Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Bot, Trojan.BHO, Hijack.Userinit just to name a few


  • Please log in to reply
13 replies to this topic

#1 bomber1712

bomber1712

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 16 December 2009 - 08:25 AM

This is a Compaq Presario SR1738NX running Windows XP Home Premium. I have been able to run SAS, Dr. Web Cure It, and MBAM. I have run each several times, and I seem to find infections with each run, although the last full MBAM run was clean. I want to make sure this computer is clean before I give it back, so I need some expert assistance.

I also have run into a startup problem. I ran MBAM in SAFE mode. It found many issues (See log #1 below). Then, I ran Dr. Web in Safe Mode. After running Dr. Web, I came home to find my computer unable to finish the boot process. It would start up, go to the boot options menu (Safe, Safe with command, last known good config, start win normally). I could choose any of the options, but all the computer would do was boot and then return to this same screen. A never ending loop. So, I started the Recovery Console and ran "bootcfg /add". It found a windows installation, so I added it.

Now, it will start in normal mode, but not safe. It boots to the OS choice and there are now 3 choices (blank, Windows XP, & Recovery Console)where before there were only 2 (Windows XP & Recovery Console). I have to leave it on the blank option to start Windows normally. But if I F8 and try to start safe, the computer hangs.

Here are the logs that I have:

MBAM LOG #1

Malwarebytes' Anti-Malware 1.42
Database version: 3362
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/14/2009 9:38:40 PM
mbam-log-2009-12-14 (21-38-40).txt

Scan type: Quick Scan
Objects scanned: 123049
Time elapsed: 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 14
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wab (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOCUME~1\ADMINI~1\APPLIC~1\MACROM~1\Common\aa33c05a1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\winload.dll (Trojan.Zlob.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browsearch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Common\aa33c05a1.dll (Hijack.Sound) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\SystemBackup\browserui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\SystemBackup\mt_32.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browserui.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mshtmllib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\aa33c05a19.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\mhbupd32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

MBAM LOG #2

Malwarebytes' Anti-Malware 1.42
Database version: 3362
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/15/2009 6:23:29 AM
mbam-log-2009-12-15 (06-23-29).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 225735
Time elapsed: 2 hour(s), 35 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MBAM LOG #3

Malwarebytes' Anti-Malware 1.42
Database version: 3362
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2009 9:58:27 PM
mbam-log-2009-12-15 (21-58-27).txt

Scan type: Quick Scan
Objects scanned: 123991
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DrWeb Log

This file is too big to paste inside the post.

SAS Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/15/2009 at 10:40 PM

Application Version : 4.31.1000

Core Rules Database Version : 4353
Trace Rules Database Version: 1978

Scan type : Quick Scan
Total Scan Time : 00:35:16

Memory items scanned : 400
Memory threats detected : 0
Registry items scanned : 430
Registry threats detected : 0
File items scanned : 10088
File threats detected : 2

Trojan.Downloader-WinLoad
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SYSTEMBACKUP\WINLOAD.DLL

Trojan.Dropper/Win-NV
C:\WINDOWS\SYSTEM32\WINSEC.DLL

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:38 AM

Posted 16 December 2009 - 11:10 AM

Hello MBAM is stronger in normal mode unlike most other scanners..

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

You can post the drWeb in multiple posts ..


Please download TFC by Old Timer and save it to your desktop.
alternate download link
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Run part 1 of S!Ri's SmitfraudFix

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 16 December 2009 - 07:30 PM

c:\windows\system32\atl.dll - OK

[Scan path] c:\windows\system32\audiodev.dll
c:\windows\system32\audiodev.dll - OK

[Scan path] c:\windows\system32\audiosrv.dll
c:\windows\system32\audiosrv.dll - OK

[Scan path] c:\windows\system32\authz.dll
c:\windows\system32\authz.dll - OK

[Scan path] c:\windows\system32\autochk.exe
c:\windows\system32\autochk.exe - OK

[Scan path] c:\windows\system32\basesrv.dll
c:\windows\system32\basesrv.dll - OK

[Scan path] c:\windows\system32\browsearch.dll
c:\windows\system32\browsearch.dll packed by FLY-CODE
>c:\windows\system32\browsearch.dll - OK

[Scan path] c:\windows\system32\browselc.dll
c:\windows\system32\browselc.dll packed by ZLIB
>c:\windows\system32\browselc.dll - archive BINARYRES
>>c:\windows\system32\browselc.dll/data001 - OK
>c:\windows\system32\browselc.dll - OK

[Scan path] c:\windows\system32\browser.dll
c:\windows\system32\browser.dll - OK

[Scan path] c:\windows\system32\browseui.dll
c:\windows\system32\browseui.dll - OK

[Scan path] c:\windows\system32\cabview.dll
c:\windows\system32\cabview.dll - OK

[Scan path] c:\windows\system32\certcli.dll
c:\windows\system32\certcli.dll - OK

[Scan path] c:\windows\system32\cisvc.exe
c:\windows\system32\cisvc.exe - OK

[Scan path] c:\windows\system32\clbcatq.dll
c:\windows\system32\clbcatq.dll - OK

[Scan path] c:\windows\system32\clipsrv.exe
c:\windows\system32\clipsrv.exe - OK

[Scan path] c:\windows\system32\cnbjmon.dll
c:\windows\system32\cnbjmon.dll - OK

[Scan path] c:\windows\system32\comctl32.dll
c:\windows\system32\comctl32.dll - OK

[Scan path] c:\windows\system32\comdlg32.dll
c:\windows\system32\comdlg32.dll - OK

[Scan path] c:\windows\system32\comres.dll
c:\windows\system32\comres.dll - OK

[Scan path] c:\windows\system32\config\systemprofile\start menu\programs\startup\desktop.ini
c:\windows\system32\config\systemprofile\start menu\programs\startup\desktop.ini - OK

[Scan path] c:\windows\system32\credui.dll
c:\windows\system32\credui.dll - OK

[Scan path] c:\windows\system32\crypt32.dll
c:\windows\system32\crypt32.dll - OK

[Scan path] c:\windows\system32\cryptdll.dll
c:\windows\system32\cryptdll.dll - OK

[Scan path] c:\windows\system32\cryptext.dll
c:\windows\system32\cryptext.dll - OK

[Scan path] c:\windows\system32\cryptnet.dll
c:\windows\system32\cryptnet.dll - OK

[Scan path] c:\windows\system32\cryptsvc.dll
c:\windows\system32\cryptsvc.dll - OK

[Scan path] c:\windows\system32\cryptui.dll
c:\windows\system32\cryptui.dll - OK

[Scan path] c:\windows\system32\cscdll.dll
c:\windows\system32\cscdll.dll - OK

[Scan path] c:\windows\system32\cscui.dll
c:\windows\system32\cscui.dll - OK

[Scan path] c:\windows\system32\csrsrv.dll
c:\windows\system32\csrsrv.dll - OK

[Scan path] c:\windows\system32\csrss.exe
c:\windows\system32\csrss.exe - OK

[Scan path] c:\windows\system32\ctfmon.exe
c:\windows\system32\ctfmon.exe - OK

[Scan path] c:\windows\system32\davclnt.dll
c:\windows\system32\davclnt.dll - OK

[Scan path] c:\windows\system32\deskadp.dll
c:\windows\system32\deskadp.dll - OK

[Scan path] c:\windows\system32\deskmon.dll
c:\windows\system32\deskmon.dll - OK

[Scan path] c:\windows\system32\deskperf.dll
c:\windows\system32\deskperf.dll - OK

[Scan path] c:\windows\system32\dfshim.dll
c:\windows\system32\dfshim.dll - OK

[Scan path] c:\windows\system32\dfsshlex.dll
c:\windows\system32\dfsshlex.dll - OK

[Scan path] c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc.dll - OK

[Scan path] c:\windows\system32\digest.dll
c:\windows\system32\digest.dll - OK

[Scan path] c:\windows\system32\dimsntfy.dll
c:\windows\system32\dimsntfy.dll - OK

[Scan path] c:\windows\system32\diskcopy.dll
c:\windows\system32\diskcopy.dll - OK

[Scan path] c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe - OK

[Scan path] c:\windows\system32\dmadmin.exe
c:\windows\system32\dmadmin.exe - OK

[Scan path] c:\windows\system32\dmserver.dll
c:\windows\system32\dmserver.dll - OK

[Scan path] c:\windows\system32\dnsapi.dll
c:\windows\system32\dnsapi.dll - OK

[Scan path] c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsrslvr.dll - OK

[Scan path] c:\windows\system32\docprop.dll
c:\windows\system32\docprop.dll - OK

[Scan path] c:\windows\system32\docprop2.dll
c:\windows\system32\docprop2.dll - OK

[Scan path] c:\windows\system32\dot3api.dll
c:\windows\system32\dot3api.dll - OK

[Scan path] c:\windows\system32\dot3dlg.dll
c:\windows\system32\dot3dlg.dll - OK

[Scan path] c:\windows\system32\dot3gpclnt.dll
c:\windows\system32\dot3gpclnt.dll - OK

[Scan path] c:\windows\system32\dot3svc.dll
c:\windows\system32\dot3svc.dll - OK

[Scan path] c:\windows\system32\drivers\acpi.sys
c:\windows\system32\drivers\acpi.sys - OK

[Scan path] c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\aec.sys - OK

[Scan path] c:\windows\system32\drivers\afd.sys
c:\windows\system32\drivers\afd.sys - OK

[Scan path] c:\windows\system32\drivers\agrsm.sys
c:\windows\system32\drivers\agrsm.sys - OK

[Scan path] c:\windows\system32\drivers\alcxwdm.sys
c:\windows\system32\drivers\alcxwdm.sys - OK

[Scan path] c:\windows\system32\drivers\amdk8.sys
c:\windows\system32\drivers\amdk8.sys - OK

[Scan path] c:\windows\system32\drivers\arp1394.sys
c:\windows\system32\drivers\arp1394.sys - OK

[Scan path] c:\windows\system32\drivers\asyncmac.sys
c:\windows\system32\drivers\asyncmac.sys - OK

[Scan path] c:\windows\system32\drivers\atapi.sys
c:\windows\system32\drivers\atapi.sys - OK

[Scan path] c:\windows\system32\drivers\ati2mtag.sys
c:\windows\system32\drivers\ati2mtag.sys - OK

[Scan path] c:\windows\system32\drivers\atmarpc.sys
c:\windows\system32\drivers\atmarpc.sys - OK

[Scan path] c:\windows\system32\drivers\audstub.sys
c:\windows\system32\drivers\audstub.sys - OK

[Scan path] c:\windows\system32\drivers\bb-run.sys
c:\windows\system32\drivers\bb-run.sys - OK

[Scan path] c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\beep.sys - OK

[Scan path] c:\windows\system32\drivers\brscnusb.sys
c:\windows\system32\drivers\brscnusb.sys - OK

[Scan path] c:\windows\system32\drivers\brserif.sys
c:\windows\system32\drivers\brserif.sys - OK

[Scan path] c:\windows\system32\drivers\brusbser.sys
c:\windows\system32\drivers\brusbser.sys - OK

[Scan path] c:\windows\system32\drivers\cdaudio.sys
c:\windows\system32\drivers\cdaudio.sys - OK

[Scan path] c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\drivers\cdrom.sys - OK

[Scan path] c:\windows\system32\drivers\disk.sys
c:\windows\system32\drivers\disk.sys - OK

[Scan path] c:\windows\system32\drivers\dmboot.sys
c:\windows\system32\drivers\dmboot.sys - OK

[Scan path] c:\windows\system32\drivers\dmio.sys
c:\windows\system32\drivers\dmio.sys - OK

[Scan path] c:\windows\system32\drivers\dmload.sys
c:\windows\system32\drivers\dmload.sys - OK

[Scan path] c:\windows\system32\drivers\dmusic.sys
c:\windows\system32\drivers\dmusic.sys - OK

[Scan path] c:\windows\system32\drivers\drmkaud.sys
c:\windows\system32\drivers\drmkaud.sys - OK

[Scan path] c:\windows\system32\drivers\fdc.sys
c:\windows\system32\drivers\fdc.sys - OK

[Scan path] c:\windows\system32\drivers\fips.sys
c:\windows\system32\drivers\fips.sys - OK

[Scan path] c:\windows\system32\drivers\flpydisk.sys
c:\windows\system32\drivers\flpydisk.sys - OK

[Scan path] c:\windows\system32\drivers\fltmgr.sys
c:\windows\system32\drivers\fltmgr.sys - OK

[Scan path] c:\windows\system32\drivers\fs_rec.sys
c:\windows\system32\drivers\fs_rec.sys - OK

[Scan path] c:\windows\system32\drivers\ftdisk.sys
c:\windows\system32\drivers\ftdisk.sys - OK

[Scan path] c:\windows\system32\drivers\ftsata2.sys
c:\windows\system32\drivers\ftsata2.sys - OK

[Scan path] c:\windows\system32\drivers\hidusb.sys
c:\windows\system32\drivers\hidusb.sys - OK

[Scan path] c:\windows\system32\drivers\http.sys
c:\windows\system32\drivers\http.sys - OK

[Scan path] c:\windows\system32\drivers\i8042prt.sys
c:\windows\system32\drivers\i8042prt.sys - OK

[Scan path] c:\windows\system32\drivers\iastor.sys
c:\windows\system32\drivers\iastor.sys - OK

[Scan path] c:\windows\system32\drivers\imapi.sys
c:\windows\system32\drivers\imapi.sys - OK

[Scan path] c:\windows\system32\drivers\intelide.sys
c:\windows\system32\drivers\intelide.sys - OK

[Scan path] c:\windows\system32\drivers\intelppm.sys
c:\windows\system32\drivers\intelppm.sys - OK

[Scan path] c:\windows\system32\drivers\ip6fw.sys
c:\windows\system32\drivers\ip6fw.sys - OK

[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
c:\windows\system32\drivers\ipfltdrv.sys - OK

[Scan path] c:\windows\system32\drivers\ipinip.sys
c:\windows\system32\drivers\ipinip.sys - OK

[Scan path] c:\windows\system32\drivers\ipnat.sys
c:\windows\system32\drivers\ipnat.sys - OK

[Scan path] c:\windows\system32\drivers\ipsec.sys
c:\windows\system32\drivers\ipsec.sys - OK

[Scan path] c:\windows\system32\drivers\irenum.sys
c:\windows\system32\drivers\irenum.sys - OK

[Scan path] c:\windows\system32\drivers\isapnp.sys
c:\windows\system32\drivers\isapnp.sys - OK

[Scan path] c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\drivers\kbdclass.sys - OK

[Scan path] c:\windows\system32\drivers\kmixer.sys
c:\windows\system32\drivers\kmixer.sys - OK

[Scan path] c:\windows\system32\drivers\ksecdd.sys
c:\windows\system32\drivers\ksecdd.sys - OK

[Scan path] c:\windows\system32\drivers\lbd.sys
c:\windows\system32\drivers\lbd.sys - OK

[Scan path] c:\windows\system32\drivers\mnmdd.sys
c:\windows\system32\drivers\mnmdd.sys - OK

[Scan path] c:\windows\system32\drivers\mouclass.sys
c:\windows\system32\drivers\mouclass.sys - OK

[Scan path] c:\windows\system32\drivers\mouhid.sys
c:\windows\system32\drivers\mouhid.sys - OK

[Scan path] c:\windows\system32\drivers\mountmgr.sys
c:\windows\system32\drivers\mountmgr.sys - OK

[Scan path] c:\windows\system32\drivers\mrxdav.sys
c:\windows\system32\drivers\mrxdav.sys - OK

[Scan path] c:\windows\system32\drivers\mrxsmb.sys
c:\windows\system32\drivers\mrxsmb.sys - OK

[Scan path] c:\windows\system32\drivers\msfs.sys
c:\windows\system32\drivers\msfs.sys - OK

[Scan path] c:\windows\system32\drivers\msgpc.sys
c:\windows\system32\drivers\msgpc.sys - OK

[Scan path] c:\windows\system32\drivers\mskssrv.sys
c:\windows\system32\drivers\mskssrv.sys - OK


[Scan path] c:\windows\system32\drivers\mspclock.sys
c:\windows\system32\drivers\mspclock.sys - OK

[Scan path] c:\windows\system32\drivers\mspqm.sys
c:\windows\system32\drivers\mspqm.sys - OK

[Scan path] c:\windows\system32\drivers\mssmbios.sys
c:\windows\system32\drivers\mssmbios.sys - OK

[Scan path] c:\windows\system32\drivers\mup.sys
c:\windows\system32\drivers\mup.sys - OK

[Scan path] c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\ndis.sys - OK

[Scan path] c:\windows\system32\drivers\ndistapi.sys
c:\windows\system32\drivers\ndistapi.sys - OK

[Scan path] c:\windows\system32\drivers\ndisuio.sys
c:\windows\system32\drivers\ndisuio.sys - OK

[Scan path] c:\windows\system32\drivers\ndiswan.sys
c:\windows\system32\drivers\ndiswan.sys - OK

[Scan path] c:\windows\system32\drivers\netbios.sys
c:\windows\system32\drivers\netbios.sys - OK

[Scan path] c:\windows\system32\drivers\netbt.sys
c:\windows\system32\drivers\netbt.sys - OK

[Scan path] c:\windows\system32\drivers\nic1394.sys
c:\windows\system32\drivers\nic1394.sys - OK

[Scan path] c:\windows\system32\drivers\npfs.sys
c:\windows\system32\drivers\npfs.sys - OK

[Scan path] c:\windows\system32\drivers\null.sys
c:\windows\system32\drivers\null.sys - OK

[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
c:\windows\system32\drivers\nwlnkflt.sys - OK

[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
c:\windows\system32\drivers\nwlnkfwd.sys - OK

[Scan path] c:\windows\system32\drivers\nwlnkipx.sys
c:\windows\system32\drivers\nwlnkipx.sys - OK

[Scan path] c:\windows\system32\drivers\nwlnknb.sys
c:\windows\system32\drivers\nwlnknb.sys - OK

[Scan path] c:\windows\system32\drivers\nwlnkspx.sys
c:\windows\system32\drivers\nwlnkspx.sys - OK

[Scan path] c:\windows\system32\drivers\ohci1394.sys
c:\windows\system32\drivers\ohci1394.sys - OK

[Scan path] c:\windows\system32\drivers\parport.sys
c:\windows\system32\drivers\parport.sys - OK

[Scan path] c:\windows\system32\drivers\partmgr.sys
c:\windows\system32\drivers\partmgr.sys - OK

[Scan path] c:\windows\system32\drivers\pci.sys
c:\windows\system32\drivers\pci.sys - OK

[Scan path] c:\windows\system32\drivers\pciide.sys
c:\windows\system32\drivers\pciide.sys - OK

[Scan path] c:\windows\system32\drivers\processr.sys
c:\windows\system32\drivers\processr.sys - OK

[Scan path] c:\windows\system32\drivers\ps2.sys
c:\windows\system32\drivers\ps2.sys - OK

[Scan path] c:\windows\system32\drivers\psched.sys
c:\windows\system32\drivers\psched.sys - OK

[Scan path] c:\windows\system32\drivers\ptilink.sys
c:\windows\system32\drivers\ptilink.sys - OK

[Scan path] c:\windows\system32\drivers\pxhelp20.sys
c:\windows\system32\drivers\pxhelp20.sys - OK

[Scan path] c:\windows\system32\drivers\rasacd.sys
c:\windows\system32\drivers\rasacd.sys - OK

[Scan path] c:\windows\system32\drivers\rasl2tp.sys
c:\windows\system32\drivers\rasl2tp.sys - OK

[Scan path] c:\windows\system32\drivers\raspppoe.sys
c:\windows\system32\drivers\raspppoe.sys - OK

[Scan path] c:\windows\system32\drivers\raspptp.sys
c:\windows\system32\drivers\raspptp.sys - OK

[Scan path] c:\windows\system32\drivers\raspti.sys
c:\windows\system32\drivers\raspti.sys - OK

[Scan path] c:\windows\system32\drivers\rdbss.sys
c:\windows\system32\drivers\rdbss.sys - OK

[Scan path] c:\windows\system32\drivers\rdpcdd.sys
c:\windows\system32\drivers\rdpcdd.sys - OK

[Scan path] c:\windows\system32\drivers\rdpwd.sys
c:\windows\system32\drivers\rdpwd.sys - OK

[Scan path] c:\windows\system32\drivers\redbook.sys
c:\windows\system32\drivers\redbook.sys - OK

[Scan path] c:\windows\system32\drivers\rtl8139.sys
c:\windows\system32\drivers\rtl8139.sys - OK

[Scan path] c:\windows\system32\drivers\rtlnicxp.sys
c:\windows\system32\drivers\rtlnicxp.sys - OK

[Scan path] c:\windows\system32\drivers\scsiport.sys
c:\windows\system32\drivers\scsiport.sys - OK

[Scan path] c:\windows\system32\drivers\secdrv.sys
c:\windows\system32\drivers\secdrv.sys - OK

[Scan path] c:\windows\system32\drivers\sfloppy.sys
c:\windows\system32\drivers\sfloppy.sys - OK

[Scan path] c:\windows\system32\drivers\splitter.sys
c:\windows\system32\drivers\splitter.sys - OK

[Scan path] c:\windows\system32\drivers\sr.sys
c:\windows\system32\drivers\sr.sys - OK

[Scan path] c:\windows\system32\drivers\srv.sys
c:\windows\system32\drivers\srv.sys - OK

[Scan path] c:\windows\system32\drivers\swenum.sys
c:\windows\system32\drivers\swenum.sys - OK

[Scan path] c:\windows\system32\drivers\swmidi.sys
c:\windows\system32\drivers\swmidi.sys - OK

[Scan path] c:\windows\system32\drivers\sysaudio.sys
c:\windows\system32\drivers\sysaudio.sys - OK

[Scan path] c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\drivers\tcpip.sys - OK

[Scan path] c:\windows\system32\drivers\tdpipe.sys
c:\windows\system32\drivers\tdpipe.sys - OK

[Scan path] c:\windows\system32\drivers\tdtcp.sys
c:\windows\system32\drivers\tdtcp.sys - OK

[Scan path] c:\windows\system32\drivers\termdd.sys
c:\windows\system32\drivers\termdd.sys - OK

[Scan path] c:\windows\system32\drivers\update.sys
c:\windows\system32\drivers\update.sys - OK

[Scan path] c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\drivers\usbccgp.sys - OK

[Scan path] c:\windows\system32\drivers\usbehci.sys
c:\windows\system32\drivers\usbehci.sys - OK

[Scan path] c:\windows\system32\drivers\usbhub.sys
c:\windows\system32\drivers\usbhub.sys - OK

[Scan path] c:\windows\system32\drivers\usbohci.sys
c:\windows\system32\drivers\usbohci.sys - OK

[Scan path] c:\windows\system32\drivers\usbprint.sys
c:\windows\system32\drivers\usbprint.sys - OK

[Scan path] c:\windows\system32\drivers\usbstor.sys
c:\windows\system32\drivers\usbstor.sys - OK

[Scan path] c:\windows\system32\drivers\usbuhci.sys
c:\windows\system32\drivers\usbuhci.sys - OK

[Scan path] c:\windows\system32\drivers\vga.sys
c:\windows\system32\drivers\vga.sys - OK

[Scan path] c:\windows\system32\drivers\viaide.sys
c:\windows\system32\drivers\viaide.sys - OK

[Scan path] c:\windows\system32\drivers\volsnap.sys
c:\windows\system32\drivers\volsnap.sys - OK

[Scan path] c:\windows\system32\drivers\wanarp.sys
c:\windows\system32\drivers\wanarp.sys - OK

[Scan path] c:\windows\system32\drivers\wdmaud.sys
c:\windows\system32\drivers\wdmaud.sys - OK

[Scan path] c:\windows\system32\drivers\ws2ifsl.sys
c:\windows\system32\drivers\ws2ifsl.sys - OK

[Scan path] c:\windows\system32\drprov.dll
c:\windows\system32\drprov.dll - OK

[Scan path] c:\windows\system32\dskquota.dll
c:\windows\system32\dskquota.dll - OK

[Scan path] c:\windows\system32\dskquoui.dll
c:\windows\system32\dskquoui.dll - OK

[Scan path] c:\windows\system32\dsound.dll
c:\windows\system32\dsound.dll - OK

[Scan path] c:\windows\system32\dsquery.dll
c:\windows\system32\dsquery.dll - OK

[Scan path] c:\windows\system32\dssec.dll
c:\windows\system32\dssec.dll - OK

[Scan path] c:\windows\system32\dsuiext.dll
c:\windows\system32\dsuiext.dll - OK

[Scan path] c:\windows\system32\eappcfg.dll
c:\windows\system32\eappcfg.dll - OK

[Scan path] c:\windows\system32\eappprxy.dll
c:\windows\system32\eappprxy.dll - OK

[Scan path] c:\windows\system32\eapsvc.dll
c:\windows\system32\eapsvc.dll - OK

[Scan path] c:\windows\system32\ersvc.dll
c:\windows\system32\ersvc.dll - OK

[Scan path] c:\windows\system32\es.dll
c:\windows\system32\es.dll - OK

[Scan path] c:\windows\system32\esent.dll
c:\windows\system32\esent.dll - OK

[Scan path] c:\windows\system32\eventlog.dll
c:\windows\system32\eventlog.dll - OK

[Scan path] c:\windows\system32\extmgr.dll
c:\windows\system32\extmgr.dll - OK

[Scan path] c:\windows\system32\firewall.cpl
c:\windows\system32\firewall.cpl - OK

[Scan path] c:\windows\system32\fltlib.dll
c:\windows\system32\fltlib.dll - OK

[Scan path] c:\windows\system32\fontext.dll
c:\windows\system32\fontext.dll - archive BINARYRES
>c:\windows\system32\fontext.dll/data001 packed by MS COMPRESS
>>c:\windows\system32\fontext.dll/data001 - OK
>c:\windows\system32\fontext.dll/data002 packed by MS COMPRESS
>>c:\windows\system32\fontext.dll/data002 - OK
c:\windows\system32\fontext.dll - OK

[Scan path] c:\windows\system32\fxsmon.dll
c:\windows\system32\fxsmon.dll - OK

[Scan path] c:\windows\system32\fxssvc.exe
c:\windows\system32\fxssvc.exe - OK

[Scan path] c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32.dll - OK

[Scan path] c:\windows\system32\hhctrl.ocx
c:\windows\system32\hhctrl.ocx - OK

[Scan path] c:\windows\system32\hnetcfg.dll
c:\windows\system32\hnetcfg.dll - OK

[Scan path] c:\windows\system32\hticons.dll
c:\windows\system32\hticons.dll - OK

[Scan path] c:\windows\system32\iac25_32.ax
c:\windows\system32\iac25_32.ax - OK

[Scan path] c:\windows\system32\iccvid.dll
c:\windows\system32\iccvid.dll - OK

[Scan path] c:\windows\system32\icmui.dll
c:\windows\system32\icmui.dll - OK

[Scan path] c:\windows\system32\ie4uinit.exe
c:\windows\system32\ie4uinit.exe - OK

[Scan path] c:\windows\system32\iedkcs32.dll
c:\windows\system32\iedkcs32.dll - OK

[Scan path] c:\windows\system32\ieframe.dll
c:\windows\system32\ieframe.dll - OK

[Scan path] c:\windows\system32\iertutil.dll
c:\windows\system32\iertutil.dll - OK

[Scan path] c:\windows\system32\ieudinit.exe
c:\windows\system32\ieudinit.exe - OK

[Scan path] c:\windows\system32\imaadp32.acm
c:\windows\system32\imaadp32.acm - OK

[Scan path] c:\windows\system32\imagehlp.dll
c:\windows\system32\imagehlp.dll - OK

[Scan path] c:\windows\system32\imapi.exe
c:\windows\system32\imapi.exe - OK

[Scan path] c:\windows\system32\imm32.dll
c:\windows\system32\imm32.dll - OK

[Scan path] c:\windows\system32\inetcomm.dll
c:\windows\system32\inetcomm.dll - OK

[Scan path] c:\windows\system32\iphlpapi.dll
c:\windows\system32\iphlpapi.dll - OK

[Scan path] c:\windows\system32\ipnathlp.dll
c:\windows\system32\ipnathlp.dll - OK

[Scan path] c:\windows\system32\ipxsap.dll
c:\windows\system32\ipxsap.dll - OK

[Scan path] c:\windows\system32\ir32_32.dll
c:\windows\system32\ir32_32.dll - OK

[Scan path] c:\windows\system32\ir41_32.ax
c:\windows\system32\ir41_32.ax - OK

[Scan path] c:\windows\system32\ir50_32.dll
c:\windows\system32\ir50_32.dll - OK

[Scan path] c:\windows\system32\itss.dll
c:\windows\system32\itss.dll - OK

[Scan path] c:\windows\system32\iyuv_32.dll
c:\windows\system32\iyuv_32.dll - OK

[Scan path] c:\windows\system32\kerberos.dll
c:\windows\system32\kerberos.dll - OK

[Scan path] c:\windows\system32\kernel32.dll
c:\windows\system32\kernel32.dll - OK

[Scan path] c:\windows\system32\kmsvc.dll
c:\windows\system32\kmsvc.dll - OK

[Scan path] c:\windows\system32\l3codeca.acm
c:\windows\system32\l3codeca.acm - OK

[Scan path] c:\windows\system32\linkinfo.dll
c:\windows\system32\linkinfo.dll - OK

[Scan path] c:\windows\system32\lmhsvc.dll
c:\windows\system32\lmhsvc.dll - OK

[Scan path] c:\windows\system32\localspl.dll
c:\windows\system32\localspl.dll - OK

[Scan path] c:\windows\system32\locator.exe
c:\windows\system32\locator.exe - OK

[Scan path] c:\windows\system32\logon.scr
c:\windows\system32\logon.scr - OK

[Scan path] c:\windows\system32\logonui.exe
c:\windows\system32\logonui.exe - OK

[Scan path] c:\windows\system32\lsasrv.dll
c:\windows\system32\lsasrv.dll - OK

[Scan path] c:\windows\system32\lsass.exe
c:\windows\system32\lsass.exe - OK

[Scan path] c:\windows\system32\lz32.dll
c:\windows\system32\lz32.dll - OK

[Scan path] c:\windows\system32\macromed\flash\flash10b.ocx
c:\windows\system32\macromed\flash\flash10b.ocx packed by ZLIB
>c:\windows\system32\macromed\flash\flash10b.ocx - archive BINARYRES
>>c:\windows\system32\macromed\flash\flash10b.ocx/data001 - OK
>>c:\windows\system32\macromed\flash\flash10b.ocx/data002 - OK
>>c:\windows\system32\macromed\flash\flash10b.ocx/data003 - OK
>>c:\windows\system32\macromed\flash\flash10b.ocx/data004 - OK
>c:\windows\system32\macromed\flash\flash10b.ocx - OK

[Scan path] c:\windows\system32\mdimon.dll
c:\windows\system32\mdimon.dll - OK

[Scan path] c:\windows\system32\midimap.dll
c:\windows\system32\midimap.dll - OK

[Scan path] c:\windows\system32\mlang.dll
c:\windows\system32\mlang.dll - OK

[Scan path] c:\windows\system32\mmcshext.dll
c:\windows\system32\mmcshext.dll - OK

[Scan path] c:\windows\system32\mmsys.cpl
c:\windows\system32\mmsys.cpl - OK

[Scan path] c:\windows\system32\mnmsrvc.exe
c:\windows\system32\mnmsrvc.exe - OK

[Scan path] c:\windows\system32\mpr.dll
c:\windows\system32\mpr.dll - OK

[Scan path] c:\windows\system32\mprdim.dll
c:\windows\system32\mprdim.dll - OK

[Scan path] c:\windows\system32\msacm32.dll
c:\windows\system32\msacm32.dll - OK

[Scan path] c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.drv - OK

[Scan path] c:\windows\system32\msadp32.acm
c:\windows\system32\msadp32.acm - OK

[Scan path] c:\windows\system32\msapsspc.dll
c:\windows\system32\msapsspc.dll - OK

[Scan path] c:\windows\system32\msasn1.dll
c:\windows\system32\msasn1.dll - OK

[Scan path] c:\windows\system32\msaud32.acm
c:\windows\system32\msaud32.acm - OK

[Scan path] c:\windows\system32\mscoree.dll
c:\windows\system32\mscoree.dll - OK

[Scan path] c:\windows\system32\mscories.dll
c:\windows\system32\mscories.dll - OK

[Scan path] c:\windows\system32\msctf.dll
c:\windows\system32\msctf.dll - OK

[Scan path] c:\windows\system32\msctfime.ime
c:\windows\system32\msctfime.ime - OK

[Scan path] c:\windows\system32\msdtc.exe
c:\windows\system32\msdtc.exe - OK

[Scan path] c:\windows\system32\msg711.acm
c:\windows\system32\msg711.acm - OK

[Scan path] c:\windows\system32\msg723.acm
c:\windows\system32\msg723.acm - OK

[Scan path] c:\windows\system32\msgina.dll
c:\windows\system32\msgina.dll - OK

[Scan path] c:\windows\system32\msgsm32.acm
c:\windows\system32\msgsm32.acm - OK

[Scan path] c:\windows\system32\msgsvc.dll
c:\windows\system32\msgsvc.dll - OK

[Scan path] c:\windows\system32\msh261.drv
c:\windows\system32\msh261.drv - OK

[Scan path] c:\windows\system32\msh263.drv
c:\windows\system32\msh263.drv - OK

[Scan path] c:\windows\system32\mshtml.dll
c:\windows\system32\mshtml.dll packed by ZLIB
>c:\windows\system32\mshtml.dll - archive BINARYRES
>>c:\windows\system32\mshtml.dll/data001 - OK
>>c:\windows\system32\mshtml.dll/data002 - OK
>c:\windows\system32\mshtml.dll - OK

#4 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 16 December 2009 - 07:31 PM

[Scan path] c:\windows\system32\msi.dll
c:\windows\system32\msi.dll - OK

[Scan path] c:\windows\system32\msieftp.dll
c:\windows\system32\msieftp.dll - OK

[Scan path] c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe - OK

[Scan path] c:\windows\system32\msimg32.dll
c:\windows\system32\msimg32.dll - OK

[Scan path] c:\windows\system32\msnsspc.dll
c:\windows\system32\msnsspc.dll - OK

[Scan path] c:\windows\system32\mspmsnsv.dll
c:\windows\system32\mspmsnsv.dll - OK

[Scan path] c:\windows\system32\msprivs.dll
c:\windows\system32\msprivs.dll - OK

[Scan path] c:\windows\system32\msrle32.dll
c:\windows\system32\msrle32.dll - OK

[Scan path] c:\windows\system32\mstask.dll
c:\windows\system32\mstask.dll - OK

[Scan path] c:\windows\system32\msutb.dll
c:\windows\system32\msutb.dll - OK

[Scan path] c:\windows\system32\msv1_0.dll
c:\windows\system32\msv1_0.dll - OK

[Scan path] c:\windows\system32\msvcp60.dll
c:\windows\system32\msvcp60.dll - OK

[Scan path] c:\windows\system32\msvcrt.dll
c:\windows\system32\msvcrt.dll - OK

[Scan path] c:\windows\system32\msvidc32.dll
c:\windows\system32\msvidc32.dll - OK

[Scan path] c:\windows\system32\msvidctl.dll
c:\windows\system32\msvidctl.dll - OK

[Scan path] c:\windows\system32\mswsock.dll
c:\windows\system32\mswsock.dll - OK

[Scan path] c:\windows\system32\msxml3.dll
c:\windows\system32\msxml3.dll - OK

[Scan path] c:\windows\system32\msyuv.dll
c:\windows\system32\msyuv.dll - OK

[Scan path] c:\windows\system32\mydocs.dll
c:\windows\system32\mydocs.dll - OK

[Scan path] c:\windows\system32\ncobjapi.dll
c:\windows\system32\ncobjapi.dll - OK

[Scan path] c:\windows\system32\nddeapi.dll
c:\windows\system32\nddeapi.dll - OK

[Scan path] c:\windows\system32\netapi32.dll
c:\windows\system32\netapi32.dll - OK

[Scan path] c:\windows\system32\netdde.exe
c:\windows\system32\netdde.exe - OK

[Scan path] c:\windows\system32\netlogon.dll
c:\windows\system32\netlogon.dll - OK

[Scan path] c:\windows\system32\netman.dll
c:\windows\system32\netman.dll - OK

[Scan path] c:\windows\system32\netplwiz.dll
c:\windows\system32\netplwiz.dll - OK

[Scan path] c:\windows\system32\netrap.dll
c:\windows\system32\netrap.dll - OK

[Scan path] c:\windows\system32\netsetup.cpl
c:\windows\system32\netsetup.cpl - OK

[Scan path] c:\windows\system32\netshell.dll
c:\windows\system32\netshell.dll - OK

[Scan path] c:\windows\system32\netui0.dll
c:\windows\system32\netui0.dll - OK

[Scan path] c:\windows\system32\netui1.dll
c:\windows\system32\netui1.dll - OK

[Scan path] c:\windows\system32\normaliz.dll
c:\windows\system32\normaliz.dll - OK

[Scan path] c:\windows\system32\ntdll.dll
c:\windows\system32\ntdll.dll - OK

[Scan path] c:\windows\system32\ntdsapi.dll
c:\windows\system32\ntdsapi.dll - OK

[Scan path] c:\windows\system32\ntlanman.dll
c:\windows\system32\ntlanman.dll - OK

[Scan path] c:\windows\system32\ntlanui2.dll
c:\windows\system32\ntlanui2.dll - OK

[Scan path] c:\windows\system32\ntmarta.dll
c:\windows\system32\ntmarta.dll packed by FLY-CODE
>c:\windows\system32\ntmarta.dll - OK

[Scan path] c:\windows\system32\ntmssvc.dll
c:\windows\system32\ntmssvc.dll - OK

[Scan path] c:\windows\system32\ntsd.exe
c:\windows\system32\ntsd.exe - OK

[Scan path] c:\windows\system32\ntshrui.dll
c:\windows\system32\ntshrui.dll - OK

[Scan path] c:\windows\system32\nwprovau.dll
c:\windows\system32\nwprovau.dll - OK

[Scan path] c:\windows\system32\occache.dll
c:\windows\system32\occache.dll - OK

[Scan path] c:\windows\system32\odbc32.dll
c:\windows\system32\odbc32.dll - OK

[Scan path] c:\windows\system32\odbcint.dll
c:\windows\system32\odbcint.dll - OK

[Scan path] c:\windows\system32\ole32.dll
c:\windows\system32\ole32.dll - OK

[Scan path] c:\windows\system32\oleaut32.dll
c:\windows\system32\oleaut32.dll - OK

[Scan path] c:\windows\system32\olecli32.dll
c:\windows\system32\olecli32.dll - OK

[Scan path] c:\windows\system32\olecnv32.dll
c:\windows\system32\olecnv32.dll - OK

[Scan path] c:\windows\system32\olesvr32.dll
c:\windows\system32\olesvr32.dll - OK

[Scan path] c:\windows\system32\olethk32.dll
c:\windows\system32\olethk32.dll - OK

[Scan path] c:\windows\system32\onex.dll
c:\windows\system32\onex.dll - OK

[Scan path] c:\windows\system32\photowiz.dll
c:\windows\system32\photowiz.dll - OK

[Scan path] c:\windows\system32\pjlmon.dll
c:\windows\system32\pjlmon.dll - OK

[Scan path] c:\windows\system32\powrprof.dll
c:\windows\system32\powrprof.dll - OK

[Scan path] c:\windows\system32\printui.dll
c:\windows\system32\printui.dll - OK

[Scan path] c:\windows\system32\profmap.dll
c:\windows\system32\profmap.dll - OK

[Scan path] c:\windows\system32\psapi.dll
c:\windows\system32\psapi.dll - OK

[Scan path] c:\windows\system32\qagentrt.dll
c:\windows\system32\qagentrt.dll - OK

[Scan path] c:\windows\system32\qmgr.dll
c:\windows\system32\qmgr.dll - OK

[Scan path] c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasadhlp.dll - OK

[Scan path] c:\windows\system32\rasapi32.dll
c:\windows\system32\rasapi32.dll - OK

[Scan path] c:\windows\system32\rasauto.dll
c:\windows\system32\rasauto.dll - OK

[Scan path] c:\windows\system32\rasman.dll
c:\windows\system32\rasman.dll - OK

[Scan path] c:\windows\system32\rasmans.dll
c:\windows\system32\rasmans.dll - OK

[Scan path] c:\windows\system32\regapi.dll
c:\windows\system32\regapi.dll - OK

[Scan path] c:\windows\system32\regsvr32.exe
c:\windows\system32\regsvr32.exe - OK

[Scan path] c:\windows\system32\remotepg.dll
c:\windows\system32\remotepg.dll - OK

[Scan path] c:\windows\system32\riched20.dll
c:\windows\system32\riched20.dll - OK

[Scan path] c:\windows\system32\riched32.dll
c:\windows\system32\riched32.dll - OK

[Scan path] c:\windows\system32\rpcrt4.dll
c:\windows\system32\rpcrt4.dll - OK

[Scan path] c:\windows\system32\rpcss.dll
c:\windows\system32\rpcss.dll - OK

[Scan path] c:\windows\system32\rsaenh.dll
c:\windows\system32\rsaenh.dll - OK

[Scan path] c:\windows\system32\rshx32.dll
c:\windows\system32\rshx32.dll - OK

[Scan path] c:\windows\system32\rsvp.exe
c:\windows\system32\rsvp.exe - OK

[Scan path] c:\windows\system32\rsvpsp.dll
c:\windows\system32\rsvpsp.dll - OK

[Scan path] c:\windows\system32\rtutils.dll
c:\windows\system32\rtutils.dll - OK

[Scan path] c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe - OK

[Scan path] c:\windows\system32\samlib.dll
c:\windows\system32\samlib.dll - OK

[Scan path] c:\windows\system32\samsrv.dll
c:\windows\system32\samsrv.dll - OK

[Scan path] c:\windows\system32\scardsvr.exe
c:\windows\system32\scardsvr.exe - OK

[Scan path] c:\windows\system32\scecli.dll
c:\windows\system32\scecli.dll - OK

[Scan path] c:\windows\system32\scesrv.dll
c:\windows\system32\scesrv.dll - OK

[Scan path] c:\windows\system32\schannel.dll
c:\windows\system32\schannel.dll - OK

[Scan path] c:\windows\system32\schedsvc.dll
c:\windows\system32\schedsvc.dll - OK

[Scan path] c:\windows\system32\sclgntfy.dll
c:\windows\system32\sclgntfy.dll - OK

[Scan path] c:\windows\system32\sdra64.exe
c:\windows\system32\sdra64.exe - OK

[Scan path] c:\windows\system32\seclogon.dll
c:\windows\system32\seclogon.dll - OK

[Scan path] c:\windows\system32\secur32.dll
c:\windows\system32\secur32.dll - OK

[Scan path] c:\windows\system32\sendmail.dll
c:\windows\system32\sendmail.dll - OK

[Scan path] c:\windows\system32\sens.dll
c:\windows\system32\sens.dll - OK

[Scan path] c:\windows\system32\services.exe
c:\windows\system32\services.exe - OK

[Scan path] c:\windows\system32\sessmgr.exe
c:\windows\system32\sessmgr.exe - OK

[Scan path] c:\windows\system32\setupapi.dll
c:\windows\system32\setupapi.dll - OK

[Scan path] c:\windows\system32\sfc.dll
c:\windows\system32\sfc.dll - OK

[Scan path] c:\windows\system32\sfc_os.dll
c:\windows\system32\sfc_os.dll - OK

[Scan path] c:\windows\system32\shdocvw.dll
c:\windows\system32\shdocvw.dll - OK

[Scan path] c:\windows\system32\shell32.dll
c:\windows\system32\shell32.dll - OK

[Scan path] c:\windows\system32\shellvrtf.dll
c:\windows\system32\shellvrtf.dll - OK

[Scan path] c:\windows\system32\shfolder.dll
c:\windows\system32\shfolder.dll - OK

[Scan path] c:\windows\system32\shimeng.dll
c:\windows\system32\shimeng.dll - OK

[Scan path] c:\windows\system32\shimgvw.dll
c:\windows\system32\shimgvw.dll - OK

[Scan path] c:\windows\system32\shlwapi.dll
c:\windows\system32\shlwapi.dll - OK

[Scan path] c:\windows\system32\shmedia.dll
c:\windows\system32\shmedia.dll - OK

[Scan path] c:\windows\system32\shmgrate.exe
c:\windows\system32\shmgrate.exe - OK

[Scan path] c:\windows\system32\shscrap.dll
c:\windows\system32\shscrap.dll - OK

[Scan path] c:\windows\system32\shsvcs.dll
c:\windows\system32\shsvcs.dll - OK

[Scan path] c:\windows\system32\sl_anet.acm
c:\windows\system32\sl_anet.acm - OK

[Scan path] c:\windows\system32\slayerxp.dll
c:\windows\system32\slayerxp.dll - OK

[Scan path] c:\windows\system32\smlogsvc.exe
c:\windows\system32\smlogsvc.exe - OK

[Scan path] c:\windows\system32\smss.exe
c:\windows\system32\smss.exe - OK

[Scan path] c:\windows\system32\spoolsv.exe
c:\windows\system32\spoolsv.exe - OK

[Scan path] c:\windows\system32\srsvc.dll
c:\windows\system32\srsvc.dll - OK

[Scan path] c:\windows\system32\srvsvc.dll
c:\windows\system32\srvsvc.dll - OK

[Scan path] c:\windows\system32\ssdpsrv.dll
c:\windows\system32\ssdpsrv.dll - OK

[Scan path] c:\windows\system32\ssstars.scr
c:\windows\system32\ssstars.scr - OK

[Scan path] c:\windows\system32\stobject.dll
c:\windows\system32\stobject.dll - OK

[Scan path] c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe - OK

[Scan path] c:\windows\system32\sxs.dll
c:\windows\system32\sxs.dll - OK

[Scan path] c:\windows\system32\syncui.dll
c:\windows\system32\syncui.dll - OK

[Scan path] c:\windows\system32\tapi32.dll
c:\windows\system32\tapi32.dll - OK

[Scan path] c:\windows\system32\tapisrv.dll
c:\windows\system32\tapisrv.dll - OK

[Scan path] c:\windows\system32\tcpmon.dll
c:\windows\system32\tcpmon.dll - OK

[Scan path] c:\windows\system32\termsrv.dll
c:\windows\system32\termsrv.dll - OK

[Scan path] c:\windows\system32\themeui.dll
c:\windows\system32\themeui.dll - OK

[Scan path] c:\windows\system32\trkwks.dll
c:\windows\system32\trkwks.dll - OK

[Scan path] c:\windows\system32\tsbyuv.dll
c:\windows\system32\tsbyuv.dll - OK

[Scan path] c:\windows\system32\tssoft32.acm
c:\windows\system32\tssoft32.acm - OK

[Scan path] c:\windows\system32\twext.dll
c:\windows\system32\twext.dll - OK

[Scan path] c:\windows\system32\umpnpmgr.dll
c:\windows\system32\umpnpmgr.dll - OK

[Scan path] c:\windows\system32\upnphost.dll
c:\windows\system32\upnphost.dll - OK

[Scan path] c:\windows\system32\upnpui.dll
c:\windows\system32\upnpui.dll - OK

[Scan path] c:\windows\system32\ups.exe
c:\windows\system32\ups.exe - OK

[Scan path] c:\windows\system32\url.dll
c:\windows\system32\url.dll - OK

[Scan path] c:\windows\system32\urlmon.dll
c:\windows\system32\urlmon.dll - OK

[Scan path] c:\windows\system32\usbmon.dll
c:\windows\system32\usbmon.dll - OK

[Scan path] c:\windows\system32\user32.dll
c:\windows\system32\user32.dll - OK

[Scan path] c:\windows\system32\userenv.dll
c:\windows\system32\userenv.dll - OK

[Scan path] c:\windows\system32\userinit.exe
c:\windows\system32\userinit.exe - OK

[Scan path] c:\windows\system32\uxtheme.dll
c:\windows\system32\uxtheme.dll - OK

[Scan path] c:\windows\system32\version.dll
c:\windows\system32\version.dll - OK

[Scan path] c:\windows\system32\vssapi.dll
c:\windows\system32\vssapi.dll - OK

[Scan path] c:\windows\system32\vssvc.exe
c:\windows\system32\vssvc.exe - OK

[Scan path] c:\windows\system32\w32time.dll
c:\windows\system32\w32time.dll - OK

[Scan path] c:\windows\system32\w3ssl.dll
c:\windows\system32\w3ssl.dll - OK

[Scan path] c:\windows\system32\wbem\cimwin32.dll
c:\windows\system32\wbem\cimwin32.dll - OK

[Scan path] c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\esscli.dll - OK

[Scan path] c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\fastprox.dll - OK

[Scan path] c:\windows\system32\wbem\framedyn.dll
c:\windows\system32\wbem\framedyn.dll - OK

[Scan path] c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\wbem\ncprov.dll - OK

[Scan path] c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\repdrvfs.dll - OK

[Scan path] c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe - OK

[Scan path] c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcomn.dll - OK

[Scan path] c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\wbemcore.dll - OK

[Scan path] c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\wbem\wbemess.dll - OK

[Scan path] c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemprox.dll - OK

[Scan path] c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wbemsvc.dll - OK

[Scan path] c:\windows\system32\wbem\winmgmt.exe
c:\windows\system32\wbem\winmgmt.exe - OK

[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\wmiapsrv.exe - OK

[Scan path] c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\wbem\wmiprvsd.dll - OK

[Scan path] c:\windows\system32\wbem\wmiprvse.exe
c:\windows\system32\wbem\wmiprvse.exe - OK

[Scan path] c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbem\wmisvc.dll - OK

[Scan path] c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wmiutils.dll - OK

[Scan path] c:\windows\system32\wdfmgr.exe
c:\windows\system32\wdfmgr.exe - OK

[Scan path] c:\windows\system32\wdigest.dll
c:\windows\system32\wdigest.dll - OK

[Scan path] c:\windows\system32\wdmaud.drv
c:\windows\system32\wdmaud.drv - OK

[Scan path] c:\windows\system32\webcheck.dll
c:\windows\system32\webcheck.dll - OK

[Scan path] c:\windows\system32\webclnt.dll
c:\windows\system32\webclnt.dll - OK

[Scan path] c:\windows\system32\wiascr.dll
c:\windows\system32\wiascr.dll - OK

[Scan path] c:\windows\system32\wiaservc.dll
c:\windows\system32\wiaservc.dll - OK

[Scan path] c:\windows\system32\wiashext.dll
c:\windows\system32\wiashext.dll - OK

[Scan path] c:\windows\system32\wininet.dll
c:\windows\system32\wininet.dll - OK

[Scan path] c:\windows\system32\winload.dll
c:\windows\system32\winload.dll packed by FLY-CODE
>c:\windows\system32\winload.dll - OK

[Scan path] c:\windows\system32\winlogon.exe
c:\windows\system32\winlogon.exe - OK

[Scan path] c:\windows\system32\winmm.dll
c:\windows\system32\winmm.dll - OK

[Scan path] c:\windows\system32\winrnr.dll
c:\windows\system32\winrnr.dll - OK

[Scan path] c:\windows\system32\winscard.dll
c:\windows\system32\winscard.dll - OK

[Scan path] c:\windows\system32\winsec.dll
c:\windows\system32\winsec.dll packed by FLY-CODE
>c:\windows\system32\winsec.dll - OK

[Scan path] c:\windows\system32\winspool.drv
c:\windows\system32\winspool.drv - OK

[Scan path] c:\windows\system32\winsrv.dll
c:\windows\system32\winsrv.dll - OK

[Scan path] c:\windows\system32\winsta.dll
c:\windows\system32\winsta.dll packed by FLY-CODE
>c:\windows\system32\winsta.dll - OK

[Scan path] c:\windows\system32\wintrust.dll
c:\windows\system32\wintrust.dll - OK

[Scan path] c:\windows\system32\wkssvc.dll
c:\windows\system32\wkssvc.dll - OK

[Scan path] c:\windows\system32\wldap32.dll
c:\windows\system32\wldap32.dll - OK

[Scan path] c:\windows\system32\wlnotify.dll
c:\windows\system32\wlnotify.dll - OK

[Scan path] c:\windows\system32\wmpshell.dll
c:\windows\system32\wmpshell.dll - OK

[Scan path] c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2_32.dll - OK

[Scan path] c:\windows\system32\ws2help.dll
c:\windows\system32\ws2help.dll - OK

[Scan path] c:\windows\system32\wscsvc.dll
c:\windows\system32\wscsvc.dll - OK

[Scan path] c:\windows\system32\wshext.dll
c:\windows\system32\wshext.dll - OK

[Scan path] c:\windows\system32\wshisn.dll
c:\windows\system32\wshisn.dll - OK

[Scan path] c:\windows\system32\wshtcpip.dll
c:\windows\system32\wshtcpip.dll - OK

[Scan path] c:\windows\system32\wsock32.dll
c:\windows\system32\wsock32.dll - OK

[Scan path] c:\windows\system32\wtsapi32.dll
c:\windows\system32\wtsapi32.dll - OK

[Scan path] c:\windows\system32\wuaucpl.cpl
c:\windows\system32\wuaucpl.cpl - OK

[Scan path] c:\windows\system32\wuauserv.dll
c:\windows\system32\wuauserv.dll - OK

[Scan path] c:\windows\system32\wzcsvc.dll
c:\windows\system32\wzcsvc.dll - OK

[Scan path] c:\windows\system32\xmlprov.dll
c:\windows\system32\xmlprov.dll - OK

[Scan path] c:\windows\system32\xpsp2res.dll
c:\windows\system32\xpsp2res.dll - OK

[Scan path] c:\windows\system32\xpsshhdr.dll
c:\windows\system32\xpsshhdr.dll - OK

[Scan path] c:\windows\system32\zipfldr.dll
c:\windows\system32\zipfldr.dll - OK

[Scan path] c:\windows\ujudutod.dll
c:\windows\ujudutod.dll packed by FLY-CODE
>c:\windows\ujudutod.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - OK

[Scan path] c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll - OK

[Scan path] d:\autorun.inf
d:\autorun.inf - OK

[Scan path] d:\info.exe
d:\info.exe - OK

[Scan path] d:\protect.ed
d:\protect.ed - archive RTF
>d:\protect.ed/rtf.001 - OK
d:\protect.ed - OK

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 6280
Infected: 0
Modifications: 0
Suspicious: 1
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 607 Kb/s
Scan time: 00:31:04
-----------------------------------------------------------------------------

c:\windows\iakcop.dll - incurable - deleted
Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK
Master Boot Record HDD2 - OK
OS/2 or WinNT Boot Sector HDD2 - OK

[Scan path] C:\
C:\aaw7boot.log - OK
C:\AUTOEXEC.BAT - OK
C:\BOOT.BAK - OK
C:\boot.ini - OK
C:\Check File.wdb - OK
C:\cmldr - OK
C:\CONFIG.SYS - OK
C:\ffastun.ffa - OK
C:\ffastun.ffl - OK
C:\ffastun.ffo - OK
C:\ffastun0.ffx - OK
C:\IO.SYS - OK
C:\MSDOS.SYS - OK
C:\NTDETECT.COM - OK
C:\ntldr - OK
C:\ntuser.dat - OK
C:\ntuser.dat.LOG - OK
C:\WaterCare Inc Registration.wdb - OK
C:\390ed6258a5d8f9736b6\amd64\filterpipelineprintproc.dll - OK
C:\390ed6258a5d8f9736b6\amd64\msxpsdrv.cat - OK
C:\390ed6258a5d8f9736b6\amd64\msxpsdrv.inf - OK
C:\390ed6258a5d8f9736b6\amd64\msxpsinc.gpd - OK
C:\390ed6258a5d8f9736b6\amd64\msxpsinc.ppd - OK
C:\390ed6258a5d8f9736b6\amd64\mxdwdrv.dll - OK
C:\390ed6258a5d8f9736b6\amd64\xpssvcs.dll - OK
C:\390ed6258a5d8f9736b6\i386\filterpipelineprintproc.dll - OK
C:\390ed6258a5d8f9736b6\i386\msxpsdrv.cat - OK
C:\390ed6258a5d8f9736b6\i386\msxpsdrv.inf - OK
C:\390ed6258a5d8f9736b6\i386\msxpsinc.gpd - OK
C:\390ed6258a5d8f9736b6\i386\msxpsinc.ppd - OK
C:\390ed6258a5d8f9736b6\i386\mxdwdrv.dll - OK
C:\390ed6258a5d8f9736b6\i386\xpssvcs.dll - OK
C:\Brother\BrDriver\MfcXP\be2820.dat - OK
C:\Brother\BrDriver\MfcXP\be2920.dat - OK
C:\Brother\BrDriver\MfcXP\be7010.dat - OK
C:\Brother\BrDriver\MfcXP\be7020.dat - OK
C:\Brother\BrDriver\MfcXP\be7025.dat - OK
C:\Brother\BrDriver\MfcXP\be7220.dat - OK
C:\Brother\BrDriver\MfcXP\be7225n.dat - OK
C:\Brother\BrDriver\MfcXP\be7420.dat - OK
C:\Brother\BrDriver\MfcXP\be7820n.dat - OK
C:\Brother\BrDriver\MfcXP\BF2820.DAT - OK
C:\Brother\BrDriver\MfcXP\bf2820.ini - OK
C:\Brother\BrDriver\MfcXP\BF2820.PPD - OK
C:\Brother\BrDriver\MfcXP\BF2920.DAT - OK
C:\Brother\BrDriver\MfcXP\bf2920.ini - OK
C:\Brother\BrDriver\MfcXP\BF2920.PPD - OK
C:\Brother\BrDriver\MfcXP\BM7220.DAT - OK
C:\Brother\BrDriver\MfcXP\bm7220.ini - OK
C:\Brother\BrDriver\MfcXP\BM7220.PPD - OK
C:\Brother\BrDriver\MfcXP\BM7225N.DAT - OK
C:\Brother\BrDriver\MfcXP\bm7225n.ini - OK
C:\Brother\BrDriver\MfcXP\BM7225N.PPD - OK
C:\Brother\BrDriver\MfcXP\BM7420.DAT - OK
C:\Brother\BrDriver\MfcXP\bm7420.ini - OK
C:\Brother\BrDriver\MfcXP\BM7420.PPD - OK
C:\Brother\BrDriver\MfcXP\BM7820N.DAT - OK
C:\Brother\BrDriver\MfcXP\bm7820n.ini - OK
C:\Brother\BrDriver\MfcXP\BM7820N.PPD - OK
C:\Brother\BrDriver\MfcXP\BP7010.DAT - OK
C:\Brother\BrDriver\MfcXP\bp7010.ini - OK
C:\Brother\BrDriver\MfcXP\BP7010.PPD - OK
C:\Brother\BrDriver\MfcXP\BP7020.DAT - OK
C:\Brother\BrDriver\MfcXP\bp7020.ini - OK
C:\Brother\BrDriver\MfcXP\BP7020.PPD - OK
C:\Brother\BrDriver\MfcXP\BP7025.DAT - OK
C:\Brother\BrDriver\MfcXP\bp7025.ini - OK
C:\Brother\BrDriver\MfcXP\BP7025.PPD - OK
C:\Brother\BrDriver\MfcXP\brb7104b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7204b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7304b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7404b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7504b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7604b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7704b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7804b.dll - OK
C:\Brother\BrDriver\MfcXP\brb7904b.dll - OK
C:\Brother\BrDriver\MfcXP\BrBidiIf.dll - OK
C:\Brother\BrDriver\MfcXP\brcinsv2.dll - OK
C:\Brother\BrDriver\MfcXP\Brcolm32.dll - OK
C:\Brother\BrDriver\MfcXP\BrEvIF.dll - OK
C:\Brother\BrDriver\MfcXP\brimall3.cat - OK
C:\Brother\BrDriver\MfcXP\brimall3.inf - OK
C:\Brother\BrDriver\MfcXP\brlmf04b.dll - OK
C:\Brother\BrDriver\MfcXP\Brmd04.exe - OK
C:\Brother\BrDriver\MfcXP\brmfall3.cat - OK
C:\Brother\BrDriver\MfcXP\brmfall3.inf - OK
C:\Brother\BrDriver\MfcXP\BrmfBAgP.exe - OK
C:\Brother\BrDriver\MfcXP\BrmfBAgP.ini - OK
C:\Brother\BrDriver\MfcXP\BrmfBAgS.exe - OK
C:\Brother\BrDriver\MfcXP\BrmfBAgS.ini - OK
C:\Brother\BrDriver\MfcXP\BrmfBidi.dll - OK
C:\Brother\BrDriver\MfcXP\BrmfBiPP.dat - OK
C:\Brother\BrDriver\MfcXP\BrmfBiPP.dll - OK
C:\Brother\BrDriver\MfcXP\BrmfLpt.dll - OK
C:\Brother\BrDriver\MfcXP\brmfpmbd.dll - OK
C:\Brother\BrDriver\MfcXP\BrmfRsmg.exe - OK
C:\Brother\BrDriver\MfcXP\BrmfUSB.dll - OK
C:\Brother\BrDriver\MfcXP\brms104b.dll - OK
C:\Brother\BrDriver\MfcXP\Brms104b.exe - OK
C:\Brother\BrDriver\MfcXP\BRMS204B.DLL - OK
C:\Brother\BrDriver\MfcXP\Brms204b.exe - OK
C:\Brother\BrDriver\MfcXP\BRMS304B.DLL - OK
C:\Brother\BrDriver\MfcXP\Brms304b.exe - OK
C:\Brother\BrDriver\MfcXP\brms404b.dll - OK
C:\Brother\BrDriver\MfcXP\Brms404b.exe - OK
C:\Brother\BrDriver\MfcXP\brms504b.dll - OK
C:\Brother\BrDriver\MfcXP\Brms504b.exe - OK
C:\Brother\BrDriver\MfcXP\brms604b.dll - OK
C:\Brother\BrDriver\MfcXP\Brms604b.exe - OK
C:\Brother\BrDriver\MfcXP\brmsl08f.cm - OK
C:\Brother\BrDriver\MfcXP\BRMSL08F.ICM - OK
C:\Brother\BrDriver\MfcXP\BROMF04B.dll - OK
C:\Brother\BrDriver\MfcXP\bromf04b.hlp - OK
C:\Brother\BrDriver\MfcXP\brpoall3.cat - OK
C:\Brother\BrDriver\MfcXP\brpoall3.inf - OK
C:\Brother\BrDriver\MfcXP\brprall3.cat - OK
C:\Brother\BrDriver\MfcXP\brprall3.inf - OK
C:\Brother\BrDriver\MfcXP\BRQIKMON.EXE - OK
C:\Brother\BrDriver\MfcXP\BRQIKMON.HLP - OK
C:\Brother\BrDriver\MfcXP\BrRSi04b.dll - OK
C:\Brother\BrDriver\MfcXP\BrS04Chn.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Cze.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Dan.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Dut.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Eng.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Fre.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Ger.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Hun.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Ita.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Jpn.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Nor.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Pol.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Por.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Rus.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Spa.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Swe.hlp - OK
C:\Brother\BrDriver\MfcXP\BrS04Usa.hlp - OK
C:\Brother\BrDriver\MfcXP\BrScnDev.dll - OK
C:\Brother\BrDriver\MfcXP\BrScnRsm.dll - OK
C:\Brother\BrDriver\MfcXP\BrScnUsb.sys - OK
C:\Brother\BrDriver\MfcXP\BrSerIf.dll - OK
C:\Brother\BrDriver\MfcXP\brserif.sys - OK

#5 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 16 December 2009 - 07:33 PM

C:\Brother\BrDriver\MfcXP\BrSerWdm.sys - OK
C:\Brother\BrDriver\MfcXP\BrStiIf.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdChn.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdCze.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdDan.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdDut.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdEng.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdFe.ds - OK
C:\Brother\BrDriver\MfcXP\BrTwdFre.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdGer.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdHun.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdIta.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdJpn.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdNor.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdPol.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdPor.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdRus.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwds.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdScn.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdSpa.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdsUi.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdSwe.dll - OK
C:\Brother\BrDriver\MfcXP\BrTwdUsa.dll - OK
C:\Brother\BrDriver\MfcXP\BRUMF04B.dll - OK
C:\Brother\BrDriver\MfcXP\BrUsbSer.sys - OK
C:\Brother\BrDriver\MfcXP\BrUSi04b.dll - OK
C:\Brother\BrDriver\MfcXP\BrWia04b.dll - OK
C:\Brother\BrDriver\MfcXP\bw2820.ini - OK
C:\Brother\BrDriver\MfcXP\bw2920.ini - OK
C:\Brother\BrDriver\MfcXP\bw7010.ini - OK
C:\Brother\BrDriver\MfcXP\bw7020.ini - OK
C:\Brother\BrDriver\MfcXP\bw7025.ini - OK
C:\Brother\BrDriver\MfcXP\bw7220.ini - OK
C:\Brother\BrDriver\MfcXP\bw7225n.ini - OK
C:\Brother\BrDriver\MfcXP\bw7420.ini - OK
C:\Brother\BrDriver\MfcXP\bw7820n.ini - OK
C:\Brother\BrDriver\MfcXP\MF7820N.INI - OK
C:\Brother\BrDriver\MfcXP\MF7820P.INI - OK
C:\Brother\BrDriver\MfcXP\MF7820U.INI - OK
C:\Brother\BrDriver\MfcXP\RSMGRSTR.dll - OK
C:\Brother\BrDriver\MfcXP\TWMF7820N.INI - OK
C:\Brother\BrDriver\MfcXP\TWMF7820P.INI - OK
C:\Brother\BrDriver\MfcXP\TWMF7820U.INI - OK
C:\cmdcons\1394bus.sy_ - archive CAB
>C:\cmdcons\1394bus.sy_/1394bus.sys - OK
C:\cmdcons\1394bus.sy_ - OK
C:\cmdcons\abp480n5.sy_ - archive CAB
>C:\cmdcons\abp480n5.sy_/abp480n5.sys - OK
C:\cmdcons\abp480n5.sy_ - OK
C:\cmdcons\acpi.sy_ - archive CAB
>C:\cmdcons\acpi.sy_/acpi.sys - OK
C:\cmdcons\acpi.sy_ - OK
C:\cmdcons\acpiec.sy_ - archive CAB
>C:\cmdcons\acpiec.sy_/acpiec.sys - OK
C:\cmdcons\acpiec.sy_ - OK
C:\cmdcons\adpu160m.sy_ - archive CAB
>C:\cmdcons\adpu160m.sy_/adpu160m.sys - OK
C:\cmdcons\adpu160m.sy_ - OK
C:\cmdcons\aha154x.sy_ - archive CAB
>C:\cmdcons\aha154x.sy_/aha154x.sys - OK
C:\cmdcons\aha154x.sy_ - OK
C:\cmdcons\aic78u2.sy_ - archive CAB
>C:\cmdcons\aic78u2.sy_/aic78u2.sys - OK
C:\cmdcons\aic78u2.sy_ - OK
C:\cmdcons\aic78xx.sy_ - archive CAB
>C:\cmdcons\aic78xx.sy_/aic78xx.sys - OK
C:\cmdcons\aic78xx.sy_ - OK
C:\cmdcons\aliide.sy_ - archive CAB
>C:\cmdcons\aliide.sy_/aliide.sys - OK
C:\cmdcons\aliide.sy_ - OK
C:\cmdcons\amsint.sy_ - archive CAB
>C:\cmdcons\amsint.sy_/amsint.sys - OK
C:\cmdcons\amsint.sy_ - OK
C:\cmdcons\asc.sy_ - archive CAB
>C:\cmdcons\asc.sy_/asc.sys - OK
C:\cmdcons\asc.sy_ - OK
C:\cmdcons\asc3350p.sy_ - archive CAB
>C:\cmdcons\asc3350p.sy_/asc3350p.sys - OK
C:\cmdcons\asc3350p.sy_ - OK
C:\cmdcons\asc3550.sy_ - archive CAB
>C:\cmdcons\asc3550.sy_/asc3550.sys - OK
C:\cmdcons\asc3550.sy_ - OK
C:\cmdcons\atapi.sy_ - archive CAB
>C:\cmdcons\atapi.sy_/atapi.sys - OK
C:\cmdcons\atapi.sy_ - OK
C:\cmdcons\autochk.exe - OK
C:\cmdcons\autofmt.exe - OK
C:\cmdcons\biosinfo.inf - OK
C:\cmdcons\BOOTSECT.DAT - OK
C:\cmdcons\bootvid.dl_ - archive CAB
>C:\cmdcons\bootvid.dl_/bootvid.dll - OK
C:\cmdcons\bootvid.dl_ - OK
C:\cmdcons\cbidf2k.sy_ - archive CAB
>C:\cmdcons\cbidf2k.sy_/cbidf2k.sys - OK
C:\cmdcons\cbidf2k.sy_ - OK
C:\cmdcons\cd20xrnt.sy_ - archive CAB
>C:\cmdcons\cd20xrnt.sy_/cd20xrnt.sys - OK
C:\cmdcons\cd20xrnt.sy_ - OK
C:\cmdcons\cdfs.sy_ - archive CAB
>C:\cmdcons\cdfs.sy_/cdfs.sys - OK
C:\cmdcons\cdfs.sy_ - OK
C:\cmdcons\cdrom.sy_ - archive CAB
>C:\cmdcons\cdrom.sy_/cdrom.sys - OK
C:\cmdcons\cdrom.sy_ - OK
C:\cmdcons\classpnp.sy_ - archive CAB
>C:\cmdcons\classpnp.sy_/classpnp.sys - OK
C:\cmdcons\classpnp.sy_ - OK
C:\cmdcons\cmdide.sy_ - archive CAB
>C:\cmdcons\cmdide.sy_/cmdide.sys - OK
C:\cmdcons\cmdide.sy_ - OK
C:\cmdcons\cpqarray.sy_ - archive CAB
>C:\cmdcons\cpqarray.sy_/cpqarray.sys - OK
C:\cmdcons\cpqarray.sy_ - OK
C:\cmdcons\c_1252.nl_ - archive CAB
>C:\cmdcons\c_1252.nl_/c_1252.nls - OK
C:\cmdcons\c_1252.nl_ - OK
C:\cmdcons\c_437.nl_ - archive CAB
>C:\cmdcons\c_437.nl_/c_437.nls - OK
C:\cmdcons\c_437.nl_ - OK
C:\cmdcons\dac2w2k.sy_ - archive CAB
>C:\cmdcons\dac2w2k.sy_/dac2w2k.sys - OK
C:\cmdcons\dac2w2k.sy_ - OK
C:\cmdcons\dac960nt.sy_ - archive CAB
>C:\cmdcons\dac960nt.sy_/dac960nt.sys - OK
C:\cmdcons\dac960nt.sy_ - OK
C:\cmdcons\disk.sy_ - archive CAB
>C:\cmdcons\disk.sy_/disk.sys - OK
C:\cmdcons\disk.sy_ - OK
C:\cmdcons\disk101 - OK
C:\cmdcons\disk102 - OK
C:\cmdcons\disk103 - OK
C:\cmdcons\disk104 - OK
C:\cmdcons\dmboot.sy_ - archive CAB
>C:\cmdcons\dmboot.sy_/dmboot.sys - OK
C:\cmdcons\dmboot.sy_ - OK
C:\cmdcons\dmio.sy_ - archive CAB
>C:\cmdcons\dmio.sy_/dmio.sys - OK
C:\cmdcons\dmio.sy_ - OK
C:\cmdcons\dmload.sy_ - archive CAB
>C:\cmdcons\dmload.sy_/dmload.sys - OK
C:\cmdcons\dmload.sy_ - OK
C:\cmdcons\dpti2o.sy_ - archive CAB
>C:\cmdcons\dpti2o.sy_/dpti2o.sys - OK
C:\cmdcons\dpti2o.sy_ - OK
C:\cmdcons\drvmain.sdb - OK
C:\cmdcons\fastfat.sy_ - archive CAB
>C:\cmdcons\fastfat.sy_/fastfat.sys - OK
C:\cmdcons\fastfat.sy_ - OK
C:\cmdcons\fdc.sy_ - archive CAB
>C:\cmdcons\fdc.sy_/fdc.sys - OK
C:\cmdcons\fdc.sy_ - OK
C:\cmdcons\flpydisk.sy_ - archive CAB
>C:\cmdcons\flpydisk.sy_/flpydisk.sys - OK
C:\cmdcons\flpydisk.sy_ - OK
C:\cmdcons\ftdisk.sy_ - archive CAB
>C:\cmdcons\ftdisk.sy_/ftdisk.sys - OK
C:\cmdcons\ftdisk.sy_ - OK
C:\cmdcons\hal.dl_ - archive CAB
>C:\cmdcons\hal.dl_/hal.dll - OK
C:\cmdcons\hal.dl_ - OK
C:\cmdcons\halaacpi.dl_ - archive CAB
>C:\cmdcons\halaacpi.dl_/halaacpi.dll - OK
C:\cmdcons\halaacpi.dl_ - OK
C:\cmdcons\halacpi.dl_ - archive CAB
>C:\cmdcons\halacpi.dl_/halacpi.dll - OK
C:\cmdcons\halacpi.dl_ - OK
C:\cmdcons\halapic.dl_ - archive CAB
>C:\cmdcons\halapic.dl_/halapic.dll - OK
C:\cmdcons\halapic.dl_ - OK
C:\cmdcons\hidclass.sy_ - archive CAB
>C:\cmdcons\hidclass.sy_/hidclass.sys - OK
C:\cmdcons\hidclass.sy_ - OK
C:\cmdcons\hidparse.sy_ - archive CAB
>C:\cmdcons\hidparse.sy_/hidparse.sys - OK
C:\cmdcons\hidparse.sy_ - OK
C:\cmdcons\hidusb.sy_ - archive CAB
>C:\cmdcons\hidusb.sy_/hidusb.sys - OK
C:\cmdcons\hidusb.sy_ - OK
C:\cmdcons\hpn.sy_ - archive CAB
>C:\cmdcons\hpn.sy_/hpn.sys - OK
C:\cmdcons\hpn.sy_ - OK
C:\cmdcons\i2omgmt.sy_ - archive CAB
>C:\cmdcons\i2omgmt.sy_/i2omgmt.sys - OK
C:\cmdcons\i2omgmt.sy_ - OK
C:\cmdcons\i2omp.sy_ - archive CAB
>C:\cmdcons\i2omp.sy_/i2omp.sys - OK
C:\cmdcons\i2omp.sy_ - OK
C:\cmdcons\i8042prt.sy_ - archive CAB
>C:\cmdcons\i8042prt.sy_/i8042prt.sys - OK
C:\cmdcons\i8042prt.sy_ - OK
C:\cmdcons\ini910u.sy_ - archive CAB
>C:\cmdcons\ini910u.sy_/ini910u.sys - OK
C:\cmdcons\ini910u.sy_ - OK
C:\cmdcons\intelide.sy_ - archive CAB
>C:\cmdcons\intelide.sy_/intelide.sys - OK
C:\cmdcons\intelide.sy_ - OK
C:\cmdcons\isapnp.sy_ - archive CAB
>C:\cmdcons\isapnp.sy_/isapnp.sys - OK
C:\cmdcons\isapnp.sy_ - OK
C:\cmdcons\KBDAL.DLL - OK
C:\cmdcons\KBDBE.DLL - OK
C:\cmdcons\KBDBLR.DLL - OK
C:\cmdcons\KBDBR.DLL - OK
C:\cmdcons\KBDBU.DLL - OK
C:\cmdcons\KBDCA.DLL - OK
C:\cmdcons\kbdclass.sy_ - archive CAB
>C:\cmdcons\kbdclass.sy_/kbdclass.sys - OK
C:\cmdcons\kbdclass.sy_ - OK
C:\cmdcons\KBDCR.DLL - OK
C:\cmdcons\KBDCZ.DLL - OK
C:\cmdcons\KBDCZ1.DLL - OK
C:\cmdcons\KBDDA.DLL - OK
C:\cmdcons\KBDDV.DLL - OK
C:\cmdcons\KBDES.DLL - OK
C:\cmdcons\KBDEST.DLL - OK
C:\cmdcons\KBDFC.DLL - OK
C:\cmdcons\KBDFI.DLL - OK
C:\cmdcons\KBDFR.DLL - OK
C:\cmdcons\KBDGKL.DLL - OK
C:\cmdcons\KBDGR.DLL - OK
C:\cmdcons\KBDGR1.DLL - OK
C:\cmdcons\KBDHE.DLL - OK
C:\cmdcons\KBDHE220.DLL - OK
C:\cmdcons\KBDHE319.DLL - OK
C:\cmdcons\KBDHELA2.DLL - OK
C:\cmdcons\KBDHELA3.DLL - OK
C:\cmdcons\kbdhid.sy_ - archive CAB
>C:\cmdcons\kbdhid.sy_/kbdhid.sys - OK
C:\cmdcons\kbdhid.sy_ - OK
C:\cmdcons\KBDHU.DLL - OK
C:\cmdcons\KBDHU1.DLL - OK
C:\cmdcons\KBDIC.DLL - OK
C:\cmdcons\KBDIR.DLL - OK
C:\cmdcons\KBDIT.DLL - OK
C:\cmdcons\KBDIT142.DLL - OK
C:\cmdcons\KBDLA.DLL - OK
C:\cmdcons\KBDLT.DLL - OK
C:\cmdcons\KBDLV.DLL - OK
C:\cmdcons\KBDLV1.DLL - OK
C:\cmdcons\KBDNE.DLL - OK
C:\cmdcons\KBDNO.DLL - OK
C:\cmdcons\KBDPL.DLL - OK
C:\cmdcons\KBDPL1.DLL - OK
C:\cmdcons\KBDPO.DLL - OK
C:\cmdcons\KBDRO.DLL - OK
C:\cmdcons\KBDRU.DLL - OK
C:\cmdcons\KBDRU1.DLL - OK
C:\cmdcons\KBDSF.DLL - OK
C:\cmdcons\KBDSG.DLL - OK
C:\cmdcons\KBDSL.DLL - OK
C:\cmdcons\KBDSL1.DLL - OK
C:\cmdcons\KBDSP.DLL - OK
C:\cmdcons\KBDSW.DLL - OK
C:\cmdcons\KBDTUF.DLL - OK
C:\cmdcons\KBDTUQ.DLL - OK
C:\cmdcons\KBDUK.DLL - OK
C:\cmdcons\KBDUR.DLL - OK
C:\cmdcons\kbdus.dll - OK
C:\cmdcons\KBDUSL.DLL - OK
C:\cmdcons\KBDUSR.DLL - OK
C:\cmdcons\KBDUSX.DLL - OK
C:\cmdcons\KBDYCC.DLL - OK
C:\cmdcons\KBDYCL.DLL - OK
C:\cmdcons\kd1394.dl_ - archive CAB
>C:\cmdcons\kd1394.dl_/kd1394.dll - OK
C:\cmdcons\kd1394.dl_ - OK
C:\cmdcons\kdcom.dl_ - archive CAB
>C:\cmdcons\kdcom.dl_/kdcom.dll - OK
C:\cmdcons\kdcom.dl_ - OK
C:\cmdcons\ksecdd.sys - OK
C:\cmdcons\lbrtfdc.sy_ - archive CAB
>C:\cmdcons\lbrtfdc.sy_/lbrtfdc.sys - OK
C:\cmdcons\lbrtfdc.sy_ - OK
C:\cmdcons\l_intl.nl_ - archive CAB
>C:\cmdcons\l_intl.nl_/l_intl.nls - OK
C:\cmdcons\l_intl.nl_ - OK
C:\cmdcons\migrate.inf - OK
C:\cmdcons\mountmgr.sy_ - archive CAB
>C:\cmdcons\mountmgr.sy_/mountmgr.sys - OK
C:\cmdcons\mountmgr.sy_ - OK
C:\cmdcons\mraid35x.sy_ - archive CAB
>C:\cmdcons\mraid35x.sy_/mraid35x.sys - OK
C:\cmdcons\mraid35x.sy_ - OK
C:\cmdcons\ntdetect.com - OK
C:\cmdcons\ntfs.sys - OK
C:\cmdcons\ntkrnlmp.ex_ - archive CAB
>C:\cmdcons\ntkrnlmp.ex_/ntkrnlmp.exe - OK
C:\cmdcons\ntkrnlmp.ex_ - OK
C:\cmdcons\ohci1394.sy_ - archive CAB
>C:\cmdcons\ohci1394.sy_/ohci1394.sys - OK
C:\cmdcons\ohci1394.sy_ - OK
C:\cmdcons\oprghdlr.sy_ - archive CAB
>C:\cmdcons\oprghdlr.sy_/oprghdlr.sys - OK
C:\cmdcons\oprghdlr.sy_ - OK
C:\cmdcons\partmgr.sy_ - archive CAB
>C:\cmdcons\partmgr.sy_/partmgr.sys - OK
C:\cmdcons\partmgr.sy_ - OK
C:\cmdcons\pci.sy_ - archive CAB
>C:\cmdcons\pci.sy_/pci.sys - OK
C:\cmdcons\pci.sy_ - OK
C:\cmdcons\pciide.sy_ - archive CAB
>C:\cmdcons\pciide.sy_/pciide.sys - OK
C:\cmdcons\pciide.sy_ - OK
C:\cmdcons\pciidex.sy_ - archive CAB
>C:\cmdcons\pciidex.sy_/pciidex.sys - OK
C:\cmdcons\pciidex.sy_ - OK
C:\cmdcons\pcmcia.sy_ - archive CAB
>C:\cmdcons\pcmcia.sy_/pcmcia.sys - OK
C:\cmdcons\pcmcia.sy_ - OK
C:\cmdcons\perc2.sy_ - archive CAB
>C:\cmdcons\perc2.sy_/perc2.sys - OK
C:\cmdcons\perc2.sy_ - OK
C:\cmdcons\perc2hib.sy_ - archive CAB
>C:\cmdcons\perc2hib.sy_/perc2hib.sys - OK
C:\cmdcons\perc2hib.sy_ - OK
C:\cmdcons\ql1080.sy_ - archive CAB
>C:\cmdcons\ql1080.sy_/ql1080.sys - OK
C:\cmdcons\ql1080.sy_ - OK
C:\cmdcons\ql10wnt.sy_ - archive CAB
>C:\cmdcons\ql10wnt.sy_/ql10wnt.sys - OK
C:\cmdcons\ql10wnt.sy_ - OK
C:\cmdcons\ql12160.sy_ - archive CAB
>C:\cmdcons\ql12160.sy_/ql12160.sys - OK
C:\cmdcons\ql12160.sy_ - OK
C:\cmdcons\ql1240.sy_ - archive CAB
>C:\cmdcons\ql1240.sy_/ql1240.sys - OK
C:\cmdcons\ql1240.sy_ - OK
C:\cmdcons\ql1280.sy_ - archive CAB
>C:\cmdcons\ql1280.sy_/ql1280.sys - OK
C:\cmdcons\ql1280.sy_ - OK
C:\cmdcons\ramdisk.sy_ - archive CAB
>C:\cmdcons\ramdisk.sy_/ramdisk.sys - OK
C:\cmdcons\ramdisk.sy_ - OK
C:\cmdcons\sbp2port.sy_ - archive CAB
>C:\cmdcons\sbp2port.sy_/sbp2port.sys - OK
C:\cmdcons\sbp2port.sy_ - OK
C:\cmdcons\scsiport.sy_ - archive CAB
>C:\cmdcons\scsiport.sy_/scsiport.sys - OK
C:\cmdcons\scsiport.sy_ - OK
C:\cmdcons\serenum.sy_ - archive CAB
>C:\cmdcons\serenum.sy_/serenum.sys - OK
C:\cmdcons\serenum.sy_ - OK
C:\cmdcons\serial.sy_ - archive CAB
>C:\cmdcons\serial.sy_/serial.sys - OK
C:\cmdcons\serial.sy_ - OK
C:\cmdcons\setupdd.sy_ - archive CAB
>C:\cmdcons\setupdd.sy_/setupdd.sys - OK
C:\cmdcons\setupdd.sy_ - OK
C:\cmdcons\setupldr.bin - OK
C:\cmdcons\setupreg.hiv - OK
C:\cmdcons\sfloppy.sy_ - archive CAB
>C:\cmdcons\sfloppy.sy_/sfloppy.sys - OK
C:\cmdcons\sfloppy.sy_ - OK
C:\cmdcons\sparrow.sy_ - archive CAB
>C:\cmdcons\sparrow.sy_/sparrow.sys - OK
C:\cmdcons\sparrow.sy_ - OK
C:\cmdcons\spcmdcon.sys - OK
C:\cmdcons\spddlang.sy_ - archive CAB
>C:\cmdcons\spddlang.sy_/spddlang.sys - OK
C:\cmdcons\spddlang.sy_ - OK
C:\cmdcons\symc810.sy_ - archive CAB
>C:\cmdcons\symc810.sy_/symc810.sys - OK
C:\cmdcons\symc810.sy_ - OK
C:\cmdcons\symc8xx.sy_ - archive CAB
>C:\cmdcons\symc8xx.sy_/symc8xx.sys - OK
C:\cmdcons\symc8xx.sy_ - OK
C:\cmdcons\sym_hi.sy_ - archive CAB
>C:\cmdcons\sym_hi.sy_/sym_hi.sys - OK
C:\cmdcons\sym_hi.sy_ - OK
C:\cmdcons\sym_u3.sy_ - archive CAB
>C:\cmdcons\sym_u3.sy_/sym_u3.sys - OK
C:\cmdcons\sym_u3.sy_ - OK
C:\cmdcons\tffsport.sy_ - archive CAB
>C:\cmdcons\tffsport.sy_/tffsport.sys - OK
C:\cmdcons\tffsport.sy_ - OK
C:\cmdcons\toside.sy_ - archive CAB
>C:\cmdcons\toside.sy_/toside.sys - OK
C:\cmdcons\toside.sy_ - OK
C:\cmdcons\txtsetup.sif - OK
C:\cmdcons\ultra.sy_ - archive CAB
>C:\cmdcons\ultra.sy_/ultra.sys - OK
C:\cmdcons\ultra.sy_ - OK
C:\cmdcons\usbccgp.sy_ - archive CAB
>C:\cmdcons\usbccgp.sy_/usbccgp.sys - OK
C:\cmdcons\usbccgp.sy_ - OK
C:\cmdcons\usbd.sy_ - archive CAB
>C:\cmdcons\usbd.sy_/usbd.sys - OK
C:\cmdcons\usbd.sy_ - OK
C:\cmdcons\usbehci.sy_ - archive CAB
>C:\cmdcons\usbehci.sy_/usbehci.sys - OK
C:\cmdcons\usbehci.sy_ - OK
C:\cmdcons\usbhub.sy_ - archive CAB
>C:\cmdcons\usbhub.sy_/usbhub.sys - OK
C:\cmdcons\usbhub.sy_ - OK
C:\cmdcons\usbohci.sy_ - archive CAB
>C:\cmdcons\usbohci.sy_/usbohci.sys - OK
C:\cmdcons\usbohci.sy_ - OK
C:\cmdcons\usbport.sy_ - archive CAB
>C:\cmdcons\usbport.sy_/usbport.sys - OK
C:\cmdcons\usbport.sy_ - OK
C:\cmdcons\usbstor.sy_ - archive CAB
>C:\cmdcons\usbstor.sy_/usbstor.sys - OK
C:\cmdcons\usbstor.sy_ - OK
C:\cmdcons\usbuhci.sy_ - archive CAB
>C:\cmdcons\usbuhci.sy_/usbuhci.sys - OK
C:\cmdcons\usbuhci.sy_ - OK
C:\cmdcons\vga.sy_ - archive CAB
>C:\cmdcons\vga.sy_/vga.sys - OK
C:\cmdcons\vga.sy_ - OK
C:\cmdcons\vgaoem.fo_ - archive CAB
>C:\cmdcons\vgaoem.fo_/vgaoem.fon - OK
C:\cmdcons\vgaoem.fo_ - OK
C:\cmdcons\viaide.sy_ - archive CAB
>C:\cmdcons\viaide.sy_/viaide.sys - OK
C:\cmdcons\viaide.sy_ - OK
C:\cmdcons\videoprt.sy_ - archive CAB
>C:\cmdcons\videoprt.sy_/videoprt.sys - OK
C:\cmdcons\videoprt.sy_ - OK
C:\cmdcons\winnt.sif - OK
C:\cmdcons\wmilib.sy_ - archive CAB
>C:\cmdcons\wmilib.sy_/wmilib.sys - OK
C:\cmdcons\wmilib.sy_ - OK
C:\cmdcons\system32\ntdll.dll - OK
C:\cmdcons\system32\smss.exe - OK
C:\Config.Msi\PT72F.tmp - OK
C:\Config.Msi\PT738.tmp - OK
C:\DEAWIN3\ACROCORE.DLL - OK
C:\DEAWIN3\Acrograf.dll - OK
C:\DEAWIN3\Acropfs.dll - OK
C:\DEAWIN3\Acroread.exe - OK
C:\DEAWIN3\Acroread.reg - OK
C:\DEAWIN3\Apv4ol.pdf - archive PDF
C:\DEAWIN3\Apv4ol.pdf - OK
C:\DEAWIN3\BWCC32.DLL - OK
C:\DEAWIN3\CCTOOL.dll - OK
C:\DEAWIN3\CLASSLIB.dll - OK
C:\DEAWIN3\CLAYOUT.dll - OK
C:\DEAWIN3\CODE.DTX - OK
C:\DEAWIN3\COMLIB.dll - OK
C:\DEAWIN3\COMPANY - OK
C:\DEAWIN3\DACCARD.HLP - OK
C:\DEAWIN3\DACCARD.RTF - OK
C:\DEAWIN3\dacforms.bmp - OK
C:\DEAWIN3\DACFORMS.EXE - OK
C:\DEAWIN3\DACPAY.HLP - OK
C:\DEAWIN3\DACPAY.RTF - OK
C:\DEAWIN3\DEA30HLP.GID - OK
C:\DEAWIN3\DEAWIN.BMP - OK
C:\DEAWIN3\DEISL1.ISU - OK
C:\DEAWIN3\DEPT.DTX - OK
C:\DEAWIN3\DETECHSU.exe - OK
C:\DEAWIN3\DETHK16.DLL - OK
C:\DEAWIN3\DETHK32.DLL - OK
C:\DEAWIN3\DTBL32.DLL - OK
C:\DEAWIN3\EB.HLP - OK
C:\DEAWIN3\ECDDLL32.DLL - OK
C:\DEAWIN3\ECHECK.EXE - OK
C:\DEAWIN3\EMPLOYEE.DTX - OK
C:\DEAWIN3\HISTORY.DTX - OK
C:\DEAWIN3\INSTPAY.EXE - OK
C:\DEAWIN3\INSTPAY.TAX - OK
C:\DEAWIN3\INSTPAY.TXX - OK
C:\DEAWIN3\laydes.exe - OK
C:\DEAWIN3\LAYDES.FTS - OK
C:\DEAWIN3\LAYDES.GID - OK
C:\DEAWIN3\LAYOUT.HLP - OK
C:\DEAWIN3\LEN QUICK FORM.SLY - OK
C:\DEAWIN3\MAIN.GID - OK
C:\DEAWIN3\MAIN.HLP - OK
C:\DEAWIN3\MFC30D.DLL - OK
C:\DEAWIN3\MSVCRT20.DLL - OK
C:\DEAWIN3\NOTE.DTX - OK
C:\DEAWIN3\OLEAUT32.DLL - OK
C:\DEAWIN3\PAY3D01.DLL - OK
C:\DEAWIN3\PAYCHECK.DTX - OK
C:\DEAWIN3\PAYHELP.GID - OK
C:\DEAWIN3\PAYHELP.HLP - OK
C:\DEAWIN3\PAYROLL.LCK - OK
C:\DEAWIN3\PPRDINV.SLY - OK
C:\DEAWIN3\PPRDINVQP.SLY - OK
C:\DEAWIN3\PRDINVQP..SL.SLY - OK
C:\DEAWIN3\PRDINVQP.SLY - OK
C:\DEAWIN3\pricelst.btr - OK
C:\DEAWIN3\PTAU.EXE - OK
C:\DEAWIN3\QBAU.EXE - OK
C:\DEAWIN3\QUICKINV.SLY - OK
C:\DEAWIN3\RDMWIN32.DLL - OK
C:\DEAWIN3\REGADLL.DLL - OK
C:\DEAWIN3\ROLODEX.LST - OK
C:\DEAWIN3\RTFDOC.RTF - OK
C:\DEAWIN3\rtfhelp.dll - OK
C:\DEAWIN3\sage3d02.dll - OK
C:\DEAWIN3\SFW3.exe - OK
C:\DEAWIN3\SFW3BANK.dll - OK
C:\DEAWIN3\SFW3BMP.dll - OK
C:\DEAWIN3\SFW3CASH.dll - OK
C:\DEAWIN3\SFW3DE.dll - OK
C:\DEAWIN3\SFW3DE01.dll - OK
C:\DEAWIN3\SFW3DOC.dll - OK
C:\DEAWIN3\SFW3FIN.dll - OK
C:\DEAWIN3\SFW3FL01.dll - OK
C:\DEAWIN3\sfw3gr01.dll - OK
C:\DEAWIN3\SFW3HP01.dll - OK
C:\DEAWIN3\SFW3IM01.dll - OK
C:\DEAWIN3\SFW3INV.dll - OK
C:\DEAWIN3\SFW3IV01.dll - OK
C:\DEAWIN3\SFW3LG01.dll - OK
C:\DEAWIN3\SFW3ND01.dll - OK
C:\DEAWIN3\SFW3NOM.dll - OK
C:\DEAWIN3\SFW3POP.dll - OK
C:\DEAWIN3\SFW3PS01.dll - OK
C:\DEAWIN3\SFW3PUR.dll - OK
C:\DEAWIN3\SFW3REP.dll - OK
C:\DEAWIN3\SFW3SAL.dll - OK
C:\DEAWIN3\SFW3SK01.dll - OK
C:\DEAWIN3\SFW3SOP.dll - OK
C:\DEAWIN3\SFW3STK.dll - OK
C:\DEAWIN3\SFW3SV01.dll - OK
C:\DEAWIN3\SFW3TEXT.dll - OK
C:\DEAWIN3\SFW3UT01.dll - OK
C:\DEAWIN3\sggrid01.dll - OK
C:\DEAWIN3\SHORTC~1.LNK - OK
C:\DEAWIN3\SHORTC~2.LNK - OK
C:\DEAWIN3\SMALL STATEMENT STATBK.SLY - OK
C:\DEAWIN3\STATBK.SLY - OK
C:\DEAWIN3\STATBK.STM - OK
C:\DEAWIN3\TAL16THK.DLL - OK
C:\DEAWIN3\TAL32THK.DLL - OK
C:\DEAWIN3\TEMP.BDT - OK
C:\DEAWIN3\Thumbs.db - OK
C:\DEAWIN3\Thumbs.db:encryptable - OK
C:\DEAWIN3\TRANHIST.DTX - OK
C:\DEAWIN3\TRANSACT.DTX - OK
C:\DEAWIN3\Uninst.isu - OK
C:\DEAWIN3\UPGRADV2.EXE - OK
C:\DEAWIN3\VCWIN32S.DLL - OK
C:\DEAWIN3\Viewlib.dll - OK
C:\DEAWIN3\ACCDATA\1.COA - OK
C:\DEAWIN3\ACCDATA\1.SRV - OK
C:\DEAWIN3\ACCDATA\10.SRV - OK
C:\DEAWIN3\ACCDATA\11.SRV - OK
C:\DEAWIN3\ACCDATA\12.SRV - OK
C:\DEAWIN3\ACCDATA\13.SRV - OK
C:\DEAWIN3\ACCDATA\14.SRV - OK
C:\DEAWIN3\ACCDATA\15.SRV - OK
C:\DEAWIN3\ACCDATA\16.SRV - OK
C:\DEAWIN3\ACCDATA\17.SRV - OK
C:\DEAWIN3\ACCDATA\19.SRV - OK
C:\DEAWIN3\ACCDATA\2.COA - OK
C:\DEAWIN3\ACCDATA\2.SRV - OK
C:\DEAWIN3\ACCDATA\21.SRV - OK
C:\DEAWIN3\ACCDATA\22.SRV - OK
C:\DEAWIN3\ACCDATA\23.SRV - OK
C:\DEAWIN3\ACCDATA\24.SRV - OK
C:\DEAWIN3\ACCDATA\26.SRV - OK
C:\DEAWIN3\ACCDATA\27.SRV - OK
C:\DEAWIN3\ACCDATA\28.SRV - OK
C:\DEAWIN3\ACCDATA\29.SRV - OK
C:\DEAWIN3\ACCDATA\2924.SRV - OK
C:\DEAWIN3\ACCDATA\3.SRV - OK
C:\DEAWIN3\ACCDATA\31.SRV - OK
C:\DEAWIN3\ACCDATA\33.SRV - OK
C:\DEAWIN3\ACCDATA\34.SRV - OK
C:\DEAWIN3\ACCDATA\36.SRV - OK
C:\DEAWIN3\ACCDATA\37.SRV - OK
C:\DEAWIN3\ACCDATA\38.SRV - OK
C:\DEAWIN3\ACCDATA\4.SRV - OK
C:\DEAWIN3\ACCDATA\41.SRV - OK
C:\DEAWIN3\ACCDATA\42.SRV - OK
C:\DEAWIN3\ACCDATA\43.SRV - OK
C:\DEAWIN3\ACCDATA\44.SRV - OK
C:\DEAWIN3\ACCDATA\45.SRV - OK
C:\DEAWIN3\ACCDATA\46.SRV - OK
C:\DEAWIN3\ACCDATA\47.SRV - OK
C:\DEAWIN3\ACCDATA\48.SRV - OK
C:\DEAWIN3\ACCDATA\49.SRV - OK
C:\DEAWIN3\ACCDATA\5.SRV - OK
C:\DEAWIN3\ACCDATA\6.SRV - OK
C:\DEAWIN3\ACCDATA\7.SRV - OK
C:\DEAWIN3\ACCDATA\8.SRV - OK
C:\DEAWIN3\ACCDATA\9.SRV - OK
C:\DEAWIN3\ACCDATA\A.NMC - OK
C:\DEAWIN3\ACCDATA\A.NMI - OK
C:\DEAWIN3\ACCDATA\A.PRC - OK
C:\DEAWIN3\ACCDATA\A.PRI - OK
C:\DEAWIN3\ACCDATA\A.SLC - OK
C:\DEAWIN3\ACCDATA\A.SLI - OK
C:\DEAWIN3\ACCDATA\ACCESS.DTA - OK
C:\DEAWIN3\ACCDATA\ACCOUNT.DTA - OK
C:\DEAWIN3\ACCDATA\ACCRUAL.DTA - OK
C:\DEAWIN3\ACCDATA\AllStock.dta - OK
C:\DEAWIN3\ACCDATA\ASSETS.DTA - OK
C:\DEAWIN3\ACCDATA\ASTCAT.DTA - OK
C:\DEAWIN3\ACCDATA\ASTDATA.DTA - OK
C:\DEAWIN3\ACCDATA\ASTINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\BANK.DTA - OK
C:\DEAWIN3\ACCDATA\BNKINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\C0000001.DTA - OK
C:\DEAWIN3\ACCDATA\C0000002.DTA - OK
C:\DEAWIN3\ACCDATA\C0000003.DTA - OK
C:\DEAWIN3\ACCDATA\C0000004.DTA - OK
C:\DEAWIN3\ACCDATA\C0000005.DTA - OK
C:\DEAWIN3\ACCDATA\C0000006.DTA - OK
C:\DEAWIN3\ACCDATA\C0000007.DTA - OK
C:\DEAWIN3\ACCDATA\C0000008.DTA - OK
C:\DEAWIN3\ACCDATA\CATEGORY.DTA - OK
C:\DEAWIN3\ACCDATA\CHECK.DTA - OK
C:\DEAWIN3\ACCDATA\CONTACT.DTA - OK
C:\DEAWIN3\ACCDATA\CONTDATE.DTA - OK
C:\DEAWIN3\ACCDATA\CURRENCY.DTA - OK
C:\DEAWIN3\ACCDATA\DEPARTM.DTA - OK
C:\DEAWIN3\ACCDATA\GLCOAT.DTA - OK
C:\DEAWIN3\ACCDATA\HEADER.DTA - OK
C:\DEAWIN3\ACCDATA\INVINDEX - OK
C:\DEAWIN3\ACCDATA\INVINDEX.DOC - OK
C:\DEAWIN3\ACCDATA\INVINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\INVITEM.DOC - OK
C:\DEAWIN3\ACCDATA\INVITEM.DTA - OK
C:\DEAWIN3\ACCDATA\INVOICE - OK
C:\DEAWIN3\ACCDATA\INVOICE.DOC - OK
C:\DEAWIN3\ACCDATA\INVOICE.DTA - OK
C:\DEAWIN3\ACCDATA\LAYDES.LCK - OK
C:\DEAWIN3\ACCDATA\MANAGER.IVC - OK
C:\DEAWIN3\ACCDATA\MANAGER.IVI - OK
C:\DEAWIN3\ACCDATA\MANAGER.NMC - OK
C:\DEAWIN3\ACCDATA\MANAGER.NMI - OK
C:\DEAWIN3\ACCDATA\MANAGER.PPC - OK
C:\DEAWIN3\ACCDATA\MANAGER.PPI - OK
C:\DEAWIN3\ACCDATA\MANAGER.PRC - OK
C:\DEAWIN3\ACCDATA\MANAGER.PRI - OK
C:\DEAWIN3\ACCDATA\MANAGER.SKC - OK
C:\DEAWIN3\ACCDATA\MANAGER.SKI - OK
C:\DEAWIN3\ACCDATA\MANAGER.SLC - OK
C:\DEAWIN3\ACCDATA\MANAGER.SLI - OK
C:\DEAWIN3\ACCDATA\NOMINAL.DTA - OK
C:\DEAWIN3\ACCDATA\NOMINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\PREPAY.DTA - OK
C:\DEAWIN3\ACCDATA\PUOINDEX.DOC - OK
C:\DEAWIN3\ACCDATA\PUOINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\PUOITEM.DOC - OK
C:\DEAWIN3\ACCDATA\PUOITEM.DTA - OK
C:\DEAWIN3\ACCDATA\PUORDER.DOC - OK
C:\DEAWIN3\ACCDATA\PUORDER.DTA - OK
C:\DEAWIN3\ACCDATA\PURCHASE.DTA - OK
C:\DEAWIN3\ACCDATA\PURINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\QUEUE.DTA - OK
C:\DEAWIN3\ACCDATA\RECUR.DTA - OK
C:\DEAWIN3\ACCDATA\SALES.DTA - OK
C:\DEAWIN3\ACCDATA\SALINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\SAOINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\SAOITEM.DTA - OK
C:\DEAWIN3\ACCDATA\SAORDER.DTA - OK
C:\DEAWIN3\ACCDATA\SETUP.DTA - OK
C:\DEAWIN3\ACCDATA\SPLITS.DTA - OK
C:\DEAWIN3\ACCDATA\STKCAT.DTA - OK
C:\DEAWIN3\ACCDATA\STKINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\STKTRANS.DTA - OK
C:\DEAWIN3\ACCDATA\STOCK.DTA - OK
C:\DEAWIN3\ACCDATA\TODO000.DTA - OK
C:\DEAWIN3\ACCDATA\TODODATA.DTA - OK
C:\DEAWIN3\ACCDATA\TODODATE.DTA - OK
C:\DEAWIN3\ACCDATA\TODOUSER.DTA - OK
C:\DEAWIN3\ACCDATA\USAGE.DTA - OK
C:\DEAWIN3\ACCDATA\V0000002.DTA - OK
C:\DEAWIN3\ACCDATA\V0000004.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\1.COA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\1.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\10.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\11.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\12.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\13.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\14.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\15.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\16.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\17.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\19.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\2.COA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\2.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\21.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\22.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\23.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\24.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\26.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\27.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\28.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\29.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\2924.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\3.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\31.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\33.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\34.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\36.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\37.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\38.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\4.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\41.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\42.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\43.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\44.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\45.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\46.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\47.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\48.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\49.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\5.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\6.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\7.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\8.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\9.SRV - OK
C:\DEAWIN3\ACCDATA\ACCDATA\A.NMC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\A.NMI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\A.PRC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\A.PRI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\A.SLC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\A.SLI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ACCESS.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ACCOUNT.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ACCRUAL.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ALLSTOCK.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ASSETS.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ASTCAT.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ASTDATA.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\ASTINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\BANK.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\BNKINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\C0000001.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\C0000002.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\C0000003.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\CATEGORY.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\CHECK.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\CONTACT.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\CONTDATE.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\CURRENCY.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\DEPARTM.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\GLCOAT.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\HEADER.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\INVINDEX.DOC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\INVINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\INVITEM.DOC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\INVITEM.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\INVOICE.DOC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\INVOICE.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.IVC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.IVI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.NMC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.NMI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.PPC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.PPI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.PRC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.PRI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.SKC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\MANAGER.SKI - OK
C:\DEAWIN3\ACCDATA\ACCDATA\NOMINAL.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\NOMINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\PREPAY.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\PUOINDEX.DOC - OK
C:\DEAWIN3\ACCDATA\ACCDATA\PUOINDEX.DTA - OK
C:\DEAWIN3\ACCDATA\ACCDATA\PUOITEM.DOC - OK

#6 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 16 December 2009 - 07:37 PM

I cannot believe that you want me to post the entire Dr. Web log. The previous posts are less than 10% of the file. Please let me know if you would like me to continue posting (or is there a different log file?).

I ran MBAM (Full), SAS (Full), and Dr. Web (Full) while at work today. All three showed no infected files. New MBAM log at end of post. Ran TFC and restarted computer.

SmitFraudLog:

SmitFraudFix v2.424

Scan done at 18:45:04.70, Wed 12/16/2009
Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Updated MBAM, ran Quick Scan.

MBAM Log:


Malwarebytes' Anti-Malware 1.42
Database version: 3379
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/16/2009 6:51:27 PM
mbam-log-2009-12-16 (18-51-27).txt

Scan type: Quick Scan
Objects scanned: 124144
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by bomber1712, 16 December 2009 - 07:55 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:38 AM

Posted 16 December 2009 - 09:52 PM

Ok no need if had no infections.. we look much better. If you still have the safe mode issue...
SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

Let me know if things are better on all counts.

Edited by boopme, 16 December 2009 - 09:53 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 17 December 2009 - 07:54 AM

Thank you so much for your help. I ran the "Repairs" in SAS and it fixed the issue. I can now boot in Safe.

Until now, I had not connected the computer to the internet. Yesterday, after having all of the scans come back clean, I installed Comodo (Firewall and AV) and then connected the box to the internet. I have run SAS and MBAM a couple more times, and they come back clean.

Comodo, however, is another story. I ran a full scan and here is what it found:

TrojWare.Win32.Agent.ddcs@86728357 C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Common\aa33c05a19.exe
Heur.Suspicious@26930383 D:\I386\SYSTEM32\Restore.exe
UnclassifiedMalware@5202863 D:\I386\Apps\APP27596\src\HPPavillion_Spring06.exe
ApplicUnwnt.Win32.Adware.WeatherBug.a@6586015 D:\I386\Apps\APP27596\src\CompaqPresario_Spring06.exe
Heur.Suspicious@26930383 D:\MiniNT\system32\Restore.exe
TrojWare.Win32.TrojanSpy.Zbot.Gen@86381543 C:\Avenger\sdra64.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Common\aa33c05a19.exe
Heur.Dual.Extensions C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\IEDFix.C.exe
ApplicUnsaf.Win32.Shutdowner.DB@360900 C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\restart.exe
Application.Win32.Reboot.~A@15679335 C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\Reboot.exe
UnclassifiedMalware@71058299 C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe
UnclassifiedMalware@87311184 C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{2D70B470-8370-4008-BEFE-BA22F394ED7C}\chrome\content\overlay.xul
ApplicUnsaf.Win32.RemoteAdmin.WinVncBased.f@6658930 C:\Program Files\Common Files\supportsoft\bin\ssrc.exe|Unsfx
Heur.Suspicious@86860727 C:\Program Files\Intuit\QuickBooks 2006\GoogleDesktopSetup.exe
Heur.Suspicious@55458886 C:\Program Files\Online Services\MSN90\msnsusii.exe
Heur.Suspicious@55458886 C:\Program Files\Online Services\MSN90\pkgs\en\us\ms\msnsusii.exe
UnclassifiedMalware@16866258 C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP461\A0073793.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP462\A0073801.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP463\A0073809.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP464\A0074809.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP465\A0074815.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP466\A0074822.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP467\A0074831.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP467\A0074839.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP467\A0074846.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP468\A0074853.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP468\A0074856.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP468\A0074867.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP468\A0074869.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP469\A0074871.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0074877.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075876.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075885.exe
UnclassifiedMalware@87196817 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075916.dll
UnclassifiedMalware@86733731 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075918.dll
UnclassifiedMalware@85124484 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075919.dll
UnclassifiedMalware@85124484 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075921.dll
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075924.exe
TrojWare.Win32.Trojan.Agent.Gen@86818071 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075925.exe
ApplicUnwnt.Win32.Adware.WeatherBug.a@6586015 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP470\A0075901.exe
UnclassifiedMalware@87196817 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP474\A0076944.dll
Application.Win32.KillProc.~A@8366151 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP474\A0076947.exe

I told it to remove all of them. I then rebooted and ran Comodo, again:

Heur.Suspicious@26930383 D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077589.exe
Heur.Suspicious@26930383 D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077592.exe
UnclassifiedMalware@5202863 D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077590.exe
ApplicUnwnt.Win32.Adware.WeatherBug.a@6586015 D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077591.exe
ApplicUnsaf.Win32.Shutdowner.DB@360900 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077586.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077588.exe
TrojWare.Win32.Agent.ddcs@86728357 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077594.exe
TrojWare.Win32.TrojanSpy.Zbot.Gen@86381543 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077593.exe
Application.Win32.Reboot.~A@15679335 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077596.exe
UnclassifiedMalware@71058299 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077587.exe
ApplicUnsaf.Win32.RemoteAdmin.WinVncBased.f@6658930 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077597.exe|Unsfx
Heur.Suspicious@86860727 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077598.exe
Heur.Suspicious@55458886 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077599.exe
UnclassifiedMalware@16866258 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077601.exe
Heur.Suspicious@55458886 C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP481\A0077600.exe

Not sure what to do next. I will await your instructions.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:38 AM

Posted 17 December 2009 - 11:24 AM

Ok. we;ll clear that if MBAm comes back clean..
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 17 December 2009 - 06:25 PM

I updated and ran MBAM (Full Scan). It found nothing. I also ran Comodo, again, and this time it found nothing. I also ran SAS again, and it found one item:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/17/2009 at 03:14 PM

Application Version : 4.31.1000

Core Rules Database Version : 4384
Trace Rules Database Version: 2221

Scan type : Complete Scan
Total Scan Time : 02:26:38

Memory items scanned : 441
Memory threats detected : 0
Registry items scanned : 6558
Registry threats detected : 0
File items scanned : 95092
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.wsod[2].txt

I also ran Blacklight to look for Rootkits. It found nothing.

Do you think this machine is clean, now?

I only have two pesky issues that maybe you can help with.

1. I am trying to run Windows Update and there is one update that just will not install:

Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)

I have tried toinstall it several times, but it always fails. What's the deal?

2. The clock in the system tray is on 24 hour instead of 12 hour. When I did a google search to fix it, I right clicked on one of the links, and instead of going to the site it referenced, I was sent to "allgive.com". When I right clicked the link, again, it took me to the right site. Is that a problem or a fluke?

Edited by bomber1712, 17 December 2009 - 06:38 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:38 AM

Posted 17 December 2009 - 06:36 PM

Ok yes ,looks clean ,just a tracking cookie.

Try this..
Download and install the Windows Installer CleanUp Utility - (it will list all programs that use Windows Installer).

•Double-click on msicuu2.exe and click "Next".
•Accept the license agreement, click "Next", then click "Next" again.
•Click "Finish" when done.
•Go to Start > Programs and click on Windows Install CleanUp to launch the program.
•In the list of Install Products, check to see if "Windows Defender Signatures" are listed.
•If so, highlight that entry, then click on the "Remove" button.
•Reboot when done.
•Then go to Microsoft Update, do an express scan, and see if you can now apply the update.


:thumbsup:

To fix the clock display:

Go toStart >> Control Panel.
Select Regional and Language Options.
In the Standards and Formats section... next to the language you are using... click the Customize...button
Press the Time...tab.
In the Time Format...box, for 12 hour time display... change the format to:

h mm ss tt
or
hh mm ss tt


Select the other display options you want... separator, AM, PM...
When done...click Apply and OK as needed.

Edited by boopme, 17 December 2009 - 06:38 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 17 December 2009 - 06:43 PM

There is no listing for "Windows Defender Signatures". Still cannot get the update to take.

Also, I was editing the post above when you responded. Did you see this comment?:

"2. The clock in the system tray is on 24 hour instead of 12 hour. When I did a google search to fix it, I right clicked on one of the links, and instead of going to the site it referenced, I was sent to "allgive.com". When I right clicked the link, again, it took me to the right site. Is that a problem or a fluke?"

Edited by bomber1712, 17 December 2009 - 11:37 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:38 AM

Posted 18 December 2009 - 11:18 AM

Hi, Yes we crossed over each other.. i posted a Clock fix..
You should now ask about the updates in XP forum they have better ideas on it than i. But first we have some junk in System Restore that may be responsible . So lets' quick scan and then dump those.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:11:38 PM

Posted 18 December 2009 - 08:38 PM

Done. MBAM Quick Scan found nothing. I had also run SAS and Comodo while at work (again). Nothing on Comodo and 4 tracking cookies on SAS.

I will search the other forums for my update problem.

If you think this machine is clean, I want to thank you for all of your help! You are an invaluable resource!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users