls
10/08/2004 13:00 66,082 c_28599.nls
10/08/2004 13:00 66,082 c_1250.nls
10/08/2004 13:00 66,082 c_20866.nls
10/08/2004 13:00 66,082 c_037.nls
10/08/2004 13:00 66,082 c_1026.nls
10/08/2004 13:00 66,082 c_1252.nls
10/08/2004 13:00 66,082 c_28603.nls
10/08/2004 13:00 66,082 c_28592.nls
10/08/2004 13:00 66,082 c_1251.nls
10/08/2004 13:00 66,082 c_28591.nls
10/08/2004 13:00 66,082 c_1257.nls
10/08/2004 13:00 66,082 c_10000.nls
10/08/2004 13:00 66,082 c_10082.nls
10/08/2004 13:00 66,082 c_1258.nls
10/08/2004 13:00 66,082 c_10081.nls
10/08/2004 13:00 66,560 ipxsap.dll
10/08/2004 13:00 66,560 console.dll
10/08/2004 13:00 66,594 c_857.nls
10/08/2004 13:00 66,594 c_855.nls
10/08/2004 13:00 66,594 c_874.nls
10/08/2004 13:00 66,594 c_861.nls
10/08/2004 13:00 66,594 c_863.nls
10/08/2004 13:00 66,594 c_437.nls
10/08/2004 13:00 66,594 c_852.nls
10/08/2004 13:00 66,594 c_869.nls
10/08/2004 13:00 66,594 c_865.nls
10/08/2004 13:00 66,594 c_850.nls
10/08/2004 13:00 66,594 c_866.nls
10/08/2004 13:00 66,594 c_775.nls
10/08/2004 13:00 66,594 c_737.nls
10/08/2004 13:00 66,594 c_860.nls
10/08/2004 13:00 67,072 ntdsapi.dll
10/08/2004 13:00 67,072 rdshost.exe
10/08/2004 13:00 67,584 sti.dll
10/08/2004 13:00 67,584 srclient.dll
10/08/2004 13:00 67,584 osuninst.dll
10/08/2004 13:00 67,584 openfiles.exe
10/08/2004 13:00 68,096 systeminfo.exe
10/08/2004 13:00 68,096 shgina.dll
10/08/2004 13:00 68,096 adsmsext.dll
10/08/2004 13:00 68,608 joy.cpl
10/08/2004 13:00 68,608 digest.dll
10/08/2004 13:00 68,608 access.cpl
10/08/2004 13:00 68,768 mmsystem.dll
10/08/2004 13:00 69,120 olethk32.dll
10/08/2004 13:00 69,120 mprddm.dll
10/08/2004 13:00 69,120 notepad.exe
10/08/2004 13:00 69,120 MSCTFP.dll
10/08/2004 13:00 69,120 ipxpromn.dll
10/08/2004 13:00 69,584 avicap.dll
10/08/2004 13:00 69,632 msr2c.dll
10/08/2004 13:00 69,632 msscds32.ax
10/08/2004 13:00 69,632 raschap.dll
10/08/2004 13:00 69,632 scarddlg.dll
10/08/2004 13:00 69,632 spnike.dll
10/08/2004 13:00 69,632 msconf.dll
10/08/2004 13:00 69,632 odbcconf.exe
10/08/2004 13:00 69,699 usrcoina.dll
10/08/2004 13:00 69,700 usrshuta.exe
10/08/2004 13:00 69,886 edit.com
10/08/2004 13:00 70,144 sigverif.exe
10/08/2004 13:00 70,656 mmcbase.dll
10/08/2004 13:00 70,656 sprio600.dll
10/08/2004 13:00 70,656 amstream.dll
10/08/2004 13:00 70,656 ifsutil.dll
10/08/2004 13:00 71,680 ssdpsrv.dll
10/08/2004 13:00 71,680 dsdmoprp.dll
10/08/2004 13:00 71,680 blastcln.exe
10/08/2004 13:00 71,680 msacm32.dll
10/08/2004 13:00 71,859 cliconf.chm
10/08/2004 13:00 72,192 taskkill.exe
10/08/2004 13:00 72,192 sprio800.dll
10/08/2004 13:00 72,192 tasklist.exe
10/08/2004 13:00 72,704 msw3prt.dll
10/08/2004 13:00 73,216 avwav.dll
10/08/2004 13:00 73,216 tlntsvr.exe
10/08/2004 13:00 73,376 mciavi.drv
10/08/2004 13:00 73,728 icwdial.dll
10/08/2004 13:00 73,728 csseqchk.dll
10/08/2004 13:00 73,728 fdeploy.dll
10/08/2004 13:00 73,802 msrclr40.dll
10/08/2004 13:00 74,240 dhcpsapi.dll
10/08/2004 13:00 74,240 unimdmat.dll
10/08/2004 13:00 74,752 cryptdlg.dll
10/08/2004 13:00 74,752 spoolss.dll
10/08/2004 13:00 75,264 locator.exe
10/08/2004 13:00 75,264 inetpp.dll
10/08/2004 13:00 75,776 wiascr.dll
10/08/2004 13:00 75,776 strmfilt.dll
10/08/2004 13:00 76,800 nslookup.exe
10/08/2004 13:00 76,800 gcdef.dll
10/08/2004 13:00 77,312 sdbinst.exe
10/08/2004 13:00 77,312 browser.dll
10/08/2004 13:00 77,312 rtcshare.exe
10/08/2004 13:00 77,824 cliconfg.dll
10/08/2004 13:00 77,824 eventtriggers.exe
10/08/2004 13:00 77,824 shrpubw.exe
10/08/2004 13:00 77,883 usrrtosa.dll
10/08/2004 13:00 77,890 usrdpa.dll
10/08/2004 13:00 77,891 usrmlnka.exe
10/08/2004 13:00 78,336 tlntsess.exe
10/08/2004 13:00 78,336 browsewm.dll
10/08/2004 13:00 78,848 tapiui.dll
10/08/2004 13:00 80,384 autodisc.dll
10/08/2004 13:00 80,384 firewall.cpl
10/08/2004 13:00 80,384 iccvid.dll
10/08/2004 13:00 80,384 faultrep.dll
10/08/2004 13:00 80,384 charmap.exe
10/08/2004 13:00 80,896 netui0.dll
10/08/2004 13:00 81,408 wscsvc.dll
10/08/2004 13:00 81,408 mqoa.tlb
10/08/2004 13:00 81,408 fsusd.dll
10/08/2004 13:00 81,920 isign32.dll
10/08/2004 13:00 81,920 ils.dll
10/08/2004 13:00 81,920 proctexe.ocx
10/08/2004 13:00 81,920 wmpshell.dll
10/08/2004 13:00 82,432 dmscript.dll
10/08/2004 13:00 82,432 dfrgfat.exe
10/08/2004 13:00 82,432 ufat.dll
10/08/2004 13:00 82,944 ws2_32.dll
10/08/2004 13:00 82,944 olecli.dll
10/08/2004 13:00 83,456 dpvsetup.exe
10/08/2004 13:00 83,456 olepro32.dll
10/08/2004 13:00 83,456 l3codecx.ax
10/08/2004 13:00 83,968 ipxmontr.dll
10/08/2004 13:00 84,480 mciavi32.dll
10/08/2004 13:00 84,480 cabview.dll
10/08/2004 13:00 84,992 avifil32.dll
10/08/2004 13:00 85,020 dgsetup.dll
10/08/2004 13:00 85,504 diantz.exe
10/08/2004 13:00 85,504 catsrvps.dll
10/08/2004 13:00 85,504 makecab.exe
10/08/2004 13:00 86,016 msapsspc.dll
10/08/2004 13:00 86,016 sl_anet.acm
10/08/2004 13:00 86,016 netsh.exe
10/08/2004 13:00 86,073 usrfaxa.dll
10/08/2004 13:00 86,528 iassam.dll
10/08/2004 13:00 87,040 mprapi.dll
10/08/2004 13:00 87,176 rdpwsx.dll
10/08/2004 13:00 87,552 fldrclnr.dll
10/08/2004 13:00 89,088 mqlogmgr.dll
10/08/2004 13:00 89,088 rasauto.dll
10/08/2004 13:00 89,588 unicode.nls
10/08/2004 13:00 89,600 langwrbk.dll
10/08/2004 13:00 89,600 smlogsvc.exe
10/08/2004 13:00 90,112 rsvpsp.dll
10/08/2004 13:00 90,112 sqlsrv32.rll
10/08/2004 13:00 90,112 mycomput.dll
10/08/2004 13:00 90,624 mydocs.dll
10/08/2004 13:00 90,624 trkwks.dll
10/08/2004 13:00 91,136 ntprint.dll
10/08/2004 13:00 91,648 xactsrv.dll
10/08/2004 13:00 92,168 rdpdd.dll
10/08/2004 13:00 92,224 krnl386.exe
10/08/2004 13:00 92,672 wlnotify.dll
10/08/2004 13:00 92,672 dskquota.dll
10/08/2004 13:00 93,696 tscfgwmi.dll
10/08/2004 13:00 93,702 subrange.uce
10/08/2004 13:00 94,208 odbcint.dll
10/08/2004 13:00 94,208 timedate.cpl
10/08/2004 13:00 94,282 msencode.dll
10/08/2004 13:00 95,744 mqsec.dll
10/08/2004 13:00 95,744 scardsvr.exe
10/08/2004 13:00 96,768 psbase.dll
10/08/2004 13:00 96,768 dpcdll.dll
10/08/2004 13:00 97,280 loadperf.dll
10/08/2004 13:00 97,965 eventquery.vbs
10/08/2004 13:00 98,304 rtm.dll
10/08/2004 13:00 98,304 slbiop.dll
10/08/2004 13:00 98,304 wshom.ocx
10/08/2004 13:00 98,304 ahui.exe
10/08/2004 13:00 98,304 verifier.exe
10/08/2004 13:00 98,304 cscript.exe
10/08/2004 13:00 99,328 winscard.dll
10/08/2004 13:00 99,840 mprmsg.dll
10/08/2004 13:00 101,888 cscdll.dll
10/08/2004 13:00 101,888 gpkcsp.dll
10/08/2004 13:00 101,888 actxprxy.dll
10/08/2004 13:00 101,888 win32spl.dll
10/08/2004 13:00 102,400 rcbdyctl.dll
10/08/2004 13:00 102,400 msscript.ocx
10/08/2004 13:00 102,446 net.hlp
10/08/2004 13:00 102,457 usrv42a.dll
10/08/2004 13:00 102,912 apcups.dll
10/08/2004 13:00 102,912 clipbrd.exe
10/08/2004 13:00 102,912 msaatext.dll
10/08/2004 13:00 103,424 dmsynth.dll
10/08/2004 13:00 103,424 EqnClass.Dll
10/08/2004 13:00 103,936 nlhtml.dll
10/08/2004 13:00 104,448 dmusic.dll
10/08/2004 13:00 104,960 dfrgntfs.exe
10/08/2004 13:00 105,472 polstore.dll
10/08/2004 13:00 105,984 msoert2.dll
10/08/2004 13:00 105,984 sysocmgr.exe
10/08/2004 13:00 105,984 dmstyle.dll
10/08/2004 13:00 106,496 odbccp32.dll
10/08/2004 13:00 107,008 oleprn.dll
10/08/2004 13:00 107,520 rsnotify.exe
10/08/2004 13:00 107,520 rend.dll
10/08/2004 13:00 108,032 wshbth.dll
10/08/2004 13:00 108,032 services.exe
10/08/2004 13:00 108,464 netapi.dll
10/08/2004 13:00 109,456 avifile.dll
10/08/2004 13:00 109,568 adsnw.dll
10/08/2004 13:00 109,568 progman.exe
10/08/2004 13:00 109,568 cic.dll
10/08/2004 13:00 110,080 imm32.dll
10/08/2004 13:00 110,592 inetcplc.dll
10/08/2004 13:00 110,592 dbnetlib.dll
10/08/2004 13:00 110,592 bthprops.cpl
10/08/2004 13:00 111,104 dgnet.dll
10/08/2004 13:00 111,104 wiavideo.dll
10/08/2004 13:00 111,104 activeds.tlb
10/08/2004 13:00 111,104 netdde.exe
10/08/2004 13:00 112,128 mapistub.dll
10/08/2004 13:00 112,128 rastls.dll
10/08/2004 13:00 112,128 mapi32.dll
10/08/2004 13:00 113,152 dsuiext.dll
10/08/2004 13:00 114,688 calc.exe
10/08/2004 13:00 114,688 aclui.dll
10/08/2004 13:00 114,688 asctrls.ocx
10/08/2004 13:00 114,688 powercfg.cpl
10/08/2004 13:00 114,688 wscript.exe
10/08/2004 13:00 114,688 iexpress.exe
10/08/2004 13:00 115,200 wmsdmoe.dll
10/08/2004 13:00 115,712 mstlsapi.dll
10/08/2004 13:00 116,736 dpvvox.dll
10/08/2004 13:00 117,248 mqtgsvc.exe
10/08/2004 13:00 117,760 fde.dll
10/08/2004 13:00 118,272 mdminst.dll
10/08/2004 13:00 118,784 ntmarta.dll
10/08/2004 13:00 118,784 dmdskres.dll
10/08/2004 13:00 118,784 msdadiag.dll
10/08/2004 13:00 118,784 msg723.acm
10/08/2004 13:00 118,784 scardssp.dll
10/08/2004 13:00 119,808 winmine.exe
10/08/2004 13:00 119,808 iasrad.dll
10/08/2004 13:00 119,808 gpresult.exe
10/08/2004 13:00 119,808 mmutilse.dll
10/08/2004 13:00 120,320 ir41_qc.dll
10/08/2004 13:00 120,832 idq.dll
10/08/2004 13:00 120,832 offfilt.dll
10/08/2004 13:00 120,832 msvfw32.dll
10/08/2004 13:00 121,856 stobject.dll
10/08/2004 13:00 121,856 exts.dll
10/08/2004 13:00 121,856 schtasks.exe
10/08/2004 13:00 122,880 glu32.dll
10/08/2004 13:00 123,392 mqrtdep.dll
10/08/2004 13:00 123,392 mplay32.exe
10/08/2004 13:00 123,392 input.dll
10/08/2004 13:00 123,904 dfrgui.dll
10/08/2004 13:00 124,416 wiadss.dll
10/08/2004 13:00 124,928 net1.exe
10/08/2004 13:00 126,464 nwscript.exe
10/08/2004 13:00 126,912 msvideo.dll
10/08/2004 13:00 126,976 mshearts.exe
10/08/2004 13:00 126,976 apphelp.dll
10/08/2004 13:00 127,213 ega.cpi
10/08/2004 13:00 129,536 intl.cpl
10/08/2004 13:00 129,536 acledit.dll
10/08/2004 13:00 129,536 msv1_0.dll
10/08/2004 13:00 129,536 xmlprov.dll
10/08/2004 13:00 130,048 sdpblb.dll
10/08/2004 13:00 131,072 wmpasf.dll
10/08/2004 13:00 131,584 sndrec32.exe
10/08/2004 13:00 132,608 rsvp.exe
10/08/2004 13:00 132,608 upnp.dll
10/08/2004 13:00 134,400 hal.dll
10/08/2004 13:00 134,656 mssap.dll
10/08/2004 13:00 135,168 odbcconf.dll
10/08/2004 13:00 135,168 desk.cpl
10/08/2004 13:00 135,680 ifmon.dll
10/08/2004 13:00 135,680 webvw.dll
10/08/2004 13:00 135,680 taskmgr.exe
10/08/2004 13:00 136,704 sti_ci.dll
10/08/2004 13:00 136,704 bootcfg.exe
10/08/2004 13:00 137,216 dssenh.dll
10/08/2004 13:00 138,240 mqad.dll
10/08/2004 13:00 138,752 sndvol32.exe
10/08/2004 13:00 138,752 swprv.dll
10/08/2004 13:00 139,264 netid.dll
10/08/2004 13:00 139,810 c_20261.nls
10/08/2004 13:00 140,288 sfc_os.dll
10/08/2004 13:00 140,800 sessmgr.exe
10/08/2004 13:00 141,312 iasrecst.dll
10/08/2004 13:00 142,336 dsprop.dll
10/08/2004 13:00 142,848 capesnpn.dll
10/08/2004 13:00 143,360 mobsync.exe
10/08/2004 13:00 143,360 adsldpc.dll
10/08/2004 13:00 143,360 rasmontr.dll
10/08/2004 13:00 143,360 msorcl32.dll
10/08/2004 13:00 143,872 ntshrui.dll
10/08/2004 13:00 144,384 imagehlp.dll
10/08/2004 13:00 144,384 dskquoui.dll
10/08/2004 13:00 144,896 hotplug.dll
10/08/2004 13:00 145,408 wiavusd.dll
10/08/2004 13:00 146,432 winspool.drv
10/08/2004 13:00 147,456 comsnap.dll
10/08/2004 13:00 147,456 odbctrac.dll
10/08/2004 13:00 147,456 initpki.dll
10/08/2004 13:00 147,968 mdwmdmsp.dll
10/08/2004 13:00 147,968 rdchost.dll
10/08/2004 13:00 148,480 wscui.cpl
10/08/2004 13:00 149,019 crtdll.dll
10/08/2004 13:00 149,848 noise.deu
10/08/2004 13:00 150,016 imapi.exe
10/08/2004 13:00 150,528 keymgr.dll
10/08/2004 13:00 151,552 msdart.dll
10/08/2004 13:00 151,552 scrrun.dll
10/08/2004 13:00 151,552 shmedia.dll
10/08/2004 13:00 151,583 msjint40.dll
10/08/2004 13:00 152,064 datime.dll
10/08/2004 13:00 152,576 rsaenh.dll
10/08/2004 13:00 153,008 ole2nls.dll
10/08/2004 13:00 153,088 daxctle.ocx
10/08/2004 13:00 153,600 modemui.dll
10/08/2004 13:00 154,112 ipmontr.dll
10/08/2004 13:00 154,624 ivfsrc.ax
10/08/2004 13:00 155,136 hdwwiz.cpl
10/08/2004 13:00 157,696 paqsp.dll
10/08/2004 13:00 159,232 MSIMTF.dll
10/08/2004 13:00 159,232 dinput.dll
10/08/2004 13:00 159,232 sbeio.dll
10/08/2004 13:00 159,744 scrobj.dll
10/08/2004 13:00 161,792 adsnds.dll
10/08/2004 13:00 162,850 c_932.nls
10/08/2004 13:00 163,328 oleacc.dll
10/08/2004 13:00 163,328 ciadmin.dll
10/08/2004 13:00 163,840 credui.dll
10/08/2004 13:00 163,840 diskpart.exe
10/08/2004 13:00 165,888 wuauclt1.exe
10/08/2004 13:00 167,219 pagefileconfig.vbs
10/08/2004 13:00 167,936 appmgmts.dll
10/08/2004 13:00 169,520 ole2disp.dll
10/08/2004 13:00 169,984 sccbase.dll
10/08/2004 13:00 169,984 iprtrmgr.dll
10/08/2004 13:00 170,496 srsvc.dll
10/08/2004 13:00 171,008 netmsg.dll
10/08/2004 13:00 171,008 sccsccp.dll
10/08/2004 13:00 172,032 wldap32.dll
10/08/2004 13:00 174,080 wmpsrcwp.dll
10/08/2004 13:00 174,200 xenroll.dll
10/08/2004 13:00 174,592 w32time.dll
10/08/2004 13:00 175,616 adsldp.dll
10/08/2004 13:00 176,128 ftsrch.dll
10/08/2004 13:00 176,128 photowiz.dll
10/08/2004 13:00 176,128 winmm.dll
10/08/2004 13:00 176,157 dgrpsetu.dll
10/08/2004 13:00 176,640 wintrust.dll
10/08/2004 13:00 177,152 mqrt.dll
10/08/2004 13:00 177,152 MSCTFIME.IME
10/08/2004 13:00 177,856 typelib.dll
10/08/2004 13:00 179,712 ntmsdba.dll
10/08/2004 13:00 180,224 scecli.dll
10/08/2004 13:00 180,224 dwwin.exe
10/08/2004 13:00 180,800 sqlunirl.dll
10/08/2004 13:00 181,248 dmime.dll
10/08/2004 13:00 181,760 dinput8.dll
10/08/2004 13:00 181,760 tapi32.dll
10/08/2004 13:00 181,760 dsdmo.dll
10/08/2004 13:00 182,272 snmpsnap.dll
10/08/2004 13:00 182,784 ipsecsvc.dll
10/08/2004 13:00 183,296 els.dll
10/08/2004 13:00 183,296 wuaueng1.dll
10/08/2004 13:00 183,808 ir50_qcx.dll
10/08/2004 13:00 183,808 accwiz.exe
10/08/2004 13:00 185,344 cmprops.dll
10/08/2004 13:00 186,880 mqtrig.dll
10/08/2004 13:00 187,392 xpsp1res.dll
10/08/2004 13:00 187,904 main.cpl
10/08/2004 13:00 188,416 msh261.drv
10/08/2004 13:00 189,440 wmerror.dll
10/08/2004 13:00 190,976 schedsvc.dll
10/08/2004 13:00 191,488 syncui.dll
10/08/2004 13:00 192,000 iuengine.dll
10/08/2004 13:00 192,512 qcap.dll
10/08/2004 13:00 193,024 fsquirt.exe
10/08/2004 13:00 193,024 eudcedit.exe
10/08/2004 13:00 194,048 activeds.dll
10/08/2004 13:00 194,560 certcli.dll
10/08/2004 13:00 195,072 msutb.dll
10/08/2004 13:00 196,642 c_949.nls
10/08/2004 13:00 196,642 c_936.nls
10/08/2004 13:00 196,642 c_950.nls
10/08/2004 13:00 198,656 gptext.dll
10/08/2004 13:00 199,168 ir32_32.dll
10/08/2004 13:00 199,680 iac25_32.ax
10/08/2004 13:00 200,192 ir50_qc.dll
10/08/2004 13:00 200,704 dmdskmgr.dll
10/08/2004 13:00 204,288 mswebdvd.dll
10/08/2004 13:00 206,336 rasppp.dll
10/08/2004 13:00 206,848 unimdm.tsp
10/08/2004 13:00 207,360 mobsync.dll
10/08/2004 13:00 208,896 wavemsp.dll
10/08/2004 13:00 212,480 dpvoice.dll
10/08/2004 13:00 213,023 msltus40.dll
10/08/2004 13:00 214,016 netevent.dll
10/08/2004 13:00 216,064 moricons.dll
10/08/2004 13:00 218,003 dssec.dat
10/08/2004 13:00 218,624 uxtheme.dll
10/08/2004 13:00 218,624 sysmon.ocx
10/08/2004 13:00 220,672 logon.scr
10/08/2004 13:00 221,184 msadds32.ax
10/08/2004 13:00 221,600 lanman.drv
10/08/2004 13:00 221,696 localsec.dll
10/08/2004 13:00 224,768 dmadmin.exe
10/08/2004 13:00 225,280 mqoa.dll
10/08/2004 13:00 227,840 avtapi.dll
10/08/2004 13:00 229,376 compstui.dll
10/08/2004 13:00 229,888 dplayx.dll
10/08/2004 13:00 236,544 rasapi32.dll
10/08/2004 13:00 239,104 dsquery.dll
10/08/2004 13:00 239,104 srrstr.dll
10/08/2004 13:00 239,616 upnpui.dll
10/08/2004 13:00 240,120 setup.bmp
10/08/2004 13:00 240,640 mpg4dmod.dll
10/08/2004 13:00 241,693 msjtes40.dll
10/08/2004 13:00 245,248 mswsock.dll
10/08/2004 13:00 245,760 netui1.dll
10/08/2004 13:00 247,808 iassdo.dll
10/08/2004 13:00 248,832 newdev.dll
10/08/2004 13:00 248,832 msieftp.dll
10/08/2004 13:00 249,270 locale.nls
10/08/2004 13:00 249,856 odbc32.dll
10/08/2004 13:00 252,928 compatUI.dll
10/08/2004 13:00 252,928 msoeacct.dll
10/08/2004 13:00 253,952 msvcrt20.dll
10/08/2004 13:00 253,952 neth.dll
10/08/2004 13:00 257,024 nusrmgr.cpl
10/08/2004 13:00 258,048 wmvds32.ax
10/08/2004 13:00 258,077 mstext40.dll
10/08/2004 13:00 259,584 tracerpt.exe
10/08/2004 13:00 262,144 mpg4ds32.ax
10/08/2004 13:00 262,148 sortkey.nls
10/08/2004 13:00 263,680 adsnt.dll
10/08/2004 13:00 264,192 wow32.dll
10/08/2004 13:00 265,728 h323.tsp
10/08/2004 13:00 266,240 ddraw.dll
10/08/2004 13:00 266,752 oakley.dll
10/08/2004 13:00 272,128 perfi009.dat
10/08/2004 13:00 273,920 dmdlgs.dll
10/08/2004 13:00 274,432 inetcfg.dll
10/08/2004 13:00 274,944 mstask.dll
10/08/2004 13:00 275,456 ulib.dll
10/08/2004 13:00 276,992 comdlg32.dll
10/08/2004 13:00 278,528 wmpdxm.dll
10/08/2004 13:00 278,559 wmv8ds32.ax
10/08/2004 13:00 278,559 odbcjt32.dll
10/08/2004 13:00 279,040 qdv.dll
10/08/2004 13:00 282,624 devmgr.dll
10/08/2004 13:00 283,648 pdh.dll
10/08/2004 13:00 285,184 glmf32.dll
10/08/2004 13:00 285,696 objsel.dll
10/08/2004 13:00 285,696 atmfd.dll
10/08/2004 13:00 289,792 vssvc.exe
10/08/2004 13:00 290,816 msnsspc.dll
10/08/2004 13:00 290,816 l3codeca.acm
10/08/2004 13:00 294,400 MSCTF.dll
10/08/2004 13:00 294,912 msh263.drv
10/08/2004 13:00 294,912 msaud32.acm
10/08/2004 13:00 295,936 appmgr.dll
10/08/2004 13:00 298,496 sysdm.cpl
10/08/2004 13:00 303,616 wmstream.dll
10/08/2004 13:00 304,128 duser.dll
10/08/2004 13:00 306,176 slbcsp.dll
10/08/2004 13:00 308,224 netui2.dll
10/08/2004 13:00 310,272 mp43dmod.dll
10/08/2004 13:00 313,856 scesrv.dll
10/08/2004 13:00 315,423 msrd3x40.dll
10/08/2004 13:00 316,416 untfs.dll
10/08/2004 13:00 319,517 msexcl40.dll
10/08/2004 13:00 323,641 usrdtea.dll
10/08/2004 13:00 326,656 cscui.dll
10/08/2004 13:00 329,728 netsetup.exe
10/08/2004 13:00 330,752 ippromon.dll
10/08/2004 13:00 330,752 dmconfig.dll
10/08/2004 13:00 330,752 hnetwiz.dll
10/08/2004 13:00 331,264 ipnathlp.dll
10/08/2004 13:00 337,920 zipfldr.dll
10/08/2004 13:00 337,920 filemgmt.dll
10/08/2004 13:00 338,432 ir41_qcx.dll
10/08/2004 13:00 341,504 localspl.dll
10/08/2004 13:00 343,040 msvcrt.dll
10/08/2004 13:00 343,040 cmdial32.dll
10/08/2004 13:00 343,040 mspaint.exe
10/08/2004 13:00 344,064 hnetcfg.dll
10/08/2004 13:00 345,600 confmsp.dll
10/08/2004 13:00 347,136 tourstart.exe
10/08/2004 13:00 348,189 msxbde40.dll
10/08/2004 13:00 348,189 mspbde40.dll
10/08/2004 13:00 349,696 ipsecsnp.dll
10/08/2004 13:00 350,208 d3drm.dll
10/08/2004 13:00 351,232 winhttp.dll
10/08/2004 13:00 358,400 termmgr.dll
10/08/2004 13:00 358,976 msjetoledb40.dll
10/08/2004 13:00 359,936 cards.dll
10/08/2004 13:00 360,448 l3codecp.acm
10/08/2004 13:00 362,496 jet500.dll
10/08/2004 13:00 363,008 smlogcfg.dll
10/08/2004 13:00 367,616 dsound.dll
10/08/2004 13:00 370,176 dhcpmon.dll
10/08/2004 13:00 375,296 dpnet.dll
10/08/2004 13:00 380,416 irprops.cpl
10/08/2004 13:00 380,957 expsrv.dll
10/08/2004 13:00 382,464 qmgr.dll
10/08/2004 13:00 382,976 fontext.dll
10/08/2004 13:00 384,000 ipsmsnap.dll
10/08/2004 13:00 384,512 mp4sdmod.dll
10/08/2004 13:00 385,536 themeui.dll
10/08/2004 13:00 388,608 cmd.exe
10/08/2004 13:00 393,216 ssflwbox.scr
10/08/2004 13:00 394,240 diactfrm.dll
10/08/2004 13:00 397,824 regwizc.dll
10/08/2004 13:00 399,872 lmrt.dll
10/08/2004 13:00 406,528 usp10.dll
10/08/2004 13:00 407,040 netlogon.dll
10/08/2004 13:00 413,696 msvcp60.dll
10/08/2004 13:00 414,208 setupdll.dll
10/08/2004 13:00 415,744 samsrv.dll
10/08/2004 13:00 419,840 ntvdm.exe
10/08/2004 13:00 421,919 msrd2x40.dll
10/08/2004 13:00 423,936 licdll.dll
10/08/2004 13:00 430,592 vssapi.dll
10/08/2004 13:00 433,664 wiaacmgr.exe
10/08/2004 13:00 435,200 ntmssvc.dll
10/08/2004 13:00 435,712 shellstyle.dll
10/08/2004 13:00 436,224 d3dim.dll
10/08/2004 13:00 438,272 shimgvw.dll
10/08/2004 13:00 438,784 xpob2res.dll
10/08/2004 13:00 442,368 sqlsrv32.dll
10/08/2004 13:00 450,560 infosoft.dll
10/08/2004 13:00 457,728 certmgr.dll
10/08/2004 13:00 463,360 wiadefui.dll
10/08/2004 13:00 471,552 mqutil.dll
10/08/2004 13:00 480,768 audiodev.dll
10/08/2004 13:00 488,448 ntmsmgr.dll
10/08/2004 13:00 502,272 winlogon.exe
10/08/2004 13:00 506,368 msxml.dll
10/08/2004 13:00 512,029 msexch40.dll
10/08/2004 13:00 512,512 cryptui.dll
10/08/2004 13:00 514,560 logonui.exe
10/08/2004 13:00 517,632 mqsnap.dll
10/08/2004 13:00 538,624 spider.exe
10/08/2004 13:00 549,376 shdoclc.dll
10/08/2004 13:00 549,888 appwiz.cpl
10/08/2004 13:00 552,989 msrepl40.dll
10/08/2004 13:00 560,640 printui.dll
10/08/2004 13:00 562,176 qedit.dll
10/08/2004 13:00 565,760 msvcp50.dll
10/08/2004 13:00 566,784 gpedit.dll
10/08/2004 13:00 580,608 autofmt.exe
10/08/2004 13:00 586,240 mlang.dll
10/08/2004 13:00 588,800 autochk.exe
10/08/2004 13:00 589,312 wiashext.dll
10/08/2004 13:00 590,336 d3dramp.dll
10/08/2004 13:00 596,992 wsecedit.dll
10/08/2004 13:00 597,504 crypt32.dll
10/08/2004 13:00 602,624 autoconv.exe
10/08/2004 13:00 605,696 getuname.dll
10/08/2004 13:00 610,304 sspipes.scr
10/08/2004 13:00 614,429 mswstr10.dll
10/08/2004 13:00 614,912 h323msp.dll
10/08/2004 13:00 616,960 advapi32.dll
10/08/2004 13:00 618,496 mmsys.cpl
10/08/2004 13:00 619,008 dx7vb.dll
10/08/2004 13:00 622,080 netcfgx.dll
10/08/2004 13:00 640,000 dbghelp.dll
10/08/2004 13:00 657,920 rasdlg.dll
10/08/2004 13:00 660,992 mqqm.dll
10/08/2004 13:00 673,088 mlang.dat
10/08/2004 13:00 679,936 sstext3d.scr
10/08/2004 13:00 701,440 msxml2.dll
10/08/2004 13:00 704,512 ss3dfo.scr
10/08/2004 13:00 708,096 ntdll.dll
10/08/2004 13:00 713,728 opengl32.dll
10/08/2004 13:00 723,456 userenv.dll
10/08/2004 13:00 733,696 qedwipes.dll
10/08/2004 13:00 750,080 wbdbase.esn
10/08/2004 13:00 755,200 ir50_32.dll
10/08/2004 13:00 764,928 winntbbu.dll
10/08/2004 13:00 786,944 wbdbase.fra
10/08/2004 13:00 792,064 comres.dll
10/08/2004 13:00 815,104 mmc.exe
10/08/2004 13:00 825,344 d3dim700.dll
10/08/2004 13:00 831,519 mswdat10.dll
10/08/2004 13:00 844,314 msdxm.ocx
10/08/2004 13:00 847,872 dbgeng.dll
10/08/2004 13:00 848,384 ir41_32.ax
10/08/2004 13:00 858,624 tapi3.dll
10/08/2004 13:00 867,840 wbdbase.ita
10/08/2004 13:00 875,008 netplwiz.dll
10/08/2004 13:00 924,432 mfc40.dll
10/08/2004 13:00 937,984 wbdbase.sve
10/08/2004 13:00 937,984 winbrand.dll
10/08/2004 13:00 956,990 instcat.sql
10/08/2004 13:00 957,440 wbdbase.enu
10/08/2004 13:00 983,552 setupapi.dll
10/08/2004 13:00 984,576 syssetup.dll
10/08/2004 13:00 994,304 msgina.dll
10/08/2004 13:00 1,015,477 esentprf.ini
10/08/2004 13:00 1,028,096 mfc42.dll
10/08/2004 13:00 1,095,680 wbdbase.nld
10/08/2004 13:00 1,114,896 esent97.dll
10/08/2004 13:00 1,179,648 d3d8.dll
10/08/2004 13:00 1,192,960 mmcndmgr.dll
10/08/2004 13:00 1,200,128 ntbackup.exe
10/08/2004 13:00 1,227,264 dx8vb.dll
10/08/2004 13:00 1,294,336 dsound3d.dll
10/08/2004 13:00 1,298,432 dxdiag.exe
10/08/2004 13:00 1,309,184 wbdbase.deu
10/08/2004 13:00 1,326,080 webfldrs.msi
10/08/2004 13:00 1,355,776 msvbvm50.dll
10/08/2004 13:00 1,392,671 msvbvm60.dll
10/08/2004 13:00 1,501,696 diskcopy.dll
10/08/2004 13:00 1,507,356 msjet40.dll
10/08/2004 13:00 1,580,544 sfcfiles.dll
10/08/2004 13:00 1,582,080 wmpencen.dll
10/08/2004 13:00 1,689,088 d3d9.dll
10/08/2004 13:00 2,113,536 dxdiagn.dll
10/08/2004 13:00 2,897,920 xpsp2res.dll
10/08/2004 13:00 13,107,200 oembios.bin
10/08/2004 04:11 8,704 igdetect.dll
10/08/2004 04:11 85,504 mhn.dll
10/08/2004 03:43 4,396,544 wpgldfsh.scr
10/08/2004 03:43 1,742,336 mypixdx.scr
10/08/2004 03:43 3,343,360 nature.scr
10/08/2004 03:43 7,093,760 space.scr
10/08/2004 03:43 5,068,800 davinci.scr
04/08/2004 01:56 74,240 usbui.dll
04/08/2004 01:56 74,752 storprop.dll
04/08/2004 00:56 23,552 wdmaud.drv
04/08/2004 00:56 130,048 ksproxy.ax
04/08/2004 00:56 4,096 ksuser.dll
26/07/2004 17:16 262,144 imagXR7.dll
26/07/2004 17:16 471,040 imagXRA7.dll
26/07/2004 17:16 476,320 imagXpr7.dll
26/07/2004 17:16 1,568,768 imagX7.dll
09/07/2004 09:43 364,544 TwnLib4.dll
22/04/2004 02:07 11,452 mypixdx.chm
03/03/2004 06:10 1,104 EPPICPresetData_EN.dat
03/03/2004 06:10 1,107 EPPICPresetData_GE.dat
03/03/2004 06:10 1,120 EPPICPresetData_IT.dat
03/03/2004 06:10 1,129 EPPICPresetData_CF.dat
03/03/2004 06:10 1,129 EPPICPresetData_FR.dat
03/03/2004 06:10 1,136 EPPICPresetData_ES.dat
03/03/2004 06:10 1,139 EPPICPresetData_BP.dat
03/03/2004 06:10 1,139 EPPICPresetData_PT.dat
03/03/2004 06:10 1,146 EPPICPresetData_DU.dat
03/03/2004 06:10 2,426 EPPICLocal_TC.cfg
03/03/2004 06:10 2,889 EPPICLocal_RU.cfg
03/03/2004 06:10 4,943 EPPICPattern6.dat
03/03/2004 06:10 5,436 EPPICLocal_SC.cfg
03/03/2004 06:10 5,817 EPPICLocal_KO.cfg
03/03/2004 06:10 6,103 EPPICLocal_ES.cfg
03/03/2004 06:10 6,122 EPPICLocal_DU.cfg
03/03/2004 06:10 6,195 EPPICLocal_CF.cfg
03/03/2004 06:10 6,195 EPPICLocal_FR.cfg
03/03/2004 06:10 6,335 EPPICLocal_GE.cfg
03/03/2004 06:10 6,347 EPPICLocal_PT.cfg
03/03/2004 06:10 6,347 EPPICLocal_BP.cfg
03/03/2004 06:10 6,442 EPPICLocal_IT.cfg
03/03/2004 06:10 11,811 EPPICPattern4.dat
03/03/2004 06:10 13,732 EPPICLocal_EN.cfg
03/03/2004 06:10 20,148 EPPICPattern2.dat
03/03/2004 06:10 21,390 EPPICPattern5.dat
03/03/2004 06:10 24,903 EPPICPattern3.dat
03/03/2004 06:10 26,154 EPPICPattern1.dat
03/03/2004 06:10 27,417 EPPICPattern121.dat
03/03/2004 06:10 31,053 EPPICPattern131.dat
20/02/2004 16:47 1,047,552 mfc71u.dll
20/02/2004 16:15 40,960 MFC71CHS.DLL
20/02/2004 16:15 45,056 MFC71CHT.DLL
20/02/2004 16:15 49,152 MFC71KOR.DLL
20/02/2004 16:15 49,152 MFC71JPN.DLL
20/02/2004 16:15 61,440 MFC71ITA.DLL
20/02/2004 16:15 61,440 MFC71FRA.DLL
20/02/2004 16:15 61,440 MFC71ESP.DLL
20/02/2004 16:15 65,536 MFC71DEU.DLL
17/10/2003 12:44 57,344 MFC71ENU.DLL
17/10/2003 12:44 89,088 atl71.dll
24/09/2003 09:44 44,544 MSXML4a.dll
24/09/2003 09:44 82,432 MSXML4r.dll
24/09/2003 09:43 344,064 hpvcr70.dll
24/09/2003 09:43 487,424 hpvcp70.dll
24/09/2003 09:43 626,960 hpvaut32.dll
19/08/2003 08:20 180,224 ac3filter.cpl
03/08/2003 10:56 1,146,184 FM20.DLL
14/07/2003 22:57 32,584 FM20ENU.DLL
18/06/2003 17:31 17,920 mdimon.dll
25/03/2003 18:53 11,776 ZPORT4AS.dll
19/03/2003 06:19 1,060,864 MFC71.dll
07/01/2003 15:05 2,695 OUTLPERF.INI
07/01/2003 15:05 551 OUTLPERF.H
20/12/2002 14:02 1,077,336 MSCOMCTL.OCX
11/12/2002 19:38 47,104 declrds.ax
11/12/2002 15:16 7,680 asferror.dll
06/11/2002 02:10 167,936 wmserror.dll
21/08/2002 05:13 189,952 WISPTIS.EXE
21/08/2002 05:10 204,800 INKED.DLL
09/11/2001 09:01 24,064 ativcoxx.dll
26/10/2001 22:16 16,384 FileOps.exe
06/12/2000 13:01 415,176 comct332.ocx
23/05/2000 22:45 118,784 MSSTDFMT.DLL
22/05/2000 16:58 115,920 msinet.ocx
22/05/2000 16:58 140,488 comdlg32.ocx
22/05/2000 16:58 608,448 comctl32.ocx
22/05/2000 16:58 647,872 mscomct2.ocx
11/05/2000 13:06 397,312 MSRDO20.DLL
03/04/2000 17:52 151,552 RDOCURS.DLL
03/04/2000 17:52 164,144 comct232.ocx
24/11/1999 18:40 40,960 VBAME.DLL
05/01/1999 17:30 225,280 VSFLEX3.OCX
09/08/1998 11:07 94,208 MSSTKPRP.DLL
17/06/1998 19:08 53,248 MFC42ENU.DLL
24/03/1998 21:54 15,872 SCP32.DLL
24/03/1998 13:44 24,848 VBAEND32.OLB
24/03/1998 13:44 24,848 VBAEN32.OLB
03/12/1996 14:50 37,376 VEN2232.OLB
2115 File(s) 439,386,896 bytes
0 Dir(s) 11,022,389,248 bytes free

#8 curlybob

curlybob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 19 October 2007 - 08:37 AM

I did not disenfect following my panda scan, should i re scan and fix selected issues?

Thank you very much for your help so far

Rob

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 19 October 2007 - 09:36 AM

I did not disenfect following my panda scan, should i re scan and fix selected issues?

Don't worry about that,we'll get rid of those.

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following text inside the quote box below:

Files to delete:
C:\WINDOWS\system32\btqpqtpk.ini
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\jwactysu.ini
C:\WINDOWS\system32\hrrtbpit.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\ubwrnpkm.ini
C:\WINDOWS\system32\kjkkj.bak2
C:\WINDOWS\system32\mlkkj.ini

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Also post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#10 curlybob

curlybob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 19 October 2007 - 09:59 AM

Hi Richie, I have used avenger but it was not able to create a report, 1st thoughts though are that the computer seems to be up and running relatively virus free.

In regards to writing a new post should I just put in my current position?

Thanks,
Rob

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 19 October 2007 - 10:16 AM

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.exe
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\btqpqtpk.ini
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\jwactysu.ini
C:\WINDOWS\system32\hrrtbpit.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.bak2
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\ubwrnpkm.ini
C:\WINDOWS\system32\kjkkj.bak2
C:\WINDOWS\system32\mlkkj.ini

Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.

After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.

Also post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#12 curlybob

curlybob
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 19 October 2007 - 11:45 AM

Pocket Killbox version 2.0.0.881
Running on Windows XP as Rob(Administrator)
was started @ Friday, October 19, 2007, 4:19 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\btqpqtpk.ini


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\hhhkj.ini


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\hhhkj.bak2


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\jwactysu.ini


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\hrrtbpit.ini


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\lnnmp.ini


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\lnnmp.bak2


# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\kjkkj.ini


# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\ubwrnpkm.ini


# 10 [Delete on Reboot]
Path = C:\WINDOWS\system32\kjkkj.bak2


# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\mlkkj.ini


I Rebooted @ 4:21:16 PM

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 19 October 2007 - 04:53 PM

Post a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users