Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirectvirus


  • Please log in to reply
14 replies to this topic

#1 Mok

Mok

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 06 February 2013 - 11:52 AM

I have made use of this forum once before, and I must thank the members here for providing a most valuable service. Last time I was here I had a redirect virus.

This time it's a friends computer, and he has the same problem. Yes, he uses torrents and is unappoligetic and will continue using them. (place choice curses here).

He has both Internet Explorer 8 and Fire Fox installed and this virus is affecting both. I have scanned this machine with AVG Recovery Disk, Zone Alarm, MSSE, housecall from Trend Micro and none of them catch this. It's funny to see so many anti-malware programs fail utterly.

I suppose we will start my downloading some software and posting the longs. If someone would be kind enough to remind me which software I should download, I'll get started.

Currently Advanced System Care and Zonealarm are installed. Should I uninstall them before starting the recovery procedure?

Currently running Windows XP 32 bit Home edition Service Pack 3.

Edited by bloopie, 06 February 2013 - 12:02 PM.
Moved topic from XP to the more appropriate forum. ~bloopie


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 06 February 2013 - 11:59 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log(Do not click on FIXMBR)

Post the log results here.If you get crashes in normal mode,run it in safemode with networking


Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply.Ignore it if there are no detected threats.

#3 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 06 February 2013 - 03:02 PM

Here are the results:


11:17:04.0359 0296 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:17:04.0750 0296 ============================================================
11:17:04.0750 0296 Current date / time: 2013/02/06 11:17:04.0750
11:17:04.0750 0296 SystemInfo:
11:17:04.0750 0296
11:17:04.0750 0296 OS Version: 5.1.2600 ServicePack: 3.0
11:17:04.0750 0296 Product type: Workstation
11:17:04.0750 0296 ComputerName: STEVE
11:17:04.0750 0296 UserName: Steve Parker
11:17:04.0750 0296 Windows directory: C:\WINDOWS
11:17:04.0750 0296 System windows directory: C:\WINDOWS
11:17:04.0750 0296 Processor architecture: Intel x86
11:17:04.0750 0296 Number of processors: 1
11:17:04.0750 0296 Page size: 0x1000
11:17:04.0750 0296 Boot type: Normal boot
11:17:04.0750 0296 ============================================================
11:17:05.0859 0296 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:17:05.0859 0296 ============================================================
11:17:05.0859 0296 \Device\Harddisk0\DR0:
11:17:05.0859 0296 MBR partitions:
11:17:05.0859 0296 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
11:17:05.0859 0296 ============================================================
11:17:05.0890 0296 C: <-> \Device\Harddisk0\DR0\Partition1
11:17:05.0890 0296 ============================================================
11:17:05.0890 0296 Initialize success
11:17:05.0890 0296 ============================================================
11:17:17.0453 2424 ============================================================
11:17:17.0453 2424 Scan started
11:17:17.0453 2424 Mode: Manual;
11:17:17.0453 2424 ============================================================
11:17:18.0718 2424 ================ Scan system memory ========================
11:17:18.0734 2424 System memory - ok
11:17:18.0734 2424 ================ Scan services =============================
11:17:18.0953 2424 Abiosdsk - ok
11:17:18.0953 2424 abp480n5 - ok
11:17:19.0000 2424 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:17:19.0015 2424 ACPI - ok
11:17:19.0078 2424 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:17:19.0078 2424 ACPIEC - ok
11:17:19.0156 2424 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:17:19.0156 2424 AdobeFlashPlayerUpdateSvc - ok
11:17:19.0171 2424 adpu160m - ok
11:17:19.0203 2424 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:17:19.0234 2424 aec - ok
11:17:19.0312 2424 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:17:19.0328 2424 AFD - ok
11:17:19.0328 2424 Aha154x - ok
11:17:19.0343 2424 aic78u2 - ok
11:17:19.0343 2424 aic78xx - ok
11:17:19.0390 2424 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:17:19.0390 2424 Alerter - ok
11:17:19.0421 2424 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:17:19.0421 2424 ALG - ok
11:17:19.0437 2424 AliIde - ok
11:17:19.0437 2424 amsint - ok
11:17:19.0453 2424 AppMgmt - ok
11:17:19.0468 2424 asc - ok
11:17:19.0484 2424 asc3350p - ok
11:17:19.0500 2424 asc3550 - ok
11:17:19.0640 2424 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:17:19.0718 2424 aspnet_state - ok
11:17:19.0750 2424 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:17:19.0750 2424 AsyncMac - ok
11:17:19.0781 2424 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:17:19.0781 2424 atapi - ok
11:17:19.0796 2424 Atdisk - ok
11:17:19.0812 2424 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:17:19.0812 2424 Atmarpc - ok
11:17:19.0843 2424 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:17:19.0859 2424 AudioSrv - ok
11:17:19.0890 2424 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:17:19.0890 2424 audstub - ok
11:17:19.0937 2424 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:17:19.0937 2424 Beep - ok
11:17:20.0000 2424 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:17:20.0156 2424 BITS - ok
11:17:20.0203 2424 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:17:20.0203 2424 Browser - ok
11:17:20.0234 2424 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:17:20.0250 2424 cbidf2k - ok
11:17:20.0250 2424 cd20xrnt - ok
11:17:20.0296 2424 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:17:20.0296 2424 Cdaudio - ok
11:17:20.0312 2424 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:17:20.0328 2424 Cdfs - ok
11:17:20.0343 2424 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:17:20.0343 2424 Cdrom - ok
11:17:20.0359 2424 Changer - ok
11:17:20.0375 2424 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:17:20.0390 2424 CiSvc - ok
11:17:20.0421 2424 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:17:20.0421 2424 ClipSrv - ok
11:17:20.0453 2424 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:20.0546 2424 clr_optimization_v2.0.50727_32 - ok
11:17:20.0562 2424 CmdIde - ok
11:17:20.0578 2424 COMSysApp - ok
11:17:20.0593 2424 Cpqarray - ok
11:17:20.0625 2424 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:17:20.0625 2424 CryptSvc - ok
11:17:20.0640 2424 dac2w2k - ok
11:17:20.0656 2424 dac960nt - ok
11:17:20.0703 2424 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:17:20.0718 2424 DcomLaunch - ok
11:17:20.0750 2424 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:17:20.0765 2424 Dhcp - ok
11:17:20.0796 2424 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:17:20.0796 2424 Disk - ok
11:17:20.0812 2424 dmadmin - ok
11:17:20.0843 2424 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:17:20.0859 2424 dmboot - ok
11:17:20.0890 2424 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:17:20.0890 2424 dmio - ok
11:17:20.0921 2424 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:17:20.0921 2424 dmload - ok
11:17:20.0968 2424 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:17:20.0968 2424 dmserver - ok
11:17:21.0000 2424 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:17:21.0000 2424 DMusic - ok
11:17:21.0046 2424 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:17:21.0046 2424 Dnscache - ok
11:17:21.0062 2424 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:17:21.0078 2424 Dot3svc - ok
11:17:21.0078 2424 dpti2o - ok
11:17:21.0109 2424 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:17:21.0109 2424 drmkaud - ok
11:17:21.0156 2424 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
11:17:21.0156 2424 dvd43llh - ok
11:17:21.0203 2424 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:17:21.0203 2424 e1express - ok
11:17:21.0250 2424 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:17:21.0250 2424 EapHost - ok
11:17:21.0281 2424 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:17:21.0281 2424 ERSvc - ok
11:17:21.0328 2424 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:17:21.0328 2424 Eventlog - ok
11:17:21.0375 2424 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:17:21.0375 2424 EventSystem - ok
11:17:21.0390 2424 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:17:21.0406 2424 Fastfat - ok
11:17:21.0453 2424 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:17:21.0453 2424 FastUserSwitchingCompatibility - ok
11:17:21.0468 2424 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:17:21.0468 2424 Fdc - ok
11:17:21.0515 2424 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:17:21.0531 2424 Fips - ok
11:17:21.0562 2424 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:17:21.0562 2424 Flpydisk - ok
11:17:21.0593 2424 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:17:21.0609 2424 FltMgr - ok
11:17:21.0687 2424 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:17:21.0687 2424 FontCache3.0.0.0 - ok
11:17:21.0703 2424 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:17:21.0703 2424 Fs_Rec - ok
11:17:21.0703 2424 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:17:21.0718 2424 Ftdisk - ok
11:17:21.0734 2424 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:17:21.0734 2424 Gpc - ok
11:17:21.0750 2424 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:17:21.0750 2424 HDAudBus - ok
11:17:21.0828 2424 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:17:21.0828 2424 helpsvc - ok
11:17:21.0859 2424 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:17:21.0859 2424 HidServ - ok
11:17:21.0890 2424 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:17:21.0890 2424 HidUsb - ok
11:17:21.0937 2424 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:17:21.0937 2424 hkmsvc - ok
11:17:21.0953 2424 hpn - ok
11:17:22.0093 2424 [ AF81F7BA6A09119006FE041A2F2F3ECE ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:17:22.0093 2424 hpqcxs08 - ok
11:17:22.0140 2424 [ 7244F63DB8EA883B3DC8E730C645D073 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:17:22.0140 2424 hpqddsvc - ok
11:17:22.0171 2424 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:17:22.0171 2424 HPZid412 - ok
11:17:22.0218 2424 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:17:22.0218 2424 HPZipr12 - ok
11:17:22.0250 2424 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:17:22.0250 2424 HPZius12 - ok
11:17:22.0281 2424 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:17:22.0296 2424 HTTP - ok
11:17:22.0328 2424 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:17:22.0328 2424 HTTPFilter - ok
11:17:22.0343 2424 i2omgmt - ok
11:17:22.0343 2424 i2omp - ok
11:17:22.0375 2424 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:17:22.0375 2424 i8042prt - ok
11:17:22.0453 2424 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:17:22.0515 2424 ialm - ok
11:17:22.0562 2424 [ 66793A4CBE9B5AA07882E3F3622F4FFE ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
11:17:22.0562 2424 icsak - ok
11:17:22.0656 2424 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:17:22.0671 2424 idsvc - ok
11:17:22.0703 2424 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:17:22.0718 2424 Imapi - ok
11:17:22.0781 2424 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:17:22.0781 2424 ImapiService - ok
11:17:22.0796 2424 ini910u - ok
11:17:22.0937 2424 [ 2389F12F0ED506176B7C29C8144CEA09 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:17:22.0953 2424 IntcAzAudAddService - ok
11:17:22.0968 2424 IntelIde - ok
11:17:23.0000 2424 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:17:23.0015 2424 intelppm - ok
11:17:23.0031 2424 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:17:23.0031 2424 Ip6Fw - ok
11:17:23.0062 2424 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:17:23.0062 2424 IpFilterDriver - ok
11:17:23.0078 2424 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:17:23.0093 2424 IpInIp - ok
11:17:23.0109 2424 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:17:23.0125 2424 IpNat - ok
11:17:23.0140 2424 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:17:23.0140 2424 IPSec - ok
11:17:23.0171 2424 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:17:23.0171 2424 IRENUM - ok
11:17:23.0187 2424 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:17:23.0187 2424 isapnp - ok
11:17:23.0234 2424 [ F0DEC1FDC2E67AEDD8CC00B48EEE0D43 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
11:17:23.0234 2424 ISWKL - ok
11:17:23.0265 2424 [ 0D50F54856B569302006F590F56109FA ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
11:17:23.0265 2424 IswSvc - ok
11:17:23.0375 2424 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:17:23.0375 2424 JavaQuickStarterService - ok
11:17:23.0406 2424 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:17:23.0406 2424 Kbdclass - ok
11:17:23.0437 2424 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:17:23.0437 2424 kbdhid - ok
11:17:23.0484 2424 [ 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
11:17:23.0484 2424 kl1 - ok
11:17:23.0531 2424 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:17:23.0546 2424 kmixer - ok
11:17:23.0562 2424 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:17:23.0562 2424 KSecDD - ok
11:17:23.0609 2424 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:17:23.0609 2424 lanmanserver - ok
11:17:23.0640 2424 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:17:23.0671 2424 lanmanworkstation - ok
11:17:23.0687 2424 lbrtfdc - ok
11:17:23.0796 2424 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:17:23.0796 2424 LmHosts - ok
11:17:23.0843 2424 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:17:23.0843 2424 Messenger - ok
11:17:23.0875 2424 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:17:23.0875 2424 mnmdd - ok
11:17:23.0906 2424 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:17:23.0921 2424 mnmsrvc - ok
11:17:23.0937 2424 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:17:23.0937 2424 Modem - ok
11:17:23.0968 2424 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:17:23.0968 2424 Mouclass - ok
11:17:24.0031 2424 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:17:24.0031 2424 mouhid - ok
11:17:24.0046 2424 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:17:24.0046 2424 MountMgr - ok
11:17:24.0093 2424 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:17:24.0093 2424 MozillaMaintenance - ok
11:17:24.0109 2424 mraid35x - ok
11:17:24.0109 2424 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:17:24.0125 2424 MRxDAV - ok
11:17:24.0156 2424 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:17:24.0156 2424 MRxSmb - ok
11:17:24.0187 2424 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:17:24.0203 2424 MSDTC - ok
11:17:24.0203 2424 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:17:24.0218 2424 Msfs - ok
11:17:24.0218 2424 MSIServer - ok
11:17:24.0250 2424 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:17:24.0250 2424 MSKSSRV - ok
11:17:24.0296 2424 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:17:24.0296 2424 MSPCLOCK - ok
11:17:24.0312 2424 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:17:24.0312 2424 MSPQM - ok
11:17:24.0359 2424 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:17:24.0359 2424 mssmbios - ok
11:17:24.0390 2424 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:17:24.0390 2424 MTsensor - ok
11:17:24.0437 2424 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:17:24.0437 2424 Mup - ok
11:17:24.0468 2424 [ A0454EF031329C4B330FB4544EC27D46 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
11:17:24.0468 2424 NAL - ok
11:17:24.0531 2424 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:17:24.0531 2424 napagent - ok
11:17:24.0562 2424 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:17:24.0562 2424 NDIS - ok
11:17:24.0609 2424 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:17:24.0609 2424 NdisTapi - ok
11:17:24.0640 2424 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:17:24.0640 2424 Ndisuio - ok
11:17:24.0687 2424 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:17:24.0687 2424 NdisWan - ok
11:17:24.0718 2424 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:17:24.0718 2424 NDProxy - ok
11:17:24.0765 2424 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
11:17:24.0765 2424 Net Driver HPZ12 - ok
11:17:24.0765 2424 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:17:24.0781 2424 NetBIOS - ok
11:17:24.0796 2424 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:17:24.0796 2424 NetBT - ok
11:17:24.0843 2424 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:17:24.0843 2424 NetDDE - ok
11:17:24.0859 2424 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:17:24.0859 2424 NetDDEdsdm - ok
11:17:24.0906 2424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:17:24.0906 2424 Netlogon - ok
11:17:24.0937 2424 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:17:24.0937 2424 Netman - ok
11:17:24.0984 2424 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:17:24.0984 2424 NetTcpPortSharing - ok
11:17:25.0015 2424 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:17:25.0031 2424 Nla - ok
11:17:25.0062 2424 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:17:25.0062 2424 Npfs - ok
11:17:25.0078 2424 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:17:25.0093 2424 Ntfs - ok
11:17:25.0109 2424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:17:25.0109 2424 NtLmSsp - ok
11:17:25.0218 2424 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:17:25.0234 2424 NtmsSvc - ok
11:17:25.0250 2424 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:17:25.0250 2424 Null - ok
11:17:25.0296 2424 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:17:25.0296 2424 NwlnkFlt - ok
11:17:25.0296 2424 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:17:25.0312 2424 NwlnkFwd - ok
11:17:25.0312 2424 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:17:25.0312 2424 Parport - ok
11:17:25.0328 2424 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:17:25.0328 2424 PartMgr - ok
11:17:25.0359 2424 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:17:25.0359 2424 ParVdm - ok
11:17:25.0406 2424 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:17:25.0406 2424 PCI - ok
11:17:25.0421 2424 PCIDump - ok
11:17:25.0453 2424 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:17:25.0453 2424 PCIIde - ok
11:17:25.0484 2424 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:17:25.0484 2424 Pcmcia - ok
11:17:25.0500 2424 PDCOMP - ok
11:17:25.0515 2424 PDFRAME - ok
11:17:25.0515 2424 PDRELI - ok
11:17:25.0531 2424 PDRFRAME - ok
11:17:25.0531 2424 perc2 - ok
11:17:25.0546 2424 perc2hib - ok
11:17:25.0609 2424 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:17:25.0609 2424 PlugPlay - ok
11:17:25.0656 2424 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
11:17:25.0656 2424 Pml Driver HPZ12 - ok
11:17:25.0703 2424 [ D0BE72557DE73ACABBAB536496D23115 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
11:17:25.0703 2424 Point32 - ok
11:17:25.0703 2424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:17:25.0703 2424 PolicyAgent - ok
11:17:25.0750 2424 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:17:25.0750 2424 PptpMiniport - ok
11:17:25.0750 2424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:17:25.0765 2424 ProtectedStorage - ok
11:17:25.0781 2424 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:17:25.0781 2424 PSched - ok
11:17:25.0812 2424 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:17:25.0812 2424 Ptilink - ok
11:17:25.0828 2424 ql1080 - ok
11:17:25.0828 2424 Ql10wnt - ok
11:17:25.0843 2424 ql12160 - ok
11:17:25.0859 2424 ql1240 - ok
11:17:25.0859 2424 ql1280 - ok
11:17:25.0875 2424 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:17:25.0875 2424 RasAcd - ok
11:17:25.0921 2424 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:17:25.0921 2424 RasAuto - ok
11:17:25.0937 2424 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:17:25.0953 2424 Rasl2tp - ok
11:17:25.0984 2424 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:17:26.0000 2424 RasMan - ok
11:17:26.0015 2424 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:17:26.0015 2424 RasPppoe - ok
11:17:26.0015 2424 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:17:26.0015 2424 Raspti - ok
11:17:26.0046 2424 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:17:26.0046 2424 Rdbss - ok
11:17:26.0062 2424 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:17:26.0062 2424 RDPCDD - ok
11:17:26.0093 2424 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:17:26.0109 2424 RDPWD - ok
11:17:26.0109 2424 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:17:26.0125 2424 RDSessMgr - ok
11:17:26.0156 2424 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:17:26.0156 2424 redbook - ok
11:17:26.0187 2424 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:17:26.0187 2424 RemoteAccess - ok
11:17:26.0218 2424 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:17:26.0218 2424 RpcLocator - ok
11:17:26.0265 2424 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:17:26.0265 2424 RpcSs - ok
11:17:26.0296 2424 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:17:26.0296 2424 RSVP - ok
11:17:26.0328 2424 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:17:26.0328 2424 SamSs - ok
11:17:26.0375 2424 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:17:26.0375 2424 SCardSvr - ok
11:17:26.0421 2424 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:17:26.0421 2424 Schedule - ok
11:17:26.0453 2424 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:17:26.0468 2424 Secdrv - ok
11:17:26.0500 2424 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:17:26.0500 2424 seclogon - ok
11:17:26.0546 2424 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:17:26.0546 2424 SENS - ok
11:17:26.0578 2424 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:17:26.0578 2424 serenum - ok
11:17:26.0593 2424 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:17:26.0593 2424 Serial - ok
11:17:26.0625 2424 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:17:26.0625 2424 Sfloppy - ok
11:17:26.0656 2424 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:17:26.0656 2424 SharedAccess - ok
11:17:26.0687 2424 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:17:26.0703 2424 ShellHWDetection - ok
11:17:26.0703 2424 Simbad - ok
11:17:26.0718 2424 Sparrow - ok
11:17:26.0750 2424 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:17:26.0750 2424 splitter - ok
11:17:26.0812 2424 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:17:26.0812 2424 Spooler - ok
11:17:26.0828 2424 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:17:26.0828 2424 sr - ok
11:17:26.0875 2424 srescan - ok
11:17:26.0921 2424 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:17:26.0937 2424 srservice - ok
11:17:26.0968 2424 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:17:26.0968 2424 Srv - ok
11:17:27.0015 2424 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:17:27.0015 2424 SSDPSRV - ok
11:17:27.0062 2424 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:17:27.0078 2424 stisvc - ok
11:17:27.0109 2424 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:17:27.0109 2424 swenum - ok
11:17:27.0125 2424 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:17:27.0125 2424 swmidi - ok
11:17:27.0140 2424 SwPrv - ok
11:17:27.0156 2424 symc810 - ok
11:17:27.0156 2424 symc8xx - ok
11:17:27.0171 2424 sym_hi - ok
11:17:27.0187 2424 sym_u3 - ok
11:17:27.0218 2424 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:17:27.0218 2424 sysaudio - ok
11:17:27.0265 2424 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:17:27.0265 2424 SysmonLog - ok
11:17:27.0296 2424 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:17:27.0312 2424 TapiSrv - ok
11:17:27.0359 2424 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:17:27.0359 2424 Tcpip - ok
11:17:27.0390 2424 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:17:27.0390 2424 TDPIPE - ok
11:17:27.0406 2424 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:17:27.0406 2424 TDTCP - ok
11:17:27.0421 2424 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:17:27.0421 2424 TermDD - ok
11:17:27.0437 2424 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:17:27.0453 2424 TermService - ok
11:17:27.0468 2424 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:17:27.0468 2424 Themes - ok
11:17:27.0484 2424 TosIde - ok
11:17:27.0500 2424 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:17:27.0500 2424 TrkWks - ok
11:17:27.0546 2424 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:17:27.0546 2424 Udfs - ok
11:17:27.0562 2424 ultra - ok
11:17:27.0593 2424 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:17:27.0593 2424 Update - ok
11:17:27.0625 2424 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:17:27.0625 2424 upnphost - ok
11:17:27.0656 2424 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:17:27.0656 2424 UPS - ok
11:17:27.0703 2424 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:17:27.0703 2424 usbccgp - ok
11:17:27.0718 2424 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:17:27.0718 2424 usbehci - ok
11:17:27.0750 2424 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:17:27.0750 2424 usbhub - ok
11:17:27.0781 2424 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:17:27.0781 2424 usbprint - ok
11:17:27.0812 2424 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:17:27.0812 2424 usbscan - ok
11:17:27.0812 2424 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:17:27.0812 2424 USBSTOR - ok
11:17:27.0859 2424 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:17:27.0859 2424 usbuhci - ok
11:17:27.0875 2424 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:17:27.0875 2424 VgaSave - ok
11:17:27.0890 2424 ViaIde - ok
11:17:27.0921 2424 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:17:27.0921 2424 VolSnap - ok
11:17:27.0984 2424 [ 7F10C6C385A03F40B07D682BFAA07E2F ] vsdatant C:\WINDOWS\system32\vsdatant.sys
11:17:27.0984 2424 vsdatant - ok
11:17:28.0000 2424 vsmon - ok
11:17:28.0046 2424 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:17:28.0046 2424 VSS - ok
11:17:28.0078 2424 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:17:28.0078 2424 W32Time - ok
11:17:28.0125 2424 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:17:28.0125 2424 Wanarp - ok
11:17:28.0125 2424 WDICA - ok
11:17:28.0171 2424 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:17:28.0171 2424 wdmaud - ok
11:17:28.0218 2424 [ 58C93841B12E5897651EF3342F09C9F1 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
11:17:28.0218 2424 Web Assistant Updater - ok
11:17:28.0265 2424 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:17:28.0265 2424 WebClient - ok
11:17:28.0343 2424 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:17:28.0343 2424 winmgmt - ok
11:17:28.0406 2424 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
11:17:28.0453 2424 WinRM - ok
11:17:28.0500 2424 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:17:28.0500 2424 WmdmPmSN - ok
11:17:28.0546 2424 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:17:28.0546 2424 WmiApSrv - ok
11:17:28.0656 2424 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:17:28.0687 2424 WMPNetworkSvc - ok
11:17:28.0734 2424 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:17:28.0734 2424 wscsvc - ok
11:17:28.0750 2424 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:17:28.0765 2424 wuauserv - ok
11:17:28.0796 2424 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:17:28.0796 2424 WudfPf - ok
11:17:28.0828 2424 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:17:28.0828 2424 WudfRd - ok
11:17:28.0859 2424 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:17:28.0859 2424 WudfSvc - ok
11:17:28.0906 2424 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:17:28.0953 2424 WZCSVC - ok
11:17:28.0984 2424 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:17:28.0984 2424 xmlprov - ok
11:17:29.0000 2424 ================ Scan global ===============================
11:17:29.0031 2424 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:17:29.0062 2424 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:17:29.0109 2424 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:17:29.0125 2424 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:17:29.0125 2424 [Global] - ok
11:17:29.0125 2424 ================ Scan MBR ==================================
11:17:29.0156 2424 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:17:29.0296 2424 \Device\Harddisk0\DR0 - ok
11:17:29.0296 2424 ================ Scan VBR ==================================
11:17:29.0312 2424 [ 6919063CA40CC2545EAE3B00C9EAD365 ] \Device\Harddisk0\DR0\Partition1
11:17:29.0312 2424 \Device\Harddisk0\DR0\Partition1 - ok
11:17:29.0312 2424 ============================================================
11:17:29.0312 2424 Scan finished
11:17:29.0312 2424 ============================================================
11:17:29.0328 2260 Detected object count: 0
11:17:29.0328 2260 Actual detected object count: 0
11:19:08.0140 3556 Deinitialize success




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-06 11:22:12
-----------------------------
11:22:12.000 OS Version: Windows 5.1.2600 Service Pack 3
11:22:12.000 Number of processors: 1 586 0x409
11:22:12.015 ComputerName: STEVE UserName:
11:22:16.171 Initialize success
11:25:26.343 AVAST engine defs: 13020600
11:30:23.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
11:30:23.140 Disk 0 Vendor: ST3250820AS 3.AAC Size: 238475MB BusType: 3
11:30:23.156 Disk 0 MBR read successfully
11:30:23.156 Disk 0 MBR scan
11:30:23.187 Disk 0 Windows XP default MBR code
11:30:23.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
11:30:23.187 Disk 0 scanning sectors +488376000
11:30:23.250 Disk 0 scanning C:\WINDOWS\system32\drivers
11:30:34.031 Service scanning
11:30:45.921 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
11:30:48.250 Modules scanning
11:30:52.312 Disk 0 trace - called modules:
11:30:52.343 ntoskrnl.exe CLASSPNP.SYS disk.sys dvd43llh.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:30:52.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac4aab8]
11:30:52.843 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8ac5eb00]
11:30:52.843 \Driver\atapi[0x8acb0840] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> dvd43llh.sys[0xb8b15b20]
11:30:53.406 AVAST engine scan C:\WINDOWS
11:31:03.281 AVAST engine scan C:\WINDOWS\system32
11:33:55.406 AVAST engine scan C:\WINDOWS\system32\drivers
11:34:16.437 AVAST engine scan C:\Documents and Settings\Steve Parker
11:46:40.562 AVAST engine scan C:\Documents and Settings\All Users
11:47:12.203 Scan finished successfully
11:48:48.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve Parker\Desktop\Logs\MBR.dat"
11:48:48.828 The log file has been saved successfully to "C:\Documents and Settings\Steve Parker\Desktop\Logs\aswMBR.txt"


Operating memory probably a variant of Win32/Ponmocup.AA trojan

That lastone is pretty odd. I told it to export and all that's in the file is that one line. Letme know if you would likeme to do it again.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 07 February 2013 - 01:58 AM

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the Posted Image icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

Edited by narenxp, 07 February 2013 - 03:49 AM.


#5 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 07 February 2013 - 04:59 PM

Hello

 

I have all the logs you asked for:

 

Malwarebytes log

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.07.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steve Parker :: STEVE [administrator]

07/02/2013 2:59:05 PM
mbam-log-2013-02-07 (14-59-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204025
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\system32\C_28594C.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msidntld9.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 

 

MiniToolBox log

 

MiniToolBox by Farbar  Version:10-01-2013
Ran by Steve Parker (administrator) on 07-02-2013 at 15:17:40
Running from "C:\Documents and Settings\Steve Parker\Desktop\Temp"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® PRO/1000 PL Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : Steve        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : wp.shawcable.netEthernet adapter Local Area Connection:        Connection-specific DNS Suffix  . : wp.shawcable.net        Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection        Physical Address. . . . . . . . . : 00-17-31-5C-5A-8F        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.107        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.1        DHCP Server . . . . . . . . . . . : 192.168.1.1        DNS Servers . . . . . . . . . . . : 64.59.176.13                                            64.59.177.226        Lease Obtained. . . . . . . . . . : February 7, 2013 3:13:48 PM        Lease Expires . . . . . . . . . . : February 8, 2013 3:13:48 PMServer:  nsc1.nr.wp.shawcable.net
Address:  64.59.176.13

Name:    google.com
Addresses:  74.125.225.65, 74.125.225.66, 74.125.225.64, 74.125.225.72
      74.125.225.67, 74.125.225.68, 74.125.225.73, 74.125.225.78, 74.125.225.69
      74.125.225.71, 74.125.225.70

Pinging google.com [74.125.225.65] with 32 bytes of data:Reply from 74.125.225.65: bytes=32 time=36ms TTL=57Reply from 74.125.225.65: bytes=32 time=36ms TTL=57Ping statistics for 74.125.225.65:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 36ms, Maximum = 36ms, Average = 36msServer:  nsc1.nr.wp.shawcable.net
Address:  64.59.176.13

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=62ms TTL=54Reply from 98.138.253.109: bytes=32 time=143ms TTL=54Ping statistics for 98.138.253.109:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 62ms, Maximum = 143ms, Average = 102msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 17 31 5c 5a 8f ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.107      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.107   192.168.1.107      20
    192.168.1.107  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.107   192.168.1.107      20
        224.0.0.0        240.0.0.0    192.168.1.107   192.168.1.107      20
  255.255.255.255  255.255.255.255    192.168.1.107   192.168.1.107      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/04/2013 02:43:39 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (02/04/2013 02:43:35 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/29/2012 10:10:55 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/27/2012 09:23:52 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/11/2012 02:35:58 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0073002c.
Processing media-specific event for [iexplore.exe!ws!]

Error: (05/10/2012 02:15:10 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\DriverBoost\DriverBoost\DriverBoost.exe . Error code = 0x80131047

Error: (05/03/2012 08:55:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2012 08:55:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2012 08:55:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/04/2012 06:37:27 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/07/2013 08:59:48 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.110 for the Network Card with network address 0017315C5A8F has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/05/2013 02:30:13 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (02/05/2013 02:30:12 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (02/04/2013 02:43:39 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (02/04/2013 02:43:35 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/29/2012 10:10:55 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000

Error: (11/27/2012 09:23:52 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000

Error: (08/11/2012 02:35:58 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.00073002c

Error: (05/10/2012 02:15:10 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\DriverBoost\DriverBoost\DriverBoost.exe . Error code = 0x80131047
C:\Program Files\DriverBoost\DriverBoost\DriverBoost.exe

Error: (05/03/2012 08:55:27 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/03/2012 08:55:27 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (05/03/2012 08:55:27 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/04/2012 06:37:27 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

µTorrent (Version: 1.7.6)
µTorrent (Version: 3.1.3)
1ClickDownloader (Version: 2.7 Build 26473)
32 Bit HP CIO Components Installer (Version: 2.1.5)
7500_7600_7700_Help (Version: 1.00.0000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Advanced SystemCare 6 (Version: 6.1)
ASUSDVD
Avanquest update (Version: 1.10)
BPD_HPSU (Version: 1.00.0000)
BPD_Scan (Version: 3.00.0000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.2.0.11)
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.3.0.19)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Utilities EOS Utility (Version: 1.0.4.18)
Canon Utilities PhotoStitch (Version: 3.1.18.42)
Canon Utilities ZoomBrowser EX (Version: 5.7.0.74)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 8.1.0.0)
DVD43 v4.6.0
EPSON Printer Software
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 82.0.188.000)
FileBulldog Toolbar
GoldWave v5.10
GoldWave v5.18
Google Earth (Version: 4.0.2416)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.005.006)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
InstantShareAlert (Version: 1.00.0000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PRO Network Connections (Version: )
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
L7600 (Version: 50.0.165.000)
LimeWire 5.5.14 (Version: 5.5.14)
Machinist 2
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 5.5 (Version: 5.50.661.0)
Microsoft IntelliType Pro 5.5 (Version: 5.50.661.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Office 2000 SR-1 Small Business (Version: 9.00.3821)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Motorola Driver Installation (Version: 2.9.0)
Motorola Phone Tools (Version: 4.30)
Motorola Phone Tools (Version: 4.5.7d 10/12/2007)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.2)
MPM (Version: 1.00.0000)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 6 Ultra Edition
ProductContext (Version: 50.0.165.000)
QuickTax 2005
QuickTax 2006
QuickTax 2007 (Version: 1.00.0000)
QuickTax 2008 (Version: 1.00.0000)
QuickTax 2009 (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek High Definition Audio Driver (Version: 2.06)
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 8.1.0.0)
Simply Accounting 2004 Basic
SolutionCenter (Version: 82.0.188.000)
Status (Version: 82.0.173.000)
T4 Internet - T4 par Internet 11.0 (Version: 10.0.0.0)
T4 Internet - T4 par Internet 9.0 (Version: 4.0.1.0)
TOD 012007_2 (C:\Program Files\TOD 012007)
TOD 012008_3 (C:\Program Files\TOD 012008)
TOD 012009 (Version: 1.0.0.0)
TOD 012010 (Version: 1.0.0.0)
TOD 042009 (Version: 1.0.0.0)
TOD 072006
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
TurboTax 2010 (Version: 1.00.0000)
TurboTax 2011 (Version: 1.00.0000)
UnloadSupport (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
Vuze (Version: 4.6)
Vuze_Remote Toolbar (Version: )
Web Assistant 2.0.0.464
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP Service Pack 3 (Version: 20080414.031525)
Xvid 1.2.2 final uninstall (Version: 1.2)
ZoneAlarm Extreme Security (Version: 9.3.037.000)

========================= Devices: ================================

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3063.17 MB
Available physical RAM: 2302.09 MB
Total Pagefile: 4426.82 MB
Available Pagefile: 3761.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.68 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:170.94 GB) NTFS

========================= Users: ========================================

User accounts for \\STEVE

Administrator            ASPNET                   Guest                    
HelpAssistant            Steve Parker             SUPPORT_388945a0         


**** End of log ****
 

 

Farbar's Service Scanner log

 

Farbar Service Scanner Version: 30-01-2013
Ran by Steve Parker (administrator) on 07-02-2013 at 15:20:56
Running from "C:\Documents and Settings\Steve Parker\Desktop\Temp"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2006-11-01 14:04] - [2008-04-13 18:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 06:00] - [2009-02-06 05:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

 

AdwCleaner log

 

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 15:22:35
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steve Parker - STEVE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Steve Parker\Desktop\Temp\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\Steve Parker\Application Data\BabylonToolbar
Folder Found : C:\Documents and Settings\Steve Parker\Application Data\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
Folder Found : C:\Documents and Settings\Steve Parker\Application Data\Toolbar4
Folder Found : C:\Documents and Settings\Steve Parker\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Steve Parker\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Documents and Settings\Steve Parker\Local Settings\Application Data\Vuze_Remote
Folder Found : C:\Documents and Settings\Steve Parker\Local Settings\Application Data\Vuze_Remote
Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\FileBulldog Toolbar
Folder Found : C:\Program Files\Vuze_Remote
Folder Found : C:\Program Files\Vuze_Remote
Folder Found : C:\Program Files\Web Assistant

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\SMTTB2009
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Somoto Toolbar
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\Vuze_Remote
Key Found : HKCU\Software\Web Assistant
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF8B30A8-75DD-47AA-8F2B-4344E46C1BCC}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A9D5E0E-46C8-4CB3-A851-916D2400C231}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC9B5A75-3C9C-44B9-87EF-2127FA84538B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FF8B30A8-75DD-47AA-8F2B-4344E46C1BCC}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\46a1e86e065821dade4276712973d0c6-450279986
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\46a1e86e065821dade4276712973d0c6-455821110
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\46a1e86e065821dade4276712973d0c6-455821111
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Vuze_Remote
Key Found : HKLM\Software\Web Assistant
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Steve Parker\Application Data\Mozilla\Firefox\Profiles\2sgr930a.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Steve Parker\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15435 octets] - [07/02/2013 15:22:35]

########## EOF - C:\AdwCleaner[R1].txt - [15496 octets] ##########
 

 

 

Junkware Removal Tool log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Microsoft Windows XP x86
Ran by Steve Parker on 07/02/2013 at 15:30:32.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] web assistant updater
Successfully deleted: [Service] web assistant updater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{338b4dfe-2e2c-4338-9e41-e176d497299e}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{338b4dfe-2e2c-4338-9e41-e176d497299e}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\conduitengine
Successfully deleted: [Registry Key] hkey_local_machine\software\conduitengine
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\web assistant
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fcbccb87-9224-4b8d-b117-f56d924beb18}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcbccb87-9224-4b8d-b117-f56d924beb18}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\premium"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve Parker\Application Data\babylontoolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve Parker\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve Parker\Application Data\toolbar4"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve Parker\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve Parker\Local Settings\Application Data\conduitengine"
Successfully deleted: [Folder] "C:\Documents and Settings\Steve Parker\Local Settings\Application Data\vuze_remote"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\filebulldog toolbar"
Successfully deleted: [Folder] "C:\Program Files\vuze_remote"
Successfully deleted: [Folder] "C:\Program Files\web assistant"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Documents and Settings\Steve Parker\Application Data\mozilla\firefox\profiles\2sgr930a.default\user.js
Successfully deleted: [File] "C:\Documents and Settings\Steve Parker\Application Data\mozilla\firefox\profiles\2sgr930a.default\extensions\jid1-zUrvDCat3xoDSQ@jetpack.xpi"
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Documents and Settings\Steve Parker\Application Data\mozilla\firefox\profiles\2sgr930a.default\prefs.js

user_pref("browser.search.defaultengine", "Privitize VPN");
user_pref("browser.search.defaultenginename", "Privitize VPN");
user_pref("browser.search.order.1", "Privitize VPN");
user_pref("keyword.URL", "hxxp://search.privitize.com/?aff=7&q=");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/02/2013 at 15:42:30.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Rkill log

 

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/07/2013 03:44:38 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 02/07/2013 03:45:18 PM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)
 

 

Autoruns log

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Alcmtr"    "Realtek Azalia Audio - Event Monitor"    "Realtek Semiconductor Corp."    "c:\windows\alcmtr.exe"
+ "dvd43"    ""    ""    "c:\program files\dvd43\dvd43_tray.exe"
+ "HP Software Update"    "Hewlett-Packard Product Assistant"    "Hewlett-Packard Co."    "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "igfxhkcmd"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "igfxpers"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "igfxtray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "IntelliPoint"    "IPoint.exe"    "Microsoft Corporation"    "c:\program files\microsoft intellipoint\ipoint.exe"
+ "itype"    "IType.exe"    "Microsoft Corporation"    "c:\program files\microsoft intellitype pro\itype.exe"
+ "NeroFilterCheck"    "NeroCheck"    "Ahead Software Gmbh"    "c:\windows\system32\nerocheck.exe"
+ "RemoteControl"    "PowerDVD RC Service"    "Cyberlink Corp."    "c:\program files\asustek\asusdvd\pdvdserv.exe"
+ "RTHDCPL"    "Realtek HD Audio Control Panel"    "Realtek Semiconductor Corp."    "c:\windows\rthdcpl.exe"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files\common files\java\java update\jusched.exe"
+ "TkBellExe"    "RealNetworks Scheduler"    "RealNetworks, Inc."    "c:\program files\real\realplayer\update\realsched.exe"
+ "ZoneAlarm Client"    "ZoneAlarm Client"    "Check Point Software Technologies LTD"    "c:\program files\zone labs\zonealarm\zlclient.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup"    ""    ""    ""
+ "HP Digital Imaging Monitor.lnk"    "HP Digital Imaging Monitor"    "Hewlett-Packard Co."    "c:\program files\hp\digital imaging\bin\hpqtra08.exe"
+ "Microsoft Office.lnk"    "Microsoft Office 2000 component"    "Microsoft Corporation"    "c:\program files\microsoft office\office\osa9.exe"
"C:\Documents and Settings\Steve Parker\Start Menu\Programs\Startup"    ""    ""    ""
+ "PowerReg SchedulerV2.exe"    "PRegScheduler MFC Application"    ""    "c:\documents and settings\steve parker\start menu\programs\startup\powerreg schedulerv2.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Address Book 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Advanced SystemCare 6"    "ASCTray"    "IObit"    "c:\program files\iobit\advanced systemcare 6\asctray.exe"
+ "MSMSGS"    "Windows Messenger"    "Microsoft Corporation"    "c:\program files\messenger\msmsgs.exe"
+ "NBJ"    "Nero BackItUp Scheduler Application"    "Ahead Software AG"    "c:\program files\ahead\nero backitup\nbj.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "intu-qt2009"    "Asynchronous Pluggable Protocol Library"    "Intuit Canada, a general partnership/une société en nom collectif."    "c:\program files\quicktax 2009\ic2009pp.dll"
+ "intu-tt2010"    "Asynchronous Pluggable Protocol Library"    "Intuit Canada, a general partnership/une société en nom collectif."    "c:\program files\turbotax 2010\ic2010pp.dll"
+ "intu-tt2011"    "Asynchronous Pluggable Protocol Library"    "Intuit Canada, a general partnership/une société en nom collectif."    "c:\program files\turbotax 2011\ic2011pp.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"    ""    ""    ""
+ "0"    ""    ""    "File not found: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQBoK1D6xl2hAPBGJm0MTk9EdwAf9JkfCVUO9R-_AvJGHMI5of_WQ"
+ "1"    ""    ""    "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "ZLAVShExt"    "zlavscan shell extension"    "Check Point Software Technologies LTD"    "c:\program files\zone labs\zonealarm\zlavscan.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "ZLAVShExt"    "zlavscan shell extension"    "Check Point Software Technologies LTD"    "c:\program files\zone labs\zonealarm\zlavscan.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre7\bin\ssv.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer"    "RealPlayer Download and Record Plugin"    "RealPlayer"    "c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "ZoneAlarm Toolbar Registrar"    "ZoneAlarm ForceField"    "Check Point Software Technologies"    "c:\program files\checkpoint\zaforcefield\trustchecker\bin\trustcheckerieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "ZoneAlarm Toolbar"    "ZoneAlarm ForceField"    "Check Point Software Technologies"    "c:\program files\checkpoint\zaforcefield\trustchecker\bin\trustcheckerieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "Windows Messenger"    "Windows Messenger"    "Microsoft Corporation"    "c:\program files\messenger\msmsgs.exe"
"Task Scheduler"    ""    ""    ""
+ "Adobe Flash Player Updater.job"    "Adobe® Flash® Player Update Service 11.5 r502"    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ASC6_PerformanceMonitor.job"    "Advanced SystemCare 6 Monitor"    "IObit"    "c:\program files\iobit\advanced systemcare 6\monitor.exe"
+ "RealUpgradeLogonTaskS-1-5-21-3409295243-47155459-2203791601-1006.job"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files\real\realupgrade\realupgrade.exe"
+ "RealUpgradeScheduledTaskS-1-5-21-3409295243-47155459-2203791601-1006.job"    "RealUpgrade Launcher"    "RealNetworks, Inc."    "c:\program files\real\realupgrade\realupgrade.exe"
+ "ReclaimerUpdateFiles_Steve Parker.job"    "RealNetworks Installer"    "RealNetworks, Inc."    "c:\documents and settings\steve parker\application data\real\update\upgradehelper\realplayer\10.30\agent\rnupgagent.exe"
+ "ReclaimerUpdateXML_Steve Parker.job"    "RealNetworks Installer"    "RealNetworks, Inc."    "c:\documents and settings\steve parker\application data\real\update\upgradehelper\realplayer\10.30\agent\rnupgagent.exe"
+ "RNUpgradeHelperLogonPrompt_Steve Parker.job"    "RealNetworks Installer"    "RealNetworks, Inc."    "c:\documents and settings\steve parker\application data\real\update\upgradehelper\realplayer\10.30\agent\rnupgagent.exe"
+ "Udwtc.job"    ""    ""    "File not found: C:\WINDOWS\system32\msidntld9.dll"
+ "Xxuehpd.job"    ""    ""    "File not found: C:\WINDOWS\system32\C_28594C.dll"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppMgmt"    "Provides software installation services such as Assign, Publish, and Remove."    ""    "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "hpqcxs08"    "HP CUE Context Manager Objects"    "Hewlett-Packard Co."    "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc"    "This service detects and monitors CUE devices on the system."    "Hewlett-Packard Co."    "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "IswSvc"    "ZoneAlarm ForceField"    "Check Point Software Technologies"    "c:\program files\checkpoint\zaforcefield\iswsvc.exe"
+ "JavaQuickStarterService"    "Prefetches JRE files for faster startup of Java applets and applications"    "Oracle Corporation"    "c:\program files\java\jre7\bin\jqs.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "Net Driver HPZ12"    "Dot4Net Module"    "Hewlett-Packard"    "c:\windows\system32\hpzinw12.dll"
+ "Pml Driver HPZ12"    "PmlDrv Module"    "Hewlett-Packard"    "c:\windows\system32\hpzipm12.dll"
+ "vsmon"    "Monitors internet traffic and generates alerts for disallowed access."    "Check Point Software Technologies LTD"    "c:\windows\system32\zonelabs\vsmon.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "Changer"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "dvd43llh"    "dvd43llh.sys"    "RIF"    "c:\windows\system32\drivers\dvd43llh.sys"
+ "e1express"    "Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver"    "Intel Corporation"    "c:\windows\system32\drivers\e1e5132.sys"
+ "HDAudBus"    "High Definition Audio Bus Driver v1.0a"    "Windows ® Server 2003 DDK provider"    "c:\windows\system32\drivers\hdaudbus.sys"
+ "HPZid412"    "IEEE-1284.4-1999 Driver (Windows 2000)"    "HP"    "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12"    "IEEE-1284.4-1999 Print Class Driver"    "HP"    "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12"    "1284.4<->Usb Datalink Driver (Windows 2000)"    "HP"    "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm"    "Intel Graphics Miniport Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ialmnt5.sys"
+ "icsak"    "ZoneAlarm ForceField"    "Check Point Software Technologies"    "c:\program files\checkpoint\zaforcefield\ak\icsak.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkhdaud.sys"
+ "ISWKL"    "ZoneAlarm ForceField"    "Check Point Software Technologies"    "c:\program files\checkpoint\zaforcefield\iswkl.sys"
+ "kl1"    "Kaspersky Unified Driver"    "Kaspersky Lab"    "c:\windows\system32\drivers\kl1.sys"
+ "lbrtfdc"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MTsensor"    "ATK0110 ACPI Utility"    ""    "c:\windows\system32\drivers\asacpi.sys"
+ "NAL"    "Intel® Network Adapter Diagnostic Driver"    "Intel Corporation "    "c:\windows\system32\drivers\iqvw32.sys"
+ "PCIDump"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink"    "Direct Parallel Link Driver"    "Parallel Technologies, Inc."    "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv"    "SafeDisc driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "srescan"    ""    ""    "File not found: system32\ZoneLabs\srescan.sys"
+ "vsdatant"    "ZoneAlarm Firewalling Driver"    "Check Point Software Technologies LTD"    "c:\windows\system32\vsdatant.sys"
+ "WDICA"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.iac2"    "Indeo® audio software"    "Intel Corporation"    "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet"    "Audio codec for MS ACM"    "Sipro Lab Telecom Inc."    "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch"    "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50"    "DSP GROUP, INC."    "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"
+ "vidc.iv31"    ""    ""    "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32"    ""    ""    "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
+ "vidc.XVID"    ""    ""    "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\Filter"    ""    ""    ""
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "9x8Resize"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder"    "ACELP.net Audio Decoder"    "Sipro Lab Telecom Inc."    "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Canon DES Resizer SaveMode"    "CanonDESResizer"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canondesresizer.ax"
+ "Canon G.726 Decoder"    "Canon G.726 Decoder"    "Canon Inc."    "c:\program files\canon\g726decoder\canong726decoder.ax"
+ "Canon Image Rotation Filter"    "Canon Image Rotation Filter "    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canonrotatefilter.dll"
+ "Canon MDP Motion-JPEG Decoder"    "MDP Motion-JPEG Decoder Filter"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canonmdpmjpegdecoder.ax"
+ "Canon Motion-JPEG Decoder"    "Motion-JPEG Decoder Filter"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canonmjpegdecoder.ax"
+ "Canon Motion-JPEG Encoder"    "Motion-JPEG Encoder Filter"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canonmjpegencoder.ax"
+ "Canon Resizer"    "CanonResizer"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canonresizer.ax"
+ "Canon Text Source Filter"    "Canon Text Source Filter"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canontextsourcefilter.ax"
+ "Canon WAV Dest"    "CanonWavDest"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canonwavdest.ax"
+ "Canon-Actual-Data-Length-Setter"    "CanonActualDataLengthSetter"    "Canon Inc."    "c:\program files\canon\zoombrowser ex\program\canonactualdatalengthsetter.ax"
+ "CyberLink Audio Decoder"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD6)"    "CyberLink Audio Effect Filter"    "CyberLink Corporation"    "c:\program files\asustek\asusdvd\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD6)"    "CLAudSpa.ax"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\audiofilter\claudspa.ax"
+ "CyberLink AudioCD Filter (PDVD6)"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\audiofilter\claudiocd.ax"
+ "CyberLink Demux (PDVD6)"    "MPEG-2 Dempltiplexer"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\navfilter\cldemuxer.ax"
+ "CyberLink DVD Navigator (PDVD6)"    "CyberLink DVD Navigation Filter"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD6)"    "CyberLink Line21 Decoder Filter"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\videofilter\clline21.ax"
+ "Cyberlink SubTitle Importor (PDVD6)"    "CLSubTitle.ax"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD6)"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files\asustek\asusdvd\videofilter\clvsd.ax"
+ "Dump"    ""    ""    "c:\program files\motorola phone tools\dump.ax"
+ "Frame Eater"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software"    "Indeo® audio software"    "Intel Corporation"    "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder"    "MPEG Layer-3 Audio Decoder"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codecx.ax"
+ "Nero Audio CD Filter"    "Nero Audio CD Source Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator"    "Nero Audio CD Source Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor"    "Nero Audio Processor"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder"    "Nero Audio Decoder"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder"    "AAC LC/HE Audio Encoder"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Subpicture Enc"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser"    "NeroDigital / mp4 / avi / mov parser"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter"    "DV Splitter Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder"    "MPEG-1/2/4 & AVC video decoder w/ DxVA"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator"    "DVD Navigator Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader"    "NeroDigital / mp4 / avi / mov parser"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source"    "Nero SVCD source filter"    "Nero AG "    "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)"    "NeFileSourceAsync"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter"    "Push Mode VOB Source Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter"    "Frame rate / Color space converter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture"    "Direct Show frame grabber filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder"    "MPEG 1/2 Video Encoder"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source"    "NePhotoSource"    "Ahead Software AG"    "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer"    "PS Muxer Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder"    "QuickTime™ Decoder Wrapper"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder"    "QuickTime™ Decoder Wrapper"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize"    "Nero Resizing Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector"    "Scene Change Detector"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector"    "Scene Change Detector"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter"    "Splitter Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator"    "Nero Vcd Navigator Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer"    "Nero Video Analyzer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder"    "MPEG-1/2/4 & AVC video decoder w/ DxVA"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor"    "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "psWav Dest"    "Canon Utilities Support Library"    "Canon Inc."    "c:\program files\canon\camerawindow\camerawindowmc\pswavdes.ax"
+ "RealPlayer Audio Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter"    "Audio Filter Plugin"    "RealNetworks, Inc."    "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter"    "WIA Stream Snapshot Filter"    "MyCompanyName"    "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Xvid MPEG-4 Video Decoder"    ""    ""    "c:\windows\system32\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "HP Standard TCP/IP Port"    "Standard TCP/IP Port Monitor DLL"    "Hewlett Packard"    "c:\windows\system32\hptcpmon.dll"
+ "hpz3l4sa"    "LanguageMonitor"    "Hewlett-Packard Company"    "c:\windows\system32\hpz3l4sa.dll"
+ "PCL hpz3l4x6"    "LanguageMonitor"    "Hewlett-Packard Company"    "c:\windows\system32\hpz3l4x6.dll"
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 07 February 2013 - 05:15 PM

Press Windows +R key and type

cmd

Click ok and run these commands

cd \windows\system32
attrib > c:\attrib.txt


Now go to C drive and post the contents of attrib.txt log here
 



#7 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 07 February 2013 - 05:30 PM

Result:

 

A          C:\WINDOWS\system32\$ncsp$.inf
A          C:\WINDOWS\system32\$winnt$.inf
A          C:\WINDOWS\system32\12520437.cpx
A          C:\WINDOWS\system32\12520850.cpx
A          C:\WINDOWS\system32\2kpig32.dll
A          C:\WINDOWS\system32\3dfxOGL.dll
A          C:\WINDOWS\system32\3dfxSpl2.dll
A          C:\WINDOWS\system32\3dfxSpl3.dll
A          C:\WINDOWS\system32\3dfxvs.dll
A          C:\WINDOWS\system32\6to4svc.dll
A          C:\WINDOWS\system32\aaaamon.dll
           C:\WINDOWS\system32\aaclient.dll
A          C:\WINDOWS\system32\accesor.dll
A          C:\WINDOWS\system32\access.cpl
A          C:\WINDOWS\system32\acctres.dll
A          C:\WINDOWS\system32\accwiz.exe
A          C:\WINDOWS\system32\acelpdec.ax
A          C:\WINDOWS\system32\acledit.dll
A          C:\WINDOWS\system32\aclui.dll
A          C:\WINDOWS\system32\activeds.dll
A          C:\WINDOWS\system32\activeds.tlb
A          C:\WINDOWS\system32\actmovie.exe
A          C:\WINDOWS\system32\actxprxy.dll
A          C:\WINDOWS\system32\admparse.dll
A          C:\WINDOWS\system32\adptif.dll
A          C:\WINDOWS\system32\adsldp.dll
A          C:\WINDOWS\system32\adsldpc.dll
A          C:\WINDOWS\system32\adsmsext.dll
A          C:\WINDOWS\system32\adsnt.dll
A          C:\WINDOWS\system32\advapi32.dll
A          C:\WINDOWS\system32\advpack.dll
A          C:\WINDOWS\system32\advpack.dll.mui
A          C:\WINDOWS\system32\agusbsti.dll
A          C:\WINDOWS\system32\ahui.exe
A          C:\WINDOWS\system32\alg.exe
A          C:\WINDOWS\system32\alrsvc.dll
     R     C:\WINDOWS\system32\ALSndMgr.Cpl
A          C:\WINDOWS\system32\amcompat.tlb
A          C:\WINDOWS\system32\amstream.dll
A          C:\WINDOWS\system32\ansi.sys
A          C:\WINDOWS\system32\apcups.dll
A          C:\WINDOWS\system32\append.exe
A          C:\WINDOWS\system32\apphelp.dll
A          C:\WINDOWS\system32\appwiz.cpl
A          C:\WINDOWS\system32\arp.exe
A          C:\WINDOWS\system32\asctrls.ocx
A          C:\WINDOWS\system32\asferror.dll
A          C:\WINDOWS\system32\asycfilt.dll
A          C:\WINDOWS\system32\at.exe
           C:\WINDOWS\system32\ati2cqag.dll
           C:\WINDOWS\system32\ati2dvaa.dll
           C:\WINDOWS\system32\ati2dvag.dll
           C:\WINDOWS\system32\ati3d1ag.dll
           C:\WINDOWS\system32\ati3duag.dll
           C:\WINDOWS\system32\ativdaxx.ax
           C:\WINDOWS\system32\ativmvxx.ax
           C:\WINDOWS\system32\ativtmxx.dll
           C:\WINDOWS\system32\ativvaxx.dll
A          C:\WINDOWS\system32\atkctrs.dll
A          C:\WINDOWS\system32\atl.dll
A    R     C:\WINDOWS\system32\atl71.dll
A          C:\WINDOWS\system32\atmadm.exe
A          C:\WINDOWS\system32\atmfd.dll
A          C:\WINDOWS\system32\atmlib.dll
A          C:\WINDOWS\system32\atmpvcno.dll
A          C:\WINDOWS\system32\atrace.dll
A          C:\WINDOWS\system32\attrib.exe
A          C:\WINDOWS\system32\audiodev.dll
A          C:\WINDOWS\system32\audiosrv.dll
A          C:\WINDOWS\system32\auditusr.exe
A          C:\WINDOWS\system32\authz.dll
A          C:\WINDOWS\system32\autochk.exe
A          C:\WINDOWS\system32\autoconv.exe
A          C:\WINDOWS\system32\autodisc.dll
A          C:\WINDOWS\system32\AUTOEXEC.NT
A          C:\WINDOWS\system32\autofmt.exe
A          C:\WINDOWS\system32\autolfn.exe
A          C:\WINDOWS\system32\avicap.dll
A          C:\WINDOWS\system32\avicap32.dll
A          C:\WINDOWS\system32\avifil32.dll
A          C:\WINDOWS\system32\avifile.dll
A          C:\WINDOWS\system32\avmeter.dll
A          C:\WINDOWS\system32\avtapi.dll
A          C:\WINDOWS\system32\avwav.dll
           C:\WINDOWS\system32\axaltocm.dll
           C:\WINDOWS\system32\azroles.dll
           C:\WINDOWS\system32\basecsp.dll
A          C:\WINDOWS\system32\basesrv.dll
A          C:\WINDOWS\system32\batmeter.dll
A          C:\WINDOWS\system32\batt.dll
           C:\WINDOWS\system32\bcsprsrc.dll
A          C:\WINDOWS\system32\bdtains.dll
A          C:\WINDOWS\system32\bidispl.dll
A          C:\WINDOWS\system32\bios1.rom
A          C:\WINDOWS\system32\bios4.rom
A          C:\WINDOWS\system32\bitsprx2.dll
A          C:\WINDOWS\system32\bitsprx3.dll
           C:\WINDOWS\system32\bitsprx4.dll
A          C:\WINDOWS\system32\blackbox.dll
A          C:\WINDOWS\system32\blastcln.exe
A          C:\WINDOWS\system32\bootok.exe
A          C:\WINDOWS\system32\bootvid.dll
A          C:\WINDOWS\system32\bootvrfy.exe
A          C:\WINDOWS\system32\bopomofo.uce
A          C:\WINDOWS\system32\browselc.dll
A          C:\WINDOWS\system32\browser.dll
A          C:\WINDOWS\system32\browseui.dll
A          C:\WINDOWS\system32\browsewm.dll
A          C:\WINDOWS\system32\bthci.dll
A          C:\WINDOWS\system32\bthprops.cpl
A          C:\WINDOWS\system32\bthserv.dll
A          C:\WINDOWS\system32\btpanui.dll
A          C:\WINDOWS\system32\BuzzingBee.wav
A          C:\WINDOWS\system32\cabinet.dll
A          C:\WINDOWS\system32\cabview.dll
A          C:\WINDOWS\system32\cacls.exe
A          C:\WINDOWS\system32\calc.exe
A          C:\WINDOWS\system32\camocx.dll
A          C:\WINDOWS\system32\capesnpn.dll
A          C:\WINDOWS\system32\cards.dll
A          C:\WINDOWS\system32\catsrv.dll
A          C:\WINDOWS\system32\catsrvps.dll
A          C:\WINDOWS\system32\catsrvut.dll
A          C:\WINDOWS\system32\ccfgnt.dll
A          C:\WINDOWS\system32\cdfview.dll
A          C:\WINDOWS\system32\cdm.dll
A          C:\WINDOWS\system32\cdmodem.dll
A          C:\WINDOWS\system32\cdosys.dll
A   HR     C:\WINDOWS\system32\cdplayer.exe.manifest
A          C:\WINDOWS\system32\certcli.dll
A          C:\WINDOWS\system32\certmgr.dll
A          C:\WINDOWS\system32\certmgr.msc
A          C:\WINDOWS\system32\cewmdm.dll
A          C:\WINDOWS\system32\cfgbkend.dll
A          C:\WINDOWS\system32\cfgmgr32.dll
A          C:\WINDOWS\system32\charmap.exe
     R     C:\WINDOWS\system32\ChCfg.exe
A          C:\WINDOWS\system32\chcp.com
A          C:\WINDOWS\system32\chkdsk.exe
A          C:\WINDOWS\system32\chkntfs.exe
A          C:\WINDOWS\system32\ciadmin.dll
A          C:\WINDOWS\system32\ciadv.msc
A          C:\WINDOWS\system32\cic.dll
A          C:\WINDOWS\system32\cidaemon.exe
A          C:\WINDOWS\system32\ciodm.dll
A          C:\WINDOWS\system32\cisvc.exe
A          C:\WINDOWS\system32\ckcnv.exe
A          C:\WINDOWS\system32\cksxinh.dll
A          C:\WINDOWS\system32\clb.dll
A          C:\WINDOWS\system32\clbcatex.dll
A          C:\WINDOWS\system32\clbcatq.dll
A          C:\WINDOWS\system32\cleanmgr.exe
A          C:\WINDOWS\system32\cliconf.chm
A          C:\WINDOWS\system32\cliconfg.dll
A          C:\WINDOWS\system32\cliconfg.exe
A          C:\WINDOWS\system32\cliconfg.rll
A          C:\WINDOWS\system32\clipbrd.exe
A          C:\WINDOWS\system32\clipsrv.exe
A          C:\WINDOWS\system32\clusapi.dll
A          C:\WINDOWS\system32\cmcfg32.dll
A          C:\WINDOWS\system32\cmd.exe
A          C:\WINDOWS\system32\cmdial32.dll
A          C:\WINDOWS\system32\cmdl32.exe
A          C:\WINDOWS\system32\cmmgr32.hlp
A          C:\WINDOWS\system32\cmmon32.exe
A          C:\WINDOWS\system32\cmos.ram
A          C:\WINDOWS\system32\cmpbk32.dll
A          C:\WINDOWS\system32\cmprops.dll
A          C:\WINDOWS\system32\cmsetacl.dll
A          C:\WINDOWS\system32\cmstp.exe
A          C:\WINDOWS\system32\cmutil.dll
A          C:\WINDOWS\system32\cnbjmon.dll
A          C:\WINDOWS\system32\cnetcfg.dll
A          C:\WINDOWS\system32\cnvfat.dll
A          C:\WINDOWS\system32\colbact.dll
A          C:\WINDOWS\system32\comaddin.dll
A          C:\WINDOWS\system32\comcat.dll
A          C:\WINDOWS\system32\COMCTL32.DEP
           C:\WINDOWS\system32\comctl32.dll
A          C:\WINDOWS\system32\COMCTL32.OCA
A          C:\WINDOWS\system32\COMCTL32.OCX
A          C:\WINDOWS\system32\comdlg32.dll
A          C:\WINDOWS\system32\COMDLG32.OCA
A          C:\WINDOWS\system32\COMDLG32.OCX
A          C:\WINDOWS\system32\comm.drv
A          C:\WINDOWS\system32\command.com
A          C:\WINDOWS\system32\commdlg.dll
A          C:\WINDOWS\system32\comp.exe
A          C:\WINDOWS\system32\compact.exe
A          C:\WINDOWS\system32\compatui.dll
A          C:\WINDOWS\system32\compmgmt.msc
A          C:\WINDOWS\system32\compobj.dll
A          C:\WINDOWS\system32\compstui.dll
A          C:\WINDOWS\system32\comrepl.dll
A          C:\WINDOWS\system32\comres.dll
A          C:\WINDOWS\system32\comsnap.dll
A          C:\WINDOWS\system32\comsvcs.dll
A          C:\WINDOWS\system32\comuid.dll
A          C:\WINDOWS\system32\CONFIG.NT
           C:\WINDOWS\system32\CONFIG.TMP
A          C:\WINDOWS\system32\confmsp.dll
A          C:\WINDOWS\system32\conime.exe
A          C:\WINDOWS\system32\console.dll
A          C:\WINDOWS\system32\control.exe
A          C:\WINDOWS\system32\convert.exe
A          C:\WINDOWS\system32\corpol.dll
A          C:\WINDOWS\system32\country.sys
           C:\WINDOWS\system32\credssp.dll
A          C:\WINDOWS\system32\credui.dll
A          C:\WINDOWS\system32\Crpaig80.dll
A          C:\WINDOWS\system32\crpe32.dll
A          C:\WINDOWS\system32\crtdll.dll
A          C:\WINDOWS\system32\crwrap32.dll
A          C:\WINDOWS\system32\crypt32.dll
A          C:\WINDOWS\system32\cryptdlg.dll
A          C:\WINDOWS\system32\cryptdll.dll
A          C:\WINDOWS\system32\cryptext.dll
A          C:\WINDOWS\system32\cryptnet.dll
A          C:\WINDOWS\system32\cryptsvc.dll
A          C:\WINDOWS\system32\cryptui.dll
A          C:\WINDOWS\system32\cscdll.dll
A          C:\WINDOWS\system32\cscript.exe
A          C:\WINDOWS\system32\cscui.dll
A          C:\WINDOWS\system32\csrsrv.dll
A          C:\WINDOWS\system32\csrss.exe
A          C:\WINDOWS\system32\csseqchk.dll
A          C:\WINDOWS\system32\ctfmon.exe
A          C:\WINDOWS\system32\ctl3d32.dll
A    R     C:\WINDOWS\system32\ctl3dv2.dll
A          C:\WINDOWS\system32\ctype.nls
A          C:\WINDOWS\system32\c_037.nls
A          C:\WINDOWS\system32\c_10000.nls
A          C:\WINDOWS\system32\c_10006.nls
A          C:\WINDOWS\system32\c_10007.nls
A          C:\WINDOWS\system32\c_10010.nls
A          C:\WINDOWS\system32\c_10017.nls
A          C:\WINDOWS\system32\c_10029.nls
A          C:\WINDOWS\system32\c_10079.nls
A          C:\WINDOWS\system32\c_10081.nls
A          C:\WINDOWS\system32\c_10082.nls
A          C:\WINDOWS\system32\c_1026.nls
A          C:\WINDOWS\system32\c_1250.nls
A          C:\WINDOWS\system32\c_1251.nls
A          C:\WINDOWS\system32\c_1252.nls
A          C:\WINDOWS\system32\c_1253.nls
A          C:\WINDOWS\system32\c_1254.nls
A          C:\WINDOWS\system32\c_1255.nls
A          C:\WINDOWS\system32\c_1256.nls
A          C:\WINDOWS\system32\c_1257.nls
A          C:\WINDOWS\system32\c_1258.nls
A          C:\WINDOWS\system32\c_20127.nls
A          C:\WINDOWS\system32\c_20261.nls
A          C:\WINDOWS\system32\c_20866.nls
A          C:\WINDOWS\system32\c_20905.nls
A          C:\WINDOWS\system32\c_21866.nls
A          C:\WINDOWS\system32\c_28591.nls
A          C:\WINDOWS\system32\c_28592.nls
A          C:\WINDOWS\system32\c_28593.nls
A          C:\WINDOWS\system32\C_28594.NLS
A          C:\WINDOWS\system32\C_28595.NLS
A          C:\WINDOWS\system32\C_28597.NLS
A          C:\WINDOWS\system32\c_28598.nls
A          C:\WINDOWS\system32\c_28599.nls
A          C:\WINDOWS\system32\c_28603.nls
A          C:\WINDOWS\system32\c_28605.nls
A          C:\WINDOWS\system32\c_437.nls
A          C:\WINDOWS\system32\c_500.nls
A          C:\WINDOWS\system32\c_737.nls
A          C:\WINDOWS\system32\c_775.nls
A          C:\WINDOWS\system32\c_850.nls
A          C:\WINDOWS\system32\c_852.nls
A          C:\WINDOWS\system32\c_855.nls
A          C:\WINDOWS\system32\c_857.nls
A          C:\WINDOWS\system32\c_860.nls
A          C:\WINDOWS\system32\c_861.nls
A          C:\WINDOWS\system32\c_863.nls
A          C:\WINDOWS\system32\c_865.nls
A          C:\WINDOWS\system32\c_866.nls
A          C:\WINDOWS\system32\c_869.nls
A          C:\WINDOWS\system32\c_874.nls
A          C:\WINDOWS\system32\c_875.nls
A          C:\WINDOWS\system32\c_932.nls
A          C:\WINDOWS\system32\c_936.nls
A          C:\WINDOWS\system32\c_949.nls
A          C:\WINDOWS\system32\c_950.nls
A          C:\WINDOWS\system32\d3d8.dll
A          C:\WINDOWS\system32\d3d8thk.dll
A          C:\WINDOWS\system32\d3d9.dll
A          C:\WINDOWS\system32\d3dim.dll
A          C:\WINDOWS\system32\d3dim700.dll
A          C:\WINDOWS\system32\d3dpmesh.dll
A          C:\WINDOWS\system32\d3dramp.dll
A          C:\WINDOWS\system32\d3drm.dll
A          C:\WINDOWS\system32\d3dxof.dll
A          C:\WINDOWS\system32\danim.dll
A          C:\WINDOWS\system32\dataclen.dll
A          C:\WINDOWS\system32\datime.dll
A          C:\WINDOWS\system32\davclnt.dll
A          C:\WINDOWS\system32\daxctle.ocx
A          C:\WINDOWS\system32\dbgeng.dll
A          C:\WINDOWS\system32\dbghelp.dll
A          C:\WINDOWS\system32\dbmsrpcn.dll
A          C:\WINDOWS\system32\dbnetlib.dll
A          C:\WINDOWS\system32\dbnmpntw.dll
A          C:\WINDOWS\system32\dcache.bin
A          C:\WINDOWS\system32\dciman32.dll
A          C:\WINDOWS\system32\dcomcnfg.exe
A          C:\WINDOWS\system32\DDAO36.DLL
A          C:\WINDOWS\system32\ddeml.dll
A          C:\WINDOWS\system32\ddeshare.exe
A          C:\WINDOWS\system32\ddraw.dll
A          C:\WINDOWS\system32\ddrawex.dll
A          C:\WINDOWS\system32\debug.exe
A          C:\WINDOWS\system32\defrag.exe
A          C:\WINDOWS\system32\deployJava1.dll
A          C:\WINDOWS\system32\desk.cpl
A          C:\WINDOWS\system32\deskadp.dll
A          C:\WINDOWS\system32\deskmon.dll
A          C:\WINDOWS\system32\deskperf.dll
A          C:\WINDOWS\system32\desktop.ini
A          C:\WINDOWS\system32\devenum.dll
A          C:\WINDOWS\system32\devmgmt.msc
A          C:\WINDOWS\system32\devmgr.dll
A          C:\WINDOWS\system32\dfrg.msc
A          C:\WINDOWS\system32\dfrgfat.exe
A          C:\WINDOWS\system32\dfrgntfs.exe
A          C:\WINDOWS\system32\dfrgres.dll
A          C:\WINDOWS\system32\dfrgsnap.dll
A          C:\WINDOWS\system32\dfrgui.dll
A          C:\WINDOWS\system32\dfshim.dll
A          C:\WINDOWS\system32\dfsshlex.dll
A          C:\WINDOWS\system32\dgnet.dll
A          C:\WINDOWS\system32\dgrpsetu.dll
A          C:\WINDOWS\system32\dgsetup.dll
A          C:\WINDOWS\system32\dhcpcsvc.dll
A          C:\WINDOWS\system32\dhcpmon.dll
           C:\WINDOWS\system32\dhcpqec.dll
A          C:\WINDOWS\system32\dhcpsapi.dll
A          C:\WINDOWS\system32\diactfrm.dll
A          C:\WINDOWS\system32\diantz.exe
A    R     C:\WINDOWS\system32\difxapi.dll
A          C:\WINDOWS\system32\digest.dll
A          C:\WINDOWS\system32\dimap.dll
           C:\WINDOWS\system32\dimsntfy.dll
           C:\WINDOWS\system32\dimsroam.dll
A          C:\WINDOWS\system32\dinput.dll
A          C:\WINDOWS\system32\dinput8.dll
A          C:\WINDOWS\system32\diskcomp.com
A          C:\WINDOWS\system32\diskcopy.com
A          C:\WINDOWS\system32\diskcopy.dll
A          C:\WINDOWS\system32\diskmgmt.msc
A          C:\WINDOWS\system32\diskpart.exe
A          C:\WINDOWS\system32\diskperf.exe
A          C:\WINDOWS\system32\dispex.dll
A          C:\WINDOWS\system32\dllhost.exe
A          C:\WINDOWS\system32\dllhst3g.exe
A          C:\WINDOWS\system32\dmadmin.exe
A          C:\WINDOWS\system32\dmband.dll
A          C:\WINDOWS\system32\dmcompos.dll
A          C:\WINDOWS\system32\dmconfig.dll
A          C:\WINDOWS\system32\dmdlgs.dll
A          C:\WINDOWS\system32\dmdskmgr.dll
A          C:\WINDOWS\system32\dmdskres.dll
A          C:\WINDOWS\system32\dmime.dll
A          C:\WINDOWS\system32\dmintf.dll
A          C:\WINDOWS\system32\dmloader.dll
A          C:\WINDOWS\system32\dmocx.dll
A          C:\WINDOWS\system32\dmremote.exe
A          C:\WINDOWS\system32\dmscript.dll
A          C:\WINDOWS\system32\dmserver.dll
A          C:\WINDOWS\system32\dmstyle.dll
A          C:\WINDOWS\system32\dmsynth.dll
A          C:\WINDOWS\system32\dmusic.dll
A          C:\WINDOWS\system32\dmutil.dll
A          C:\WINDOWS\system32\dmview.ocx
A          C:\WINDOWS\system32\dnsapi.dll
A          C:\WINDOWS\system32\dnsrslvr.dll
A          C:\WINDOWS\system32\docprop.dll
A          C:\WINDOWS\system32\docprop2.dll
A          C:\WINDOWS\system32\doskey.exe
A          C:\WINDOWS\system32\dosx.exe
           C:\WINDOWS\system32\dot3api.dll
           C:\WINDOWS\system32\dot3cfg.dll
           C:\WINDOWS\system32\dot3dlg.dll
           C:\WINDOWS\system32\dot3gpclnt.dll
           C:\WINDOWS\system32\dot3msm.dll
           C:\WINDOWS\system32\dot3svc.dll
           C:\WINDOWS\system32\dot3ui.dll
A          C:\WINDOWS\system32\dpcdll.dll
A          C:\WINDOWS\system32\dplay.dll
A          C:\WINDOWS\system32\dplaysvr.exe
A          C:\WINDOWS\system32\dplayx.dll
A          C:\WINDOWS\system32\dpmodemx.dll
A          C:\WINDOWS\system32\dpnaddr.dll
A          C:\WINDOWS\system32\dpnet.dll
A          C:\WINDOWS\system32\dpnhpast.dll
A          C:\WINDOWS\system32\dpnhupnp.dll
A          C:\WINDOWS\system32\dpnlobby.dll
A          C:\WINDOWS\system32\dpnmodem.dll
A          C:\WINDOWS\system32\dpnsvr.exe
A          C:\WINDOWS\system32\dpnwsock.dll
A          C:\WINDOWS\system32\dpserial.dll
A          C:\WINDOWS\system32\dpvacm.dll
A          C:\WINDOWS\system32\dpvoice.dll
A          C:\WINDOWS\system32\dpvsetup.exe
A          C:\WINDOWS\system32\dpvvox.dll
A          C:\WINDOWS\system32\dpwsock.dll
A          C:\WINDOWS\system32\dpwsockx.dll
A          C:\WINDOWS\system32\drmclien.dll
A          C:\WINDOWS\system32\drmstor.dll
           C:\WINDOWS\system32\drmupgds.exe
A          C:\WINDOWS\system32\drmv2clt.dll
A          C:\WINDOWS\system32\drprov.dll
A          C:\WINDOWS\system32\drwatson.exe
A          C:\WINDOWS\system32\drwtsn32.exe
A          C:\WINDOWS\system32\ds16gt.dLL
A          C:\WINDOWS\system32\ds32gt.dll
A          C:\WINDOWS\system32\dsauth.dll
A          C:\WINDOWS\system32\dsdmo.dll
A          C:\WINDOWS\system32\dsdmoprp.dll
A          C:\WINDOWS\system32\dskquota.dll
A          C:\WINDOWS\system32\dskquoui.dll
A          C:\WINDOWS\system32\dsofile.dll
A          C:\WINDOWS\system32\dsound.dll
A          C:\WINDOWS\system32\dsound.vxd
A          C:\WINDOWS\system32\dsound3d.dll
A          C:\WINDOWS\system32\dsprop.dll
A          C:\WINDOWS\system32\dsprpres.dll
A          C:\WINDOWS\system32\dsquery.dll
A          C:\WINDOWS\system32\dssec.dat
A          C:\WINDOWS\system32\dssec.dll
A          C:\WINDOWS\system32\dssenh.dll
A          C:\WINDOWS\system32\dsuiext.dll
A          C:\WINDOWS\system32\dswave.dll
A          C:\WINDOWS\system32\dumprep.exe
A          C:\WINDOWS\system32\duser.dll
A          C:\WINDOWS\system32\dvdplay.exe
A          C:\WINDOWS\system32\dvdupgrd.exe
A          C:\WINDOWS\system32\dwwin.exe
A          C:\WINDOWS\system32\dx7vb.dll
A          C:\WINDOWS\system32\dx8vb.dll
A          C:\WINDOWS\system32\dxdiag.exe
A          C:\WINDOWS\system32\dxdiagn.dll
A          C:\WINDOWS\system32\dxmasf.dll
A          C:\WINDOWS\system32\dxtmsft.dll
A          C:\WINDOWS\system32\dxtrans.dll
A          C:\WINDOWS\system32\dxva2.dll
A    R     C:\WINDOWS\system32\e1000msg.dll
A    R     C:\WINDOWS\system32\e1e5132.din
           C:\WINDOWS\system32\eapolqec.dll
           C:\WINDOWS\system32\eapp3hst.dll
           C:\WINDOWS\system32\eappcfg.dll
           C:\WINDOWS\system32\eappgnui.dll
           C:\WINDOWS\system32\eapphost.dll
           C:\WINDOWS\system32\eappprxy.dll
           C:\WINDOWS\system32\eapqec.dll
           C:\WINDOWS\system32\eapsvc.dll
A          C:\WINDOWS\system32\EBPCHP.DLL
A          C:\WINDOWS\system32\EBPPORT.DAT
A          C:\WINDOWS\system32\ECBTEG.DLL
A          C:\WINDOWS\system32\edit.com
A          C:\WINDOWS\system32\edit.hlp
A          C:\WINDOWS\system32\edlin.exe
A          C:\WINDOWS\system32\ega.cpi
A          C:\WINDOWS\system32\egeghel.dll
A          C:\WINDOWS\system32\els.dll
A          C:\WINDOWS\system32\EMDAZ32.DLL
A          C:\WINDOWS\system32\EMLCNS32.DLL
A          C:\WINDOWS\system32\emptyregdb.dat
A          C:\WINDOWS\system32\encapi.dll
A          C:\WINDOWS\system32\encdec.dll
A          C:\WINDOWS\system32\EqnClass.Dll
A          C:\WINDOWS\system32\ersvc.dll
A          C:\WINDOWS\system32\es.dll
A          C:\WINDOWS\system32\esent.dll
A          C:\WINDOWS\system32\esent97.dll
A          C:\WINDOWS\system32\esentprf.dll
A          C:\WINDOWS\system32\esentprf.hxx
A          C:\WINDOWS\system32\esentprf.ini
A          C:\WINDOWS\system32\esentutl.exe
A    R     C:\WINDOWS\system32\EtCo32.dll
A          C:\WINDOWS\system32\eudcedit.exe
A          C:\WINDOWS\system32\eula.txt
A          C:\WINDOWS\system32\eventcls.dll
A          C:\WINDOWS\system32\eventlog.dll
A          C:\WINDOWS\system32\eventvwr.exe
A          C:\WINDOWS\system32\eventvwr.msc
A          C:\WINDOWS\system32\evr.dll
A          C:\WINDOWS\system32\exe2bin.exe
A          C:\WINDOWS\system32\expand.exe
A          C:\WINDOWS\system32\expsrv.dll
A          C:\WINDOWS\system32\EXSEC32.DLL
A          C:\WINDOWS\system32\extmgr.dll
A          C:\WINDOWS\system32\extrac32.exe
A          C:\WINDOWS\system32\exts.dll
A          C:\WINDOWS\system32\E_SL2303.DLL
A          C:\WINDOWS\system32\fastopen.exe
A          C:\WINDOWS\system32\faultrep.dll
           C:\WINDOWS\system32\faxpatch.exe
A          C:\WINDOWS\system32\fc.exe
A          C:\WINDOWS\system32\feclient.dll
A          C:\WINDOWS\system32\filemgmt.dll
A          C:\WINDOWS\system32\find.exe
A          C:\WINDOWS\system32\findstr.exe
A          C:\WINDOWS\system32\finger.exe
A          C:\WINDOWS\system32\firewall.cpl
A          C:\WINDOWS\system32\fixmapi.exe
A          C:\WINDOWS\system32\FlashPlayerApp.exe
A          C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
A          C:\WINDOWS\system32\FlashPlayerInstaller.exe
A          C:\WINDOWS\system32\fldrclnr.dll
A          C:\WINDOWS\system32\fltlib.dll
A          C:\WINDOWS\system32\fltmc.exe
A          C:\WINDOWS\system32\FM20.DLL
A          C:\WINDOWS\system32\FM20ENU.DLL
A          C:\WINDOWS\system32\fmifs.dll
A          C:\WINDOWS\system32\FNTCACHE.DAT
A          C:\WINDOWS\system32\fontext.dll
A          C:\WINDOWS\system32\fontsub.dll
A          C:\WINDOWS\system32\fontview.exe
A          C:\WINDOWS\system32\forcedos.exe
A          C:\WINDOWS\system32\format.com
A          C:\WINDOWS\system32\framebuf.dll
A          C:\WINDOWS\system32\freecell.exe
A          C:\WINDOWS\system32\fsmgmt.msc
A          C:\WINDOWS\system32\fsquirt.exe
A          C:\WINDOWS\system32\fsusd.dll
A          C:\WINDOWS\system32\fsutil.exe
A          C:\WINDOWS\system32\ftp.exe
A          C:\WINDOWS\system32\ftsrch.dll
A          C:\WINDOWS\system32\fwcfg.dll
A          C:\WINDOWS\system32\FxHorizBtn.ocx
A          C:\WINDOWS\system32\FxPanel.ocx
A          C:\WINDOWS\system32\g711codc.ax
A          C:\WINDOWS\system32\gb2312.uce
A          C:\WINDOWS\system32\gcdef.dll
A          C:\WINDOWS\system32\gdi.exe
A          C:\WINDOWS\system32\gdi32.dll
A          C:\WINDOWS\system32\gdiplus.dll
A          C:\WINDOWS\system32\geo.nls
A          C:\WINDOWS\system32\getuname.dll
A          C:\WINDOWS\system32\glide2x.dll
A          C:\WINDOWS\system32\glide3x.dll
A          C:\WINDOWS\system32\glmf32.dll
A          C:\WINDOWS\system32\glu32.dll
A          C:\WINDOWS\system32\gpkcsp.dll
A          C:\WINDOWS\system32\gpkrsrc.dll
A          C:\WINDOWS\system32\graftabl.com
A          C:\WINDOWS\system32\graphics.com
A          C:\WINDOWS\system32\graphics.pro
A          C:\WINDOWS\system32\grpconv.exe
A          C:\WINDOWS\system32\h323.tsp
A          C:\WINDOWS\system32\h323log.txt
A          C:\WINDOWS\system32\h323msp.dll
A          C:\WINDOWS\system32\HAL.DLL
A          C:\WINDOWS\system32\hccoin.dll
A    R     C:\WINDOWS\system32\hccutils.dll
           C:\WINDOWS\system32\HdAProp.dll
           C:\WINDOWS\system32\HdAShCut.exe
           C:\WINDOWS\system32\HdAudRes.dll
A          C:\WINDOWS\system32\hdwwiz.cpl
A          C:\WINDOWS\system32\help.exe
A          C:\WINDOWS\system32\HHActiveX.dll
A          C:\WINDOWS\system32\hhctrl.ocx
A          C:\WINDOWS\system32\hhsetup.dll
A          C:\WINDOWS\system32\hid.dll
A          C:\WINDOWS\system32\hidphone.tsp
A          C:\WINDOWS\system32\hidserv.dll
A          C:\WINDOWS\system32\himem.sys
A    R     C:\WINDOWS\system32\hkcmd.exe
A          C:\WINDOWS\system32\hlink.dll
A          C:\WINDOWS\system32\hnetcfg.dll
A          C:\WINDOWS\system32\hnetmon.dll
A          C:\WINDOWS\system32\hnetwiz.dll
A          C:\WINDOWS\system32\homepage.inf
A          C:\WINDOWS\system32\hostname.exe
A          C:\WINDOWS\system32\hotplug.dll
A          C:\WINDOWS\system32\hpbmiapi.dll
A          C:\WINDOWS\system32\hpboid.dll
A          C:\WINDOWS\system32\hpboidps.dll
A          C:\WINDOWS\system32\hpbpro.dll
A          C:\WINDOWS\system32\hpbprops.dll
A          C:\WINDOWS\system32\hplbdchn.dll
A    R     C:\WINDOWS\system32\HPODXPAT.DLL
A          C:\WINDOWS\system32\hpovst09.dll
A    R     C:\WINDOWS\system32\hpovst11.dll
A    R     C:\WINDOWS\system32\hppldcoi.dll
A          C:\WINDOWS\system32\HPTcpMib.dll
A          C:\WINDOWS\system32\HPTcpMon.dll
A          C:\WINDOWS\system32\hptcpmon.ini
A          C:\WINDOWS\system32\HPTcpMUI.dll
A          C:\WINDOWS\system32\hptcpmui.hlp
A          C:\WINDOWS\system32\hpwtiop1.dll
A    R     C:\WINDOWS\system32\hpwtiop2.dll
A          C:\WINDOWS\system32\hpwwiax1.dll
A    R     C:\WINDOWS\system32\hpwwiax2.dll
A          C:\WINDOWS\system32\hpz3l4sa.dll
A          C:\WINDOWS\system32\hpz3l4x6.dll
A          C:\WINDOWS\system32\HPZc3212.dll
A          C:\WINDOWS\system32\HPZidr12.dll
A    R     C:\WINDOWS\system32\hpzids01.dll
A          C:\WINDOWS\system32\HPZinw12.dll
A          C:\WINDOWS\system32\HPZipm12.dll
A          C:\WINDOWS\system32\HPZipr12.dll
A          C:\WINDOWS\system32\hpzipt12.dll
A          C:\WINDOWS\system32\hpzisn12.dll
A          C:\WINDOWS\system32\hpzjfw01.dll
A          C:\WINDOWS\system32\hpzjrd01.dll
           C:\WINDOWS\system32\hsfcisp2.dll
A          C:\WINDOWS\system32\hticons.dll
           C:\WINDOWS\system32\html.iec
A          C:\WINDOWS\system32\httpapi.dll
A          C:\WINDOWS\system32\htui.dll
A          C:\WINDOWS\system32\hypertrm.dll
A          C:\WINDOWS\system32\iac25_32.ax
           C:\WINDOWS\system32\iacenc.dll
A    R     C:\WINDOWS\system32\iAlmCoIn_v4543.dll
A    R     C:\WINDOWS\system32\ialmdd5.dll
A    R     C:\WINDOWS\system32\ialmdev5.dll
A    R     C:\WINDOWS\system32\ialmdnt5.dll
A    R     C:\WINDOWS\system32\ialmrem.dll
A    R     C:\WINDOWS\system32\ialmrnt5.dll
A    R     C:\WINDOWS\system32\ialmuARA.dll
A    R     C:\WINDOWS\system32\ialmuARB.dll
A    R     C:\WINDOWS\system32\ialmuCHS.dll
A    R     C:\WINDOWS\system32\ialmuCHT.dll
A    R     C:\WINDOWS\system32\ialmuCSY.dll
A    R     C:\WINDOWS\system32\ialmuDAN.dll
A    R     C:\WINDOWS\system32\ialmuDEU.dll
A    R     C:\WINDOWS\system32\ialmudlg.exe
A    R     C:\WINDOWS\system32\ialmuELL.dll
A    R     C:\WINDOWS\system32\ialmuENG.dll
A    R     C:\WINDOWS\system32\ialmuESP.dll
A    R     C:\WINDOWS\system32\ialmuFIN.dll
A    R     C:\WINDOWS\system32\ialmuFRA.dll
A    R     C:\WINDOWS\system32\ialmuFRC.dll
A    R     C:\WINDOWS\system32\ialmuHEB.dll
A    R     C:\WINDOWS\system32\ialmuHUN.dll
A    R     C:\WINDOWS\system32\ialmuITA.dll
A    R     C:\WINDOWS\system32\ialmuJPN.dll
A    R     C:\WINDOWS\system32\ialmuKOR.dll
A    R     C:\WINDOWS\system32\ialmuNLD.dll
A    R     C:\WINDOWS\system32\ialmuNOR.dll
A    R     C:\WINDOWS\system32\ialmuPLK.dll
A    R     C:\WINDOWS\system32\ialmuPTB.dll
A    R     C:\WINDOWS\system32\ialmuPTG.dll
A    R     C:\WINDOWS\system32\ialmuRUS.dll
A    R     C:\WINDOWS\system32\ialmuSVE.dll
A    R     C:\WINDOWS\system32\ialmuTHA.dll
A    R     C:\WINDOWS\system32\ialmuTRK.dll
A          C:\WINDOWS\system32\iasacct.dll
A          C:\WINDOWS\system32\iasads.dll
A          C:\WINDOWS\system32\iashlpr.dll
A          C:\WINDOWS\system32\iasnap.dll
A          C:\WINDOWS\system32\iaspolcy.dll
A          C:\WINDOWS\system32\iasrad.dll
A          C:\WINDOWS\system32\iasrecst.dll
A          C:\WINDOWS\system32\iassam.dll
A          C:\WINDOWS\system32\iassdo.dll
A          C:\WINDOWS\system32\iassvcs.dll
A          C:\WINDOWS\system32\ibfl.dat
A          C:\WINDOWS\system32\icaapi.dll
A          C:\WINDOWS\system32\icardagt.exe
A          C:\WINDOWS\system32\icardie.dll
A          C:\WINDOWS\system32\icardres.dll
A          C:\WINDOWS\system32\icardres.dll.mui
A          C:\WINDOWS\system32\iccvid.dll
A          C:\WINDOWS\system32\icfgnt5.dll
A          C:\WINDOWS\system32\icm32.dll
A          C:\WINDOWS\system32\icmp.dll
A          C:\WINDOWS\system32\icmui.dll
A          C:\WINDOWS\system32\icrav03.rat
A          C:\WINDOWS\system32\icwdial.dll
A          C:\WINDOWS\system32\icwphbk.dll
A          C:\WINDOWS\system32\ideograf.uce
A          C:\WINDOWS\system32\idndl.dll
A          C:\WINDOWS\system32\idq.dll
           C:\WINDOWS\system32\ie4uinit.exe
           C:\WINDOWS\system32\ie4uinit.exe.mui
           C:\WINDOWS\system32\IE7Eula.rtf
           C:\WINDOWS\system32\IE8Eula.rtf
A          C:\WINDOWS\system32\ieakeng.dll
A          C:\WINDOWS\system32\ieaksie.dll
A          C:\WINDOWS\system32\ieakui.dll
A          C:\WINDOWS\system32\ieapfltr.dat
A          C:\WINDOWS\system32\ieapfltr.dll
           C:\WINDOWS\system32\iedkcs32.dll
           C:\WINDOWS\system32\iedkcs32.dll.mui
A          C:\WINDOWS\system32\ieframe.dll
A          C:\WINDOWS\system32\ieframe.dll.mui
           C:\WINDOWS\system32\iepeers.dll
A          C:\WINDOWS\system32\iernonce.dll
A          C:\WINDOWS\system32\iertutil.dll
A          C:\WINDOWS\system32\iesetup.dll
A          C:\WINDOWS\system32\ieudinit.exe
A          C:\WINDOWS\system32\ieui.dll
A          C:\WINDOWS\system32\ieuinit.inf
A          C:\WINDOWS\system32\iexpress.exe
A          C:\WINDOWS\system32\ifmon.dll
A          C:\WINDOWS\system32\ifsutil.dll
           C:\WINDOWS\system32\ifxcardm.dll
A    R     C:\WINDOWS\system32\igfxcfg.exe
A    R     C:\WINDOWS\system32\igfxcpl.cpl
A    R     C:\WINDOWS\system32\igfxdev.dll
A    R     C:\WINDOWS\system32\igfxdo.dll
A    R     C:\WINDOWS\system32\igfxexps.dll
A    R     C:\WINDOWS\system32\igfxext.exe
A    R     C:\WINDOWS\system32\igfxpers.exe
A    R     C:\WINDOWS\system32\igfxpph.dll
A    R     C:\WINDOWS\system32\igfxrara.lrc
A    R     C:\WINDOWS\system32\igfxrchs.lrc
A    R     C:\WINDOWS\system32\igfxrcht.lrc
A    R     C:\WINDOWS\system32\igfxrcsy.lrc
A    R     C:\WINDOWS\system32\igfxrdan.lrc
A    R     C:\WINDOWS\system32\igfxrdeu.lrc
A    R     C:\WINDOWS\system32\igfxrell.lrc
A    R     C:\WINDOWS\system32\igfxrenu.lrc
A    R     C:\WINDOWS\system32\igfxres.dll
A    R     C:\WINDOWS\system32\igfxresp.lrc
A    R     C:\WINDOWS\system32\igfxress.dll
A    R     C:\WINDOWS\system32\igfxrfin.lrc
A    R     C:\WINDOWS\system32\igfxrfra.lrc
A    R     C:\WINDOWS\system32\igfxrheb.lrc
A    R     C:\WINDOWS\system32\igfxrhun.lrc
A    R     C:\WINDOWS\system32\igfxrita.lrc
A    R     C:\WINDOWS\system32\igfxrjpn.lrc
A    R     C:\WINDOWS\system32\igfxrkor.lrc
A    R     C:\WINDOWS\system32\igfxrnld.lrc
A    R     C:\WINDOWS\system32\igfxrnor.lrc
A    R     C:\WINDOWS\system32\igfxrplk.lrc
A    R     C:\WINDOWS\system32\igfxrptb.lrc
A    R     C:\WINDOWS\system32\igfxrptg.lrc
A    R     C:\WINDOWS\system32\igfxrrus.lrc
A    R     C:\WINDOWS\system32\igfxrsve.lrc
A    R     C:\WINDOWS\system32\igfxrtha.lrc
A    R     C:\WINDOWS\system32\igfxrtrk.lrc
A    R     C:\WINDOWS\system32\igfxsrvc.dll
A    R     C:\WINDOWS\system32\igfxsrvc.exe
A    R     C:\WINDOWS\system32\igfxtray.exe
A    R     C:\WINDOWS\system32\igfxzoom.exe
A    R     C:\WINDOWS\system32\igldev32.dll
A    R     C:\WINDOWS\system32\iglicd32.dll
A          C:\WINDOWS\system32\igmpagnt.dll
A    R     C:\WINDOWS\system32\igxpxa32.cpa
A    R     C:\WINDOWS\system32\igxpxa32.vp
A    R     C:\WINDOWS\system32\igxpxk32.vp
A    R     C:\WINDOWS\system32\igxpxs32.vp
A          C:\WINDOWS\system32\ils.dll
A          C:\WINDOWS\system32\imaadp32.acm
A          C:\WINDOWS\system32\imagehlp.dll
           C:\WINDOWS\system32\ImagX7.dll
           C:\WINDOWS\system32\ImagXpr7.dll
           C:\WINDOWS\system32\ImagXR7.dll
           C:\WINDOWS\system32\ImagXRA7.dll
A          C:\WINDOWS\system32\imapi.exe
A          C:\WINDOWS\system32\imeshare.dll
A          C:\WINDOWS\system32\imgutil.dll
A          C:\WINDOWS\system32\imm32.dll
A          C:\WINDOWS\system32\Implode.dll
A          C:\WINDOWS\system32\inetcfg.dll
A          C:\WINDOWS\system32\InetClnt.dll
A          C:\WINDOWS\system32\inetcomm.dll
           C:\WINDOWS\system32\inetcpl.cpl
A          C:\WINDOWS\system32\inetcplc.dll
A          C:\WINDOWS\system32\inetmib1.dll
A          C:\WINDOWS\system32\inetpp.dll
A          C:\WINDOWS\system32\inetppui.dll
A          C:\WINDOWS\system32\inetres.dll
A          C:\WINDOWS\system32\infocardapi.dll
A          C:\WINDOWS\system32\infocardcpl.cpl
A          C:\WINDOWS\system32\infosoft.dll
A          C:\WINDOWS\system32\initpki.dll
A          C:\WINDOWS\system32\input.dll
A          C:\WINDOWS\system32\inseng.dll
A          C:\WINDOWS\system32\instcat.sql
A          C:\WINDOWS\system32\intl.cpl
A          C:\WINDOWS\system32\iologmsg.dll
A          C:\WINDOWS\system32\ipcoin7.dll
A          C:\WINDOWS\system32\ipconf.tsp
A          C:\WINDOWS\system32\ipconfig.exe
A          C:\WINDOWS\system32\iphlpapi.dll
A          C:\WINDOWS\system32\ipmontr.dll
A          C:\WINDOWS\system32\ipnathlp.dll
A          C:\WINDOWS\system32\ippromon.dll
A          C:\WINDOWS\system32\iprop.dll
A          C:\WINDOWS\system32\iprtprio.dll
A          C:\WINDOWS\system32\iprtrmgr.dll
A          C:\WINDOWS\system32\ipsec6.exe
A          C:\WINDOWS\system32\ipsecsnp.dll
A          C:\WINDOWS\system32\ipsecsvc.dll
A          C:\WINDOWS\system32\ipsmsnap.dll
A          C:\WINDOWS\system32\ipv6.exe
A          C:\WINDOWS\system32\ipv6mon.dll
A          C:\WINDOWS\system32\ipxmontr.dll
A          C:\WINDOWS\system32\ipxpromn.dll
A          C:\WINDOWS\system32\ipxrip.dll
A          C:\WINDOWS\system32\ipxroute.exe
A          C:\WINDOWS\system32\ipxrtmgr.dll
A          C:\WINDOWS\system32\ipxsap.dll
A          C:\WINDOWS\system32\ipxwan.dll
A          C:\WINDOWS\system32\ir32_32.dll
A          C:\WINDOWS\system32\ir41_32.ax
A          C:\WINDOWS\system32\ir41_qc.dll
A          C:\WINDOWS\system32\ir41_qcx.dll
A          C:\WINDOWS\system32\ir50_32.dll
A          C:\WINDOWS\system32\ir50_qc.dll
A          C:\WINDOWS\system32\ir50_qcx.dll
A          C:\WINDOWS\system32\irclass.dll
A          C:\WINDOWS\system32\irprops.cpl
A          C:\WINDOWS\system32\isign32.dll
A          C:\WINDOWS\system32\isrdbg32.dll
A          C:\WINDOWS\system32\itircl.dll
A          C:\WINDOWS\system32\itss.dll
A          C:\WINDOWS\system32\iuengine.dll
A          C:\WINDOWS\system32\ivfsrc.ax
A          C:\WINDOWS\system32\ixsso.dll
A          C:\WINDOWS\system32\iyuv_32.dll
A          C:\WINDOWS\system32\java.exe
A          C:\WINDOWS\system32\javacpl.cpl
A          C:\WINDOWS\system32\javaw.exe
A          C:\WINDOWS\system32\javaws.exe
A          C:\WINDOWS\system32\jet500.dll
A          C:\WINDOWS\system32\JETCOMP.exe
A          C:\WINDOWS\system32\jgaw400.dll
A          C:\WINDOWS\system32\jgdw400.dll
A          C:\WINDOWS\system32\jgmd400.dll
A          C:\WINDOWS\system32\jgpl400.dll
A          C:\WINDOWS\system32\jgsd400.dll
A          C:\WINDOWS\system32\jgsh400.dll
A          C:\WINDOWS\system32\jobexec.dll
A          C:\WINDOWS\system32\joy.cpl
A          C:\WINDOWS\system32\jscript.dll
           C:\WINDOWS\system32\jsproxy.dll
A          C:\WINDOWS\system32\jupdate-1.5.0_09-b03.log
A          C:\WINDOWS\system32\jupdate-1.5.0_10-b03.log
A          C:\WINDOWS\system32\jupdate-1.5.0_11-b03.log
A          C:\WINDOWS\system32\jupdate-1.6.0_01-b06.log
A          C:\WINDOWS\system32\jupdate-1.6.0_02-b06.log
A          C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
A          C:\WINDOWS\system32\jupdate-1.6.0_05-b13.log
A          C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log
A          C:\WINDOWS\system32\jupdate-1.6.0_13-b03.log
A          C:\WINDOWS\system32\jupdate-1.6.0_15-b03.log
A          C:\WINDOWS\system32\jupdate-1.6.0_17-b04.log
A          C:\WINDOWS\system32\jupdate-1.6.0_19-b04.log
A          C:\WINDOWS\system32\jupdate-1.6.0_20-b02.log
A          C:\WINDOWS\system32\jupdate-1.6.0_21-b07.log
A          C:\WINDOWS\system32\jupdate-1.6.0_22-b04.log
A          C:\WINDOWS\system32\jupdate-1.6.0_24-b07.log
A          C:\WINDOWS\system32\jupdate-1.6.0_26-b03.log
A          C:\WINDOWS\system32\jupdate-1.6.0_29-b11.log
A          C:\WINDOWS\system32\jupdate-1.6.0_35-b10.log
A          C:\WINDOWS\system32\kanji_1.uce
A          C:\WINDOWS\system32\kanji_2.uce
A          C:\WINDOWS\system32\kb16.com
A    R     C:\WINDOWS\system32\KBDAL.DLL
A    R     C:\WINDOWS\system32\kbdaze.dll
A    R     C:\WINDOWS\system32\kbdazel.dll
A          C:\WINDOWS\system32\kbdbe.dll
A          C:\WINDOWS\system32\kbdbene.dll
           C:\WINDOWS\system32\kbdbhc.dll
A    R     C:\WINDOWS\system32\kbdblr.dll
A          C:\WINDOWS\system32\kbdbr.dll
A    R     C:\WINDOWS\system32\kbdbu.dll
A          C:\WINDOWS\system32\kbdca.dll
A          C:\WINDOWS\system32\kbdcan.dll
A    R     C:\WINDOWS\system32\kbdcr.dll
A    R     C:\WINDOWS\system32\kbdcz.dll
A    R     C:\WINDOWS\system32\kbdcz1.dll
A    R     C:\WINDOWS\system32\kbdcz2.dll
A          C:\WINDOWS\system32\kbdda.dll
A          C:\WINDOWS\system32\kbddv.dll
A          C:\WINDOWS\system32\kbdes.dll
A    R     C:\WINDOWS\system32\kbdest.dll
A          C:\WINDOWS\system32\kbdfc.dll
A          C:\WINDOWS\system32\kbdfi.dll
A          C:\WINDOWS\system32\kbdfi1.dll
A          C:\WINDOWS\system32\kbdfo.dll
A          C:\WINDOWS\system32\kbdfr.dll
A          C:\WINDOWS\system32\kbdgae.dll
A    R     C:\WINDOWS\system32\kbdgkl.dll
A          C:\WINDOWS\system32\kbdgr.dll
A          C:\WINDOWS\system32\kbdgr1.dll
A    R     C:\WINDOWS\system32\kbdhe.dll
A    R     C:\WINDOWS\system32\kbdhe220.dll
A    R     C:\WINDOWS\system32\kbdhe319.dll
A    R     C:\WINDOWS\system32\kbdhela2.dll
A    R     C:\WINDOWS\system32\kbdhela3.dll
A    R     C:\WINDOWS\system32\kbdhept.dll
A    R     C:\WINDOWS\system32\kbdhu.dll
A    R     C:\WINDOWS\system32\kbdhu1.dll
A          C:\WINDOWS\system32\kbdic.dll
A          C:\WINDOWS\system32\kbdinbe1.dll
A          C:\WINDOWS\system32\kbdinben.dll
A          C:\WINDOWS\system32\kbdinmal.dll
A          C:\WINDOWS\system32\kbdir.dll
A          C:\WINDOWS\system32\kbdit.dll
A          C:\WINDOWS\system32\kbdit142.dll
           C:\WINDOWS\system32\kbdiultn.dll
A    R     C:\WINDOWS\system32\kbdkaz.dll
A    R     C:\WINDOWS\system32\kbdkyr.dll
A          C:\WINDOWS\system32\kbdla.dll
A    R     C:\WINDOWS\system32\kbdlt.dll
A    R     C:\WINDOWS\system32\kbdlt1.dll
A    R     C:\WINDOWS\system32\kbdlv.dll
A    R     C:\WINDOWS\system32\kbdlv1.dll
A          C:\WINDOWS\system32\kbdmac.dll
A          C:\WINDOWS\system32\kbdmaori.dll
A          C:\WINDOWS\system32\kbdmlt47.dll
A          C:\WINDOWS\system32\kbdmlt48.dll
A    R     C:\WINDOWS\system32\kbdmon.dll
A          C:\WINDOWS\system32\kbdne.dll
A          C:\WINDOWS\system32\kbdnec.dll
           C:\WINDOWS\system32\kbdnepr.dll
A          C:\WINDOWS\system32\kbdno.dll
A          C:\WINDOWS\system32\kbdno1.dll
           C:\WINDOWS\system32\kbdpash.dll
A    R     C:\WINDOWS\system32\kbdpl.dll
A    R     C:\WINDOWS\system32\kbdpl1.dll
A          C:\WINDOWS\system32\kbdpo.dll
A    R     C:\WINDOWS\system32\kbdro.dll
A    R     C:\WINDOWS\system32\kbdru.dll
A    R     C:\WINDOWS\system32\kbdru1.dll
A          C:\WINDOWS\system32\kbdsf.dll
A          C:\WINDOWS\system32\kbdsg.dll
A    R     C:\WINDOWS\system32\kbdsl.dll
A    R     C:\WINDOWS\system32\kbdsl1.dll
A          C:\WINDOWS\system32\kbdsmsfi.dll
A          C:\WINDOWS\system32\kbdsmsno.dll
A          C:\WINDOWS\system32\kbdsp.dll
A          C:\WINDOWS\system32\kbdsw.dll
A    R     C:\WINDOWS\system32\kbdtat.dll
A    R     C:\WINDOWS\system32\kbdtuf.dll
A    R     C:\WINDOWS\system32\kbdtuq.dll
A          C:\WINDOWS\system32\kbduk.dll
A          C:\WINDOWS\system32\kbdukx.dll
A    R     C:\WINDOWS\system32\kbdur.dll
A          C:\WINDOWS\system32\kbdus.dll
A          C:\WINDOWS\system32\kbdusl.dll
A          C:\WINDOWS\system32\kbdusr.dll
A          C:\WINDOWS\system32\kbdusx.dll
A    R     C:\WINDOWS\system32\kbduzb.dll
A    R     C:\WINDOWS\system32\kbdycc.dll
A    R     C:\WINDOWS\system32\kbdycl.dll
A          C:\WINDOWS\system32\kd1394.dll
A          C:\WINDOWS\system32\kdcom.dll
A          C:\WINDOWS\system32\kerberos.dll
A          C:\WINDOWS\system32\kernel32.dll
A          C:\WINDOWS\system32\key01.sys
A          C:\WINDOWS\system32\keyboard.drv
A          C:\WINDOWS\system32\keyboard.sys
A          C:\WINDOWS\system32\keymgr.dll
A          C:\WINDOWS\system32\kmddsp.tsp
           C:\WINDOWS\system32\kmsvc.dll
A          C:\WINDOWS\system32\korean.uce
A          C:\WINDOWS\system32\krnl386.exe
A          C:\WINDOWS\system32\ksproxy.ax
A          C:\WINDOWS\system32\ksuser.dll
           C:\WINDOWS\system32\l2gpstore.dll
A          C:\WINDOWS\system32\l3codeca.acm
A          C:\WINDOWS\system32\l3codecp.acm
A          C:\WINDOWS\system32\l3codecx.ax
A          C:\WINDOWS\system32\label.exe
A          C:\WINDOWS\system32\langwrbk.dll
A          C:\WINDOWS\system32\lanman.drv
A          C:\WINDOWS\system32\LAPRXY.dll
           C:\WINDOWS\system32\LegitCheckControl.dll
A          C:\WINDOWS\system32\libdvdcss-2.dll
A          C:\WINDOWS\system32\libeay32_0.9.6l.dll
A          C:\WINDOWS\system32\licdll.dll
           C:\WINDOWS\system32\licmgr10.dll
A          C:\WINDOWS\system32\licwmi.dll
A          C:\WINDOWS\system32\lights.exe
A          C:\WINDOWS\system32\linkinfo.dll
A          C:\WINDOWS\system32\lkfl.dat
A          C:\WINDOWS\system32\lmhsvc.dll
A          C:\WINDOWS\system32\lmrt.dll
A          C:\WINDOWS\system32\lnkstub.exe
A          C:\WINDOWS\system32\loadfix.com
A          C:\WINDOWS\system32\loadperf.dll
A          C:\WINDOWS\system32\locale.nls
A          C:\WINDOWS\system32\localsec.dll
A          C:\WINDOWS\system32\localspl.dll
A          C:\WINDOWS\system32\localui.dll
A          C:\WINDOWS\system32\locator.exe
A          C:\WINDOWS\system32\lodctr.exe
A          C:\WINDOWS\system32\logagent.exe
A          C:\WINDOWS\system32\loghours.dll
A          C:\WINDOWS\system32\logman.exe
A          C:\WINDOWS\system32\logoff.exe
A          C:\WINDOWS\system32\logon.scr
A          C:\WINDOWS\system32\logonui.exe
A   HR     C:\WINDOWS\system32\logonui.exe.manifest
A          C:\WINDOWS\system32\LoopyMusic.wav
A          C:\WINDOWS\system32\lpk.dll
A          C:\WINDOWS\system32\lpq.exe
A          C:\WINDOWS\system32\lpr.exe
A          C:\WINDOWS\system32\lprhelp.dll
A          C:\WINDOWS\system32\lprmonui.dll
A          C:\WINDOWS\system32\lsasrv.dll
A          C:\WINDOWS\system32\lsass.exe
A          C:\WINDOWS\system32\ltelbdb.dll
A          C:\WINDOWS\system32\lusrmgr.msc
A          C:\WINDOWS\system32\lz32.dll
A          C:\WINDOWS\system32\lzexpand.dll
A          C:\WINDOWS\system32\l_except.nls
A          C:\WINDOWS\system32\l_intl.nls
A          C:\WINDOWS\system32\Machinist2.dll
A          C:\WINDOWS\system32\magnify.exe
A          C:\WINDOWS\system32\mag_hook.dll
 


Edited by Mok, 07 February 2013 - 05:42 PM.


#8 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 07 February 2013 - 05:42 PM

Continued due to content too long error:

 

 

 

A          C:\WINDOWS\system32\main.cpl
A          C:\WINDOWS\system32\makecab.exe
A          C:\WINDOWS\system32\MAPI.DLL
A          C:\WINDOWS\system32\mapi32.dll
A          C:\WINDOWS\system32\MAPISRVR.EXE
A          C:\WINDOWS\system32\mapistub.dll
A          C:\WINDOWS\system32\mcastmib.dll
A          C:\WINDOWS\system32\mcd32.dll
A          C:\WINDOWS\system32\mcdsrv32.dll
A          C:\WINDOWS\system32\mchgrcoi.dll
A          C:\WINDOWS\system32\mciavi.drv
A          C:\WINDOWS\system32\mciavi32.dll
A          C:\WINDOWS\system32\mcicda.dll
A          C:\WINDOWS\system32\mciole16.dll
A          C:\WINDOWS\system32\mciole32.dll
A          C:\WINDOWS\system32\mciqtz32.dll
A          C:\WINDOWS\system32\mciseq.dll
A          C:\WINDOWS\system32\mciseq.drv
A          C:\WINDOWS\system32\mciwave.dll
A          C:\WINDOWS\system32\mciwave.drv
A          C:\WINDOWS\system32\mdaccore.rsp
A          C:\WINDOWS\system32\mdhcp.dll
A          C:\WINDOWS\system32\mdminst.dll
           C:\WINDOWS\system32\mdmxsdk.dll
A          C:\WINDOWS\system32\MDT2FW95.DLL
A          C:\WINDOWS\system32\mdwmdmsp.dll
A          C:\WINDOWS\system32\mem.exe
A          C:\WINDOWS\system32\mf3216.dll
A          C:\WINDOWS\system32\mfc40.dll
A          C:\WINDOWS\system32\mfc40u.dll
A          C:\WINDOWS\system32\mfc42.dll
A          C:\WINDOWS\system32\MFC42ENU.DLL
A          C:\WINDOWS\system32\mfc42u.dll
A          C:\WINDOWS\system32\MFC71.dll
A          C:\WINDOWS\system32\MFC71CHS.DLL
A          C:\WINDOWS\system32\MFC71CHT.DLL
A          C:\WINDOWS\system32\MFC71DEU.DLL
A          C:\WINDOWS\system32\MFC71ENU.DLL
A          C:\WINDOWS\system32\MFC71ESP.DLL
A          C:\WINDOWS\system32\MFC71FRA.DLL
A          C:\WINDOWS\system32\MFC71ITA.DLL
A          C:\WINDOWS\system32\MFC71JPN.DLL
A          C:\WINDOWS\system32\MFC71KOR.DLL
A          C:\WINDOWS\system32\mfc71u.dll
A          C:\WINDOWS\system32\mfcsubs.dll
           C:\WINDOWS\system32\MFPLAT.dll
A          C:\WINDOWS\system32\mgmtapi.dll
A          C:\WINDOWS\system32\mib.bin
           C:\WINDOWS\system32\microsoft.managementconsole.dll
A          C:\WINDOWS\system32\midimap.dll
A          C:\WINDOWS\system32\miglibnt.dll
A          C:\WINDOWS\system32\migpwd.exe
A          C:\WINDOWS\system32\mimefilt.dll
A          C:\WINDOWS\system32\mlang.dat
A          C:\WINDOWS\system32\mlang.dll
A          C:\WINDOWS\system32\mll_hp.dll
A          C:\WINDOWS\system32\mll_mtf.dll
A          C:\WINDOWS\system32\mll_qic.dll
A          C:\WINDOWS\system32\mmc.exe
A          C:\WINDOWS\system32\mmcbase.dll
           C:\WINDOWS\system32\mmcex.dll
           C:\WINDOWS\system32\mmcfxcommon.dll
A          C:\WINDOWS\system32\mmcndmgr.dll
           C:\WINDOWS\system32\mmcperf.exe
A          C:\WINDOWS\system32\mmcshext.dll
A          C:\WINDOWS\system32\mmdriver.inf
A          C:\WINDOWS\system32\mmdrv.dll
A          C:\WINDOWS\system32\mmfutil.dll
A          C:\WINDOWS\system32\mmsys.cpl
A          C:\WINDOWS\system32\mmsystem.dll
A          C:\WINDOWS\system32\mmtask.tsk
A          C:\WINDOWS\system32\mmutilse.dll
A          C:\WINDOWS\system32\mnmdd.dll
A          C:\WINDOWS\system32\mnmsrvc.exe
A          C:\WINDOWS\system32\mobsync.dll
A          C:\WINDOWS\system32\mobsync.exe
A          C:\WINDOWS\system32\mode.com
A          C:\WINDOWS\system32\modemui.dll
A          C:\WINDOWS\system32\modex.dll
A          C:\WINDOWS\system32\more.com
A          C:\WINDOWS\system32\moricons.dll
A          C:\WINDOWS\system32\mot_ci.dll
A          C:\WINDOWS\system32\mountvol.exe
A          C:\WINDOWS\system32\mouse.drv
           C:\WINDOWS\system32\MP43DECD.dll
A          C:\WINDOWS\system32\MP43DMOD.dll
           C:\WINDOWS\system32\mp4sdecd.dll
A          C:\WINDOWS\system32\MP4SDMOD.dll
A          C:\WINDOWS\system32\mpeg2data.ax
A          C:\WINDOWS\system32\mpg2splt.ax
           C:\WINDOWS\system32\MPG4DECD.dll
A          C:\WINDOWS\system32\MPG4DMOD.dll
A          C:\WINDOWS\system32\mpg4ds32.ax
A          C:\WINDOWS\system32\mplay32.exe
A          C:\WINDOWS\system32\mpnotify.exe
A          C:\WINDOWS\system32\mpr.dll
A          C:\WINDOWS\system32\mprapi.dll
A          C:\WINDOWS\system32\mprddm.dll
A          C:\WINDOWS\system32\mprdim.dll
A          C:\WINDOWS\system32\mprmsg.dll
A          C:\WINDOWS\system32\mprui.dll
A          C:\WINDOWS\system32\mrinfo.exe
A          C:\WINDOWS\system32\MRT.exe
A          C:\WINDOWS\system32\MSAAP.XLA
A          C:\WINDOWS\system32\msaatext.dll
A          C:\WINDOWS\system32\msacm.dll
A          C:\WINDOWS\system32\msacm32.dll
A          C:\WINDOWS\system32\msacm32.drv
A          C:\WINDOWS\system32\msadds32.ax
A          C:\WINDOWS\system32\MSADODC.OCX
A          C:\WINDOWS\system32\msadp32.acm
A          C:\WINDOWS\system32\msafd.dll
A          C:\WINDOWS\system32\msapsspc.dll
A          C:\WINDOWS\system32\msasn1.dll
A          C:\WINDOWS\system32\msaud32.acm
A          C:\WINDOWS\system32\msaudite.dll
A          C:\WINDOWS\system32\mscat32.dll
A          C:\WINDOWS\system32\mscdexnt.exe
A          C:\WINDOWS\system32\mscms.dll
A          C:\WINDOWS\system32\MSComCt2.ocx
A          C:\WINDOWS\system32\MSCOMCTL.OCX
A          C:\WINDOWS\system32\msconf.dll
A          C:\WINDOWS\system32\mscoree.dll
A          C:\WINDOWS\system32\mscorier.dll
A          C:\WINDOWS\system32\mscories.dll
A          C:\WINDOWS\system32\mscpx32r.dll
A          C:\WINDOWS\system32\mscpxl32.dll
A          C:\WINDOWS\system32\msctf.dll
A          C:\WINDOWS\system32\msctfime.ime
A          C:\WINDOWS\system32\msctfp.dll
A          C:\WINDOWS\system32\msdadiag.dll
A          C:\WINDOWS\system32\msdart.dll
A          C:\WINDOWS\system32\MSDATGRD.OCX
A          C:\WINDOWS\system32\msdatsrc.tlb
A          C:\WINDOWS\system32\msdbg2.dll
           C:\WINDOWS\system32\msdelta.dll
A          C:\WINDOWS\system32\msdmo.dll
A          C:\WINDOWS\system32\msdtc.exe
A          C:\WINDOWS\system32\msdtclog.dll
A          C:\WINDOWS\system32\msdtcprf.h
A          C:\WINDOWS\system32\msdtcprf.ini
A          C:\WINDOWS\system32\msdtcprx.dll
A          C:\WINDOWS\system32\msdtctm.dll
A          C:\WINDOWS\system32\msdtcuiu.dll
A          C:\WINDOWS\system32\msdxm.ocx
A          C:\WINDOWS\system32\msdxmlc.dll
A          C:\WINDOWS\system32\msencode.dll
A          C:\WINDOWS\system32\msexch35.dll
A          C:\WINDOWS\system32\msexch40.dll
A          C:\WINDOWS\system32\msexcl35.dll
A          C:\WINDOWS\system32\msexcl40.dll
A          C:\WINDOWS\system32\msfeeds.dll
A          C:\WINDOWS\system32\msfeedsbs.dll
A          C:\WINDOWS\system32\msfeedssync.exe
A          C:\WINDOWS\system32\msftedit.dll
A          C:\WINDOWS\system32\msg.exe
A          C:\WINDOWS\system32\msg711.acm
A          C:\WINDOWS\system32\msg723.acm
A          C:\WINDOWS\system32\msgina.dll
A          C:\WINDOWS\system32\msgsm32.acm
A          C:\WINDOWS\system32\msgsvc.dll
A          C:\WINDOWS\system32\msh261.drv
A          C:\WINDOWS\system32\msh263.drv
A          C:\WINDOWS\system32\mshearts.exe
A          C:\WINDOWS\system32\mshta.exe
           C:\WINDOWS\system32\mshta.exe.mui
A          C:\WINDOWS\system32\mshtml.dll
A          C:\WINDOWS\system32\mshtml.tlb
           C:\WINDOWS\system32\mshtmled.dll
A          C:\WINDOWS\system32\mshtmler.dll
A          C:\WINDOWS\system32\msi.dll
A          C:\WINDOWS\system32\msident.dll
A          C:\WINDOWS\system32\msidle.dll
A          C:\WINDOWS\system32\msidntld.dll
A          C:\WINDOWS\system32\msieftp.dll
A          C:\WINDOWS\system32\msiexec.exe
A          C:\WINDOWS\system32\msihnd.dll
A          C:\WINDOWS\system32\msimg32.dll
A          C:\WINDOWS\system32\msimsg.dll
A          C:\WINDOWS\system32\msimtf.dll
A          C:\WINDOWS\system32\msisip.dll
A          C:\WINDOWS\system32\msjet35.dll
A          C:\WINDOWS\system32\msjet40.dll
A          C:\WINDOWS\system32\msjetoledb40.dll
A          C:\WINDOWS\system32\msjint35.dll
A          C:\WINDOWS\system32\msjint40.dll
A          C:\WINDOWS\system32\msjt4jlt.dll
A          C:\WINDOWS\system32\msjter35.dll
A          C:\WINDOWS\system32\msjter40.dll
A          C:\WINDOWS\system32\msjtes40.dll
A          C:\WINDOWS\system32\mslbui.dll
A          C:\WINDOWS\system32\MSLS2.DLL
A          C:\WINDOWS\system32\msls31.dll
A          C:\WINDOWS\system32\msltus35.dll
A          C:\WINDOWS\system32\msltus40.dll
A          C:\WINDOWS\system32\msnetobj.dll
A          C:\WINDOWS\system32\msnsspc.dll
A          C:\WINDOWS\system32\msobjs.dll
A          C:\WINDOWS\system32\msoeacct.dll
A          C:\WINDOWS\system32\msoert2.dll
A          C:\WINDOWS\system32\msorc32r.dll
A          C:\WINDOWS\system32\msorcl32.dll
A          C:\WINDOWS\system32\mspaint.exe
A          C:\WINDOWS\system32\mspatcha.dll
A          C:\WINDOWS\system32\mspbde40.dll
A          C:\WINDOWS\system32\mspdox35.dll
A          C:\WINDOWS\system32\mspmsnsv.dll
A          C:\WINDOWS\system32\mspmsp.dll
A          C:\WINDOWS\system32\msports.dll
A          C:\WINDOWS\system32\msprivs.dll
A          C:\WINDOWS\system32\msr2c.dll
A          C:\WINDOWS\system32\msr2cenu.dll
A          C:\WINDOWS\system32\msratelc.dll
A          C:\WINDOWS\system32\msrating.dll
           C:\WINDOWS\system32\msrating.dll.mui
A          C:\WINDOWS\system32\msrclr40.dll
A          C:\WINDOWS\system32\msrd2x35.dll
A          C:\WINDOWS\system32\msrd2x40.dll
A          C:\WINDOWS\system32\msrd3x40.dll
A          C:\WINDOWS\system32\MSRDO20.DLL
A          C:\WINDOWS\system32\MSRECR40.DLL
A          C:\WINDOWS\system32\msrepl35.dll
A          C:\WINDOWS\system32\msrepl40.dll
A          C:\WINDOWS\system32\msrle32.dll
A          C:\WINDOWS\system32\msrpfs35.dll
A          C:\WINDOWS\system32\MSRTEDIT.DLL
A          C:\WINDOWS\system32\mssap.dll
A          C:\WINDOWS\system32\msscds32.ax
A          C:\WINDOWS\system32\msscp.dll
A          C:\WINDOWS\system32\msscript.ocx
           C:\WINDOWS\system32\mssha.dll
           C:\WINDOWS\system32\msshavmsg.dll
A          C:\WINDOWS\system32\mssign32.dll
A          C:\WINDOWS\system32\mssip32.dll
A          C:\WINDOWS\system32\MSSTDFMT.DLL
A          C:\WINDOWS\system32\MSSTKPRP.DLL
A          C:\WINDOWS\system32\msswch.dll
A          C:\WINDOWS\system32\msswchx.exe
A          C:\WINDOWS\system32\mstask.dll
A          C:\WINDOWS\system32\mstext35.dll
A          C:\WINDOWS\system32\mstext40.dll
           C:\WINDOWS\system32\mstime.dll
A          C:\WINDOWS\system32\mstinit.exe
A          C:\WINDOWS\system32\mstlsapi.dll
A          C:\WINDOWS\system32\mstsc.exe
A          C:\WINDOWS\system32\mstscax.dll
A          C:\WINDOWS\system32\msutb.dll
A          C:\WINDOWS\system32\msv1_0.dll
A          C:\WINDOWS\system32\msvbvm50.dll
A          C:\WINDOWS\system32\msvbvm60.dll
A          C:\WINDOWS\system32\msvcirt.dll
A          C:\WINDOWS\system32\msvcp50.dll
A          C:\WINDOWS\system32\msvcp60.dll
A          C:\WINDOWS\system32\msvcp71.dll
A          C:\WINDOWS\system32\msvcr71.dll
           C:\WINDOWS\system32\msvcrt.dll
A          C:\WINDOWS\system32\msvcrt20.dll
A          C:\WINDOWS\system32\msvcrt40.dll
A          C:\WINDOWS\system32\msvfw32.dll
A          C:\WINDOWS\system32\msvidc32.dll
A          C:\WINDOWS\system32\msvidctl.dll
A          C:\WINDOWS\system32\msvideo.dll
A          C:\WINDOWS\system32\msw3prt.dll
A          C:\WINDOWS\system32\mswdat10.dll
A          C:\WINDOWS\system32\mswebdvd.dll
A          C:\WINDOWS\system32\mswmdm.dll
A          C:\WINDOWS\system32\mswsock.dll
A          C:\WINDOWS\system32\mswstr10.dll
A          C:\WINDOWS\system32\msxbde40.dll
A          C:\WINDOWS\system32\msxbse35.dll
A          C:\WINDOWS\system32\msxml.dll
A          C:\WINDOWS\system32\msxml2.dll
A          C:\WINDOWS\system32\msxml2r.dll
A          C:\WINDOWS\system32\msxml3.dll
A          C:\WINDOWS\system32\msxml3r.dll
A          C:\WINDOWS\system32\msxml4.dll
A          C:\WINDOWS\system32\msxml4a.dll
A          C:\WINDOWS\system32\msxml4r.dll
A          C:\WINDOWS\system32\msxml6.dll
           C:\WINDOWS\system32\msxml6r.dll
A          C:\WINDOWS\system32\msxmlr.dll
A          C:\WINDOWS\system32\msyuv.dll
A          C:\WINDOWS\system32\mtxclu.dll
A          C:\WINDOWS\system32\mtxdm.dll
A          C:\WINDOWS\system32\mtxex.dll
A          C:\WINDOWS\system32\mtxlegih.dll
A          C:\WINDOWS\system32\mtxoci.dll
           C:\WINDOWS\system32\mtxparhd.dll
A          C:\WINDOWS\system32\mycomput.dll
A          C:\WINDOWS\system32\mydocs.dll
           C:\WINDOWS\system32\napipsec.dll
           C:\WINDOWS\system32\napmontr.dll
           C:\WINDOWS\system32\napstat.exe
A          C:\WINDOWS\system32\narrator.exe
A          C:\WINDOWS\system32\narrhook.dll
A          C:\WINDOWS\system32\nbtstat.exe
A          C:\WINDOWS\system32\ncobjapi.dll
A          C:\WINDOWS\system32\ncpa.cpl
A   HR     C:\WINDOWS\system32\ncpa.cpl.manifest
A          C:\WINDOWS\system32\ncs2dmix.dll
A          C:\WINDOWS\system32\ncs2instutility.dll
A          C:\WINDOWS\system32\ncscolib.dll
A          C:\WINDOWS\system32\ncscrt71.dll
A          C:\WINDOWS\system32\ncscrtp71.dll
A          C:\WINDOWS\system32\ncxpnt.dll
A          C:\WINDOWS\system32\nddeapi.dll
A          C:\WINDOWS\system32\nddeapir.exe
A          C:\WINDOWS\system32\nddenb32.dll
A          C:\WINDOWS\system32\ndptsp.tsp
A          C:\WINDOWS\system32\NeroCheck.exe
A          C:\WINDOWS\system32\net.exe
A          C:\WINDOWS\system32\net.hlp
A          C:\WINDOWS\system32\net1.exe
A          C:\WINDOWS\system32\netapi.dll
A          C:\WINDOWS\system32\netapi32.dll
A          C:\WINDOWS\system32\netcfgx.dll
A          C:\WINDOWS\system32\netdde.exe
A          C:\WINDOWS\system32\netevent.dll
A          C:\WINDOWS\system32\netfxperf.dll
A          C:\WINDOWS\system32\neth.dll
A          C:\WINDOWS\system32\netid.dll
A          C:\WINDOWS\system32\netlogon.dll
A          C:\WINDOWS\system32\netman.dll
A          C:\WINDOWS\system32\netmsg.dll
A          C:\WINDOWS\system32\netplwiz.dll
A          C:\WINDOWS\system32\netrap.dll
A          C:\WINDOWS\system32\netsetup.cpl
A          C:\WINDOWS\system32\netsetup.exe
A          C:\WINDOWS\system32\netsh.exe
A          C:\WINDOWS\system32\netshell.dll
A          C:\WINDOWS\system32\netstat.exe
A          C:\WINDOWS\system32\netui0.dll
A          C:\WINDOWS\system32\netui1.dll
A          C:\WINDOWS\system32\netui2.dll
A          C:\WINDOWS\system32\newdev.dll
A    R     C:\WINDOWS\system32\NicCo32.dll
A    R     C:\WINDOWS\system32\NicIn32.dll
A          C:\WINDOWS\system32\nlhtml.dll
A          C:\WINDOWS\system32\nlsdl.dll
A          C:\WINDOWS\system32\nlsfunc.exe
A          C:\WINDOWS\system32\nmevtmsg.dll
A          C:\WINDOWS\system32\nmmkcert.dll
A          C:\WINDOWS\system32\noise.chs
A          C:\WINDOWS\system32\noise.cht
A          C:\WINDOWS\system32\noise.dat
A          C:\WINDOWS\system32\noise.deu
A          C:\WINDOWS\system32\noise.eng
A          C:\WINDOWS\system32\noise.enu
A          C:\WINDOWS\system32\noise.esn
A          C:\WINDOWS\system32\noise.fra
A          C:\WINDOWS\system32\noise.ita
A          C:\WINDOWS\system32\noise.nld
A          C:\WINDOWS\system32\noise.sve
A          C:\WINDOWS\system32\noise.tha
A          C:\WINDOWS\system32\normaliz.dll
A          C:\WINDOWS\system32\normidna.nls
A          C:\WINDOWS\system32\normnfc.nls
A          C:\WINDOWS\system32\normnfd.nls
A          C:\WINDOWS\system32\normnfkc.nls
A          C:\WINDOWS\system32\normnfkd.nls
A          C:\WINDOWS\system32\notepad.exe
A          C:\WINDOWS\system32\npdeployJava1.dll
A          C:\WINDOWS\system32\npptools.dll
A          C:\WINDOWS\system32\nscompat.tlb
A          C:\WINDOWS\system32\nslookup.exe
A          C:\WINDOWS\system32\ntdll.dll
A          C:\WINDOWS\system32\ntdos.sys
A          C:\WINDOWS\system32\ntdos404.sys
A          C:\WINDOWS\system32\ntdos411.sys
A          C:\WINDOWS\system32\ntdos412.sys
A          C:\WINDOWS\system32\ntdos804.sys
A          C:\WINDOWS\system32\ntdsapi.dll
A          C:\WINDOWS\system32\ntimage.gif
A          C:\WINDOWS\system32\ntio.sys
A          C:\WINDOWS\system32\ntio404.sys
A          C:\WINDOWS\system32\ntio411.sys
A          C:\WINDOWS\system32\ntio412.sys
A          C:\WINDOWS\system32\ntio804.sys
A          C:\WINDOWS\system32\ntkrnlpa.exe
A          C:\WINDOWS\system32\ntlanman.dll
A          C:\WINDOWS\system32\ntlanui.dll
A          C:\WINDOWS\system32\ntlanui2.dll
A          C:\WINDOWS\system32\ntlsapi.dll
A          C:\WINDOWS\system32\ntmarta.dll
A          C:\WINDOWS\system32\ntmsapi.dll
A          C:\WINDOWS\system32\ntmsdba.dll
A          C:\WINDOWS\system32\ntmsevt.dll
A          C:\WINDOWS\system32\ntmsmgr.dll
A          C:\WINDOWS\system32\ntmsmgr.msc
A          C:\WINDOWS\system32\ntmsoprq.msc
A          C:\WINDOWS\system32\ntmssvc.dll
A          C:\WINDOWS\system32\ntoskrnl.exe
A          C:\WINDOWS\system32\ntprint.dll
A          C:\WINDOWS\system32\ntsd.exe
A          C:\WINDOWS\system32\ntsdexts.dll
A          C:\WINDOWS\system32\ntshrui.dll
A          C:\WINDOWS\system32\ntvdm.exe
A          C:\WINDOWS\system32\ntvdmd.dll
A          C:\WINDOWS\system32\nusrmgr.cpl
           C:\WINDOWS\system32\nv4_disp.dll
A   HR     C:\WINDOWS\system32\nwc.cpl.manifest
A          C:\WINDOWS\system32\nwprovau.dll
A          C:\WINDOWS\system32\oakley.dll
A          C:\WINDOWS\system32\objsel.dll
           C:\WINDOWS\system32\occache.dll
A          C:\WINDOWS\system32\ocmanage.dll
A          C:\WINDOWS\system32\odbc16gt.dll
A          C:\WINDOWS\system32\odbc32.dll
A          C:\WINDOWS\system32\odbc32gt.dll
A          C:\WINDOWS\system32\odbcad32.exe
A          C:\WINDOWS\system32\odbcbcp.dll
A          C:\WINDOWS\system32\odbcconf.dll
A          C:\WINDOWS\system32\odbcconf.exe
A          C:\WINDOWS\system32\odbcconf.rsp
A          C:\WINDOWS\system32\odbccp32.cpl
A          C:\WINDOWS\system32\odbccp32.dll
A          C:\WINDOWS\system32\odbccr32.dll
A          C:\WINDOWS\system32\odbccu32.dll
A          C:\WINDOWS\system32\odbcinst.cnt
A          C:\WINDOWS\system32\odbcinst.hlp
A          C:\WINDOWS\system32\odbcint.dll
A          C:\WINDOWS\system32\Odbcjet.cnt
A          C:\WINDOWS\system32\Odbcjet.hlp
A          C:\WINDOWS\system32\odbcji32.dll
A          C:\WINDOWS\system32\odbcjt32.dll
A          C:\WINDOWS\system32\odbcp32r.dll
A          C:\WINDOWS\system32\odbctl32.dll
A          C:\WINDOWS\system32\odbctrac.dll
A          C:\WINDOWS\system32\oddbse32.dll
A          C:\WINDOWS\system32\odexl32.dll
A          C:\WINDOWS\system32\odfox32.dll
A          C:\WINDOWS\system32\odpdx32.dll
A          C:\WINDOWS\system32\odtext32.dll
A          C:\WINDOWS\system32\oembios.bin
A          C:\WINDOWS\system32\oembios.dat
A          C:\WINDOWS\system32\oembios.sig
A          C:\WINDOWS\system32\OEMINFO.INI
A          C:\WINDOWS\system32\OEMLOGO.BMP
A          C:\WINDOWS\system32\offfilt.dll
A          C:\WINDOWS\system32\ole2.dll
A          C:\WINDOWS\system32\ole2disp.dll
A          C:\WINDOWS\system32\ole2nls.dll
A          C:\WINDOWS\system32\ole32.dll
A          C:\WINDOWS\system32\oleacc.dll
A          C:\WINDOWS\system32\oleaccrc.dll
A          C:\WINDOWS\system32\oleaut32.dll
A          C:\WINDOWS\system32\olecli.dll
A          C:\WINDOWS\system32\olecli32.dll
A          C:\WINDOWS\system32\olecnv32.dll
A          C:\WINDOWS\system32\oledlg.dll
A          C:\WINDOWS\system32\oleprn.dll
A          C:\WINDOWS\system32\olepro32.dll
A          C:\WINDOWS\system32\olesvr.dll
A          C:\WINDOWS\system32\olesvr32.dll
A          C:\WINDOWS\system32\olethk32.dll
           C:\WINDOWS\system32\onex.dll
A          C:\WINDOWS\system32\opengl32.dll
A          C:\WINDOWS\system32\osk.exe
A          C:\WINDOWS\system32\osuninst.dll
A          C:\WINDOWS\system32\osuninst.exe
A          C:\WINDOWS\system32\OUTLWAB.DLL
A          C:\WINDOWS\system32\ovovinh.dll
A          C:\WINDOWS\system32\p2p.dll
A          C:\WINDOWS\system32\p2pgasvc.dll
A          C:\WINDOWS\system32\p2pgraph.dll
A          C:\WINDOWS\system32\p2pnetsh.dll
A          C:\WINDOWS\system32\p2psvc.dll
A          C:\WINDOWS\system32\P2smon.dll
A          C:\WINDOWS\system32\p2sodbc.dll
A          C:\WINDOWS\system32\packager.exe
A          C:\WINDOWS\system32\panmap.dll
A          C:\WINDOWS\system32\paqsp.dll
A          C:\WINDOWS\system32\pathping.exe
A          C:\WINDOWS\system32\pautoenr.dll
A          C:\WINDOWS\system32\pcl.sep
A          C:\WINDOWS\system32\pdfl.dat
A          C:\WINDOWS\system32\pdh.dll
A          C:\WINDOWS\system32\pentnt.exe
A          C:\WINDOWS\system32\perfc009.dat
A          C:\WINDOWS\system32\perfci.h
A          C:\WINDOWS\system32\perfci.ini
A          C:\WINDOWS\system32\perfctrs.dll
A          C:\WINDOWS\system32\perfd009.dat
A          C:\WINDOWS\system32\perfdisk.dll
A          C:\WINDOWS\system32\perffilt.h
A          C:\WINDOWS\system32\perffilt.ini
A          C:\WINDOWS\system32\perfh009.dat
A          C:\WINDOWS\system32\perfi009.dat
A          C:\WINDOWS\system32\perfmon.exe
     R     C:\WINDOWS\system32\perfmon.msc
A          C:\WINDOWS\system32\perfnet.dll
A          C:\WINDOWS\system32\perfos.dll
A          C:\WINDOWS\system32\perfproc.dll
A          C:\WINDOWS\system32\PerfStringBackup.INI
A          C:\WINDOWS\system32\perfts.dll
A          C:\WINDOWS\system32\perfwci.h
A          C:\WINDOWS\system32\perfwci.ini
           C:\WINDOWS\system32\photometadatahandler.dll
A          C:\WINDOWS\system32\photowiz.dll
A          C:\WINDOWS\system32\pid.dll
           C:\WINDOWS\system32\pid.inf
A          C:\WINDOWS\system32\pidgen.dll
A          C:\WINDOWS\system32\pifmgr.dll
A          C:\WINDOWS\system32\ping.exe
A          C:\WINDOWS\system32\ping6.exe
           C:\WINDOWS\system32\pintool.exe
A          C:\WINDOWS\system32\pjlmon.dll
A          C:\WINDOWS\system32\plustab.dll
A          C:\WINDOWS\system32\pmspl.dll
A          C:\WINDOWS\system32\pncrt.dll
A          C:\WINDOWS\system32\pndx5016.dll
A          C:\WINDOWS\system32\pndx5032.dll
A          C:\WINDOWS\system32\pngfilt.dll
A          C:\WINDOWS\system32\pnrpnsp.dll
A          C:\WINDOWS\system32\polstore.dll
           C:\WINDOWS\system32\PortableDeviceApi.dll
           C:\WINDOWS\system32\PortableDeviceClassExtension.dll
           C:\WINDOWS\system32\PortableDeviceTypes.dll
           C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
           C:\WINDOWS\system32\PortableDeviceWMDRM.dll
A          C:\WINDOWS\system32\powercfg.cpl
A          C:\WINDOWS\system32\powercfg.exe
A          C:\WINDOWS\system32\powrprof.dll
A          C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
A          C:\WINDOWS\system32\PresentationHost.exe
A          C:\WINDOWS\system32\PresentationHostProxy.dll
A          C:\WINDOWS\system32\PresentationNative_v0300.dll
A          C:\WINDOWS\system32\prflbmsg.dll
A          C:\WINDOWS\system32\print.exe
A          C:\WINDOWS\system32\printui.dll
           C:\WINDOWS\system32\prntvpt.dll
A          C:\WINDOWS\system32\proctexe.ocx
A          C:\WINDOWS\system32\prodspec.ini
A          C:\WINDOWS\system32\profmap.dll
A          C:\WINDOWS\system32\progman.exe
A          C:\WINDOWS\system32\proquota.exe
A    R     C:\WINDOWS\system32\Prounstl.exe
A          C:\WINDOWS\system32\proxycfg.exe
A          C:\WINDOWS\system32\psapi.dll
A          C:\WINDOWS\system32\psbase.dll
A          C:\WINDOWS\system32\pschdcnt.h
A          C:\WINDOWS\system32\pschdprf.dll
A          C:\WINDOWS\system32\pschdprf.ini
A          C:\WINDOWS\system32\pscript.sep
A          C:\WINDOWS\system32\psnppagn.dll
A          C:\WINDOWS\system32\pstorec.dll
A          C:\WINDOWS\system32\pstorsvc.dll
A          C:\WINDOWS\system32\ptpusb.dll
A          C:\WINDOWS\system32\ptpusd.dll
A          C:\WINDOWS\system32\PUB3BRSH.ANI
A          C:\WINDOWS\system32\PUBDLG.DLL
A          C:\WINDOWS\system32\pubprn.vbs
           C:\WINDOWS\system32\pwrshplugin.dll
           C:\WINDOWS\system32\qagent.dll
           C:\WINDOWS\system32\qagentrt.dll
A          C:\WINDOWS\system32\qappsrv.exe
A          C:\WINDOWS\system32\qasf.dll
A          C:\WINDOWS\system32\qcap.dll
           C:\WINDOWS\system32\qcliprov.dll
A          C:\WINDOWS\system32\qdv.dll
A          C:\WINDOWS\system32\qdvd.dll
A          C:\WINDOWS\system32\qedit.dll
A          C:\WINDOWS\system32\qedwipes.dll
A          C:\WINDOWS\system32\qmgr.dll
A          C:\WINDOWS\system32\qmgrprxy.dll
A          C:\WINDOWS\system32\qosname.dll
A          C:\WINDOWS\system32\qprocess.exe
A          C:\WINDOWS\system32\quartz.dll
A          C:\WINDOWS\system32\query.dll
           C:\WINDOWS\system32\qutil.dll
A          C:\WINDOWS\system32\qwinsta.exe
A          C:\WINDOWS\system32\racpldlg.dll
A          C:\WINDOWS\system32\rasadhlp.dll
A          C:\WINDOWS\system32\rasapi32.dll
A          C:\WINDOWS\system32\rasauto.dll
A          C:\WINDOWS\system32\rasautou.exe
A          C:\WINDOWS\system32\raschap.dll
A          C:\WINDOWS\system32\rasctrnm.h
A          C:\WINDOWS\system32\rasctrs.dll
A          C:\WINDOWS\system32\rasctrs.ini
A          C:\WINDOWS\system32\rasdial.exe
A          C:\WINDOWS\system32\rasdlg.dll
A          C:\WINDOWS\system32\rasman.dll
A          C:\WINDOWS\system32\rasmans.dll
A          C:\WINDOWS\system32\rasmontr.dll
A          C:\WINDOWS\system32\rasmxs.dll
A          C:\WINDOWS\system32\rasphone.exe
A          C:\WINDOWS\system32\rasppp.dll
           C:\WINDOWS\system32\rasqec.dll
A          C:\WINDOWS\system32\rasrad.dll
A          C:\WINDOWS\system32\rassapi.dll
A          C:\WINDOWS\system32\rasser.dll
A          C:\WINDOWS\system32\rastapi.dll
A          C:\WINDOWS\system32\rastls.dll
A          C:\WINDOWS\system32\rcbdyctl.dll
A          C:\WINDOWS\system32\rcimlby.exe
A          C:\WINDOWS\system32\rcp.exe
A          C:\WINDOWS\system32\rdchost.dll
A          C:\WINDOWS\system32\RDOCURS.DLL
A          C:\WINDOWS\system32\rdpcfgex.dll
A          C:\WINDOWS\system32\rdpclip.exe
A          C:\WINDOWS\system32\rdpdd.dll
A          C:\WINDOWS\system32\rdpsnd.dll
A          C:\WINDOWS\system32\rdpwsx.dll
A          C:\WINDOWS\system32\rdsaddin.exe
A          C:\WINDOWS\system32\rdshost.exe
A          C:\WINDOWS\system32\recover.exe
A          C:\WINDOWS\system32\redir.exe
A          C:\WINDOWS\system32\redist.rsp
A          C:\WINDOWS\system32\reg.exe
A          C:\WINDOWS\system32\regapi.dll
A          C:\WINDOWS\system32\regedt32.exe
A          C:\WINDOWS\system32\regini.exe
A          C:\WINDOWS\system32\RegistryDefragBootTime.exe
A          C:\WINDOWS\system32\REGOBJ.DLL
A          C:\WINDOWS\system32\regsvc.dll
A          C:\WINDOWS\system32\regsvr32.exe
A          C:\WINDOWS\system32\regwiz.exe
A          C:\WINDOWS\system32\regwizc.dll
A          C:\WINDOWS\system32\remotepg.dll
A          C:\WINDOWS\system32\remotesp.tsp
A          C:\WINDOWS\system32\rend.dll
A          C:\WINDOWS\system32\replace.exe
A          C:\WINDOWS\system32\reset.exe
A          C:\WINDOWS\system32\resutils.dll
A          C:\WINDOWS\system32\rexec.exe
A          C:\WINDOWS\system32\rgb9rast_2.dll
           C:\WINDOWS\system32\rhttpaa.dll
A          C:\WINDOWS\system32\riched20.dll
A          C:\WINDOWS\system32\riched32.dll
A          C:\WINDOWS\system32\rmoc3260.dll
A          C:\WINDOWS\system32\rnr20.dll
A          C:\WINDOWS\system32\route.exe
A          C:\WINDOWS\system32\routemon.exe
A          C:\WINDOWS\system32\routetab.dll
A          C:\WINDOWS\system32\rpcns4.dll
A          C:\WINDOWS\system32\rpcrt4.dll
A          C:\WINDOWS\system32\rpcss.dll
A          C:\WINDOWS\system32\rsaci.rat
A          C:\WINDOWS\system32\rsaenh.dll
A          C:\WINDOWS\system32\rsh.exe
A          C:\WINDOWS\system32\rshx32.dll
A          C:\WINDOWS\system32\rsm.exe
A          C:\WINDOWS\system32\rsmps.dll
A          C:\WINDOWS\system32\rsmsink.exe
A          C:\WINDOWS\system32\rsmui.exe
A          C:\WINDOWS\system32\rsvp.exe
A          C:\WINDOWS\system32\rsvp.ini
A          C:\WINDOWS\system32\rsvpcnts.h
A          C:\WINDOWS\system32\rsvpmsg.dll
A          C:\WINDOWS\system32\rsvpperf.dll
A          C:\WINDOWS\system32\rsvpsp.dll
A          C:\WINDOWS\system32\rtcshare.exe
A          C:\WINDOWS\system32\rtipxmib.dll
     R     C:\WINDOWS\system32\RtlCPAPI.dll
A          C:\WINDOWS\system32\rtm.dll
     R     C:\WINDOWS\system32\RTSndMgr.Cpl
A          C:\WINDOWS\system32\rtutils.dll
A          C:\WINDOWS\system32\runas.exe
A          C:\WINDOWS\system32\rundll32.exe
A          C:\WINDOWS\system32\runonce.exe
A          C:\WINDOWS\system32\rwinsta.exe
           C:\WINDOWS\system32\s3gnb.dll
A          C:\WINDOWS\system32\safrcdlg.dll
A          C:\WINDOWS\system32\safrdm.dll
A          C:\WINDOWS\system32\safrslv.dll
A          C:\WINDOWS\system32\samlib.dll
A          C:\WINDOWS\system32\samsrv.dll
A   HR     C:\WINDOWS\system32\sapi.cpl.manifest
A          C:\WINDOWS\system32\savedump.exe
A          C:\WINDOWS\system32\sbe.dll
A          C:\WINDOWS\system32\sbeio.dll
A          C:\WINDOWS\system32\SBFM40.XLA
A          C:\WINDOWS\system32\sc.exe
A          C:\WINDOWS\system32\scarddlg.dll
A          C:\WINDOWS\system32\scardssp.dll
A          C:\WINDOWS\system32\scardsvr.exe
A          C:\WINDOWS\system32\sccbase.dll
A          C:\WINDOWS\system32\sccsccp.dll
A          C:\WINDOWS\system32\scecli.dll
A          C:\WINDOWS\system32\scesrv.dll
A          C:\WINDOWS\system32\schannel.dll
A          C:\WINDOWS\system32\schedsvc.dll
A          C:\WINDOWS\system32\sclgntfy.dll
A          C:\WINDOWS\system32\SCP32.DLL
A          C:\WINDOWS\system32\scredir.dll
A          C:\WINDOWS\system32\scrnsave.scr
A          C:\WINDOWS\system32\scrobj.dll
           C:\WINDOWS\system32\scrrun.dll
A          C:\WINDOWS\system32\sdbinst.exe
A          C:\WINDOWS\system32\sdhcinst.dll
A          C:\WINDOWS\system32\sdpblb.dll
A          C:\WINDOWS\system32\seclogon.dll
A          C:\WINDOWS\system32\secupd.dat
A          C:\WINDOWS\system32\secupd.sig
A          C:\WINDOWS\system32\secur32.dll
A          C:\WINDOWS\system32\security.dll
A          C:\WINDOWS\system32\sendcmsg.dll
A          C:\WINDOWS\system32\sendmail.dll
A          C:\WINDOWS\system32\sens.dll
A          C:\WINDOWS\system32\sensapi.dll
A          C:\WINDOWS\system32\senscfg.dll
A          C:\WINDOWS\system32\serialui.dll
A          C:\WINDOWS\system32\servdeps.dll
A          C:\WINDOWS\system32\services.exe
A          C:\WINDOWS\system32\services.msc
A          C:\WINDOWS\system32\serwvdrv.dll
A          C:\WINDOWS\system32\sessmgr.exe
A          C:\WINDOWS\system32\SET529.tmp
A          C:\WINDOWS\system32\SET535.tmp
A          C:\WINDOWS\system32\sethc.exe
A          C:\WINDOWS\system32\setup.bmp
A          C:\WINDOWS\system32\setup.exe
A          C:\WINDOWS\system32\setupapi.dll
           C:\WINDOWS\system32\SetupBD.din
A          C:\WINDOWS\system32\setupdll.dll
           C:\WINDOWS\system32\setupn.exe
A          C:\WINDOWS\system32\setver.exe
A          C:\WINDOWS\system32\sfc.dll
A          C:\WINDOWS\system32\sfc.exe
A          C:\WINDOWS\system32\sfcfiles.dll
A          C:\WINDOWS\system32\sfc_os.dll
A          C:\WINDOWS\system32\sfmapi.dll
A          C:\WINDOWS\system32\shadow.exe
A          C:\WINDOWS\system32\share.exe
A          C:\WINDOWS\system32\shdoclc.dll
A          C:\WINDOWS\system32\shdocvw.dll
A          C:\WINDOWS\system32\shell.dll
A          C:\WINDOWS\system32\shell32.dll
A          C:\WINDOWS\system32\shellstyle.dll
A          C:\WINDOWS\system32\shfolder.dll
A          C:\WINDOWS\system32\shgina.dll
A          C:\WINDOWS\system32\shiftjis.uce
A          C:\WINDOWS\system32\shimeng.dll
A          C:\WINDOWS\system32\shimgvw.dll
A          C:\WINDOWS\system32\shlwapi.dll
A          C:\WINDOWS\system32\shmedia.dll
A          C:\WINDOWS\system32\shmgrate.exe
A          C:\WINDOWS\system32\shrpubw.exe
A          C:\WINDOWS\system32\shscrap.dll
A          C:\WINDOWS\system32\shsvcs.dll
A          C:\WINDOWS\system32\shutdown.exe
A          C:\WINDOWS\system32\sigtab.dll
A          C:\WINDOWS\system32\sigverif.exe
A          C:\WINDOWS\system32\simpdata.tlb
A          C:\WINDOWS\system32\sisbkup.dll
A          C:\WINDOWS\system32\skdll.dll
A          C:\WINDOWS\system32\skeys.exe
A          C:\WINDOWS\system32\slayerxp.dll
A          C:\WINDOWS\system32\slbcsp.dll
A          C:\WINDOWS\system32\slbiop.dll
A          C:\WINDOWS\system32\slbrccsp.dll
           C:\WINDOWS\system32\slcoinst.dll
           C:\WINDOWS\system32\slextspk.dll
           C:\WINDOWS\system32\slgen.dll
           C:\WINDOWS\system32\slrundll.exe
           C:\WINDOWS\system32\slserv.exe
A          C:\WINDOWS\system32\sl_anet.acm
A          C:\WINDOWS\system32\smbinst.exe
A          C:\WINDOWS\system32\smlogcfg.dll
A          C:\WINDOWS\system32\smlogsvc.exe
A          C:\WINDOWS\system32\smss.exe
A          C:\WINDOWS\system32\sndrec32.exe
A          C:\WINDOWS\system32\sndvol32.exe
A          C:\WINDOWS\system32\snmpapi.dll
A          C:\WINDOWS\system32\snmpsnap.dll
A          C:\WINDOWS\system32\softpub.dll
A          C:\WINDOWS\system32\sol.exe
A          C:\WINDOWS\system32\sort.exe
A          C:\WINDOWS\system32\sortkey.nls
A          C:\WINDOWS\system32\sorttbls.nls
A          C:\WINDOWS\system32\sound.drv
A          C:\WINDOWS\system32\spdwnwxp.exe
A          C:\WINDOWS\system32\spider.exe
           C:\WINDOWS\system32\spmsg.dll
A          C:\WINDOWS\system32\spnike.dll
A          C:\WINDOWS\system32\spnpinst.exe
A          C:\WINDOWS\system32\spoolss.dll
A          C:\WINDOWS\system32\spoolsv.exe
A          C:\WINDOWS\system32\SpOrder.dll
A          C:\WINDOWS\system32\sprestrt.exe
A          C:\WINDOWS\system32\sprio600.dll
A          C:\WINDOWS\system32\sprio800.dll
A          C:\WINDOWS\system32\spupdsvc.exe
           C:\WINDOWS\system32\spupdwxp.exe
A          C:\WINDOWS\system32\spupdwxp.log
A          C:\WINDOWS\system32\spxcoins.dll
A          C:\WINDOWS\system32\sqlclnt.rsp
A          C:\WINDOWS\system32\sqlsodbc.chm
A          C:\WINDOWS\system32\sqlsrv32.dll
A          C:\WINDOWS\system32\sqlsrv32.rll
A          C:\WINDOWS\system32\sqlunirl.dll
A          C:\WINDOWS\system32\sqlwid.dll
A          C:\WINDOWS\system32\sqlwoa.dll
A          C:\WINDOWS\system32\srclient.dll
A          C:\WINDOWS\system32\srrstr.dll
A          C:\WINDOWS\system32\srsvc.dll
A          C:\WINDOWS\system32\srvsvc.dll
A          C:\WINDOWS\system32\ss3dfo.scr
A          C:\WINDOWS\system32\ssbezier.scr
A          C:\WINDOWS\system32\ssdpapi.dll
A          C:\WINDOWS\system32\ssdpsrv.dll
A          C:\WINDOWS\system32\ssflwbox.scr
A          C:\WINDOWS\system32\ssmarque.scr
A          C:\WINDOWS\system32\ssmypics.scr
A          C:\WINDOWS\system32\ssmyst.scr
A          C:\WINDOWS\system32\sspipes.scr
A          C:\WINDOWS\system32\ssstars.scr
A          C:\WINDOWS\system32\sstext3d.scr
A          C:\WINDOWS\system32\stclient.dll
A          C:\WINDOWS\system32\stdole2.tlb
A          C:\WINDOWS\system32\stdole32.tlb
A          C:\WINDOWS\system32\sti.dll
A          C:\WINDOWS\system32\stimon.exe
A          C:\WINDOWS\system32\sti_ci.dll
A          C:\WINDOWS\system32\stobject.dll
A          C:\WINDOWS\system32\storage.dll
A          C:\WINDOWS\system32\storprop.dll
A          C:\WINDOWS\system32\streamci.dll
A          C:\WINDOWS\system32\strmdll.dll
A          C:\WINDOWS\system32\strmfilt.dll
A          C:\WINDOWS\system32\subrange.uce
A          C:\WINDOWS\system32\subst.exe
A          C:\WINDOWS\system32\suwurep.dll
A          C:\WINDOWS\system32\svchost.exe
A          C:\WINDOWS\system32\svcpack.dll
A          C:\WINDOWS\system32\swprv.dll
A          C:\WINDOWS\system32\sxs.dll
A          C:\WINDOWS\system32\syncapp.exe
A          C:\WINDOWS\system32\synceng.dll
A          C:\WINDOWS\system32\syncui.dll
A          C:\WINDOWS\system32\sysdm.cpl
A          C:\WINDOWS\system32\sysedit.exe
A          C:\WINDOWS\system32\sysinv.dll
A          C:\WINDOWS\system32\syskey.exe
A          C:\WINDOWS\system32\sysmon.ocx
A          C:\WINDOWS\system32\sysocmgr.exe
A          C:\WINDOWS\system32\sysprint.sep
A          C:\WINDOWS\system32\sysprtj.sep
A          C:\WINDOWS\system32\syssetup.dll
A          C:\WINDOWS\system32\system.drv
A          C:\WINDOWS\system32\systray.exe
A          C:\WINDOWS\system32\t2embed.dll
A          C:\WINDOWS\system32\TABCTL32.OCX
A          C:\WINDOWS\system32\tapi.dll
A          C:\WINDOWS\system32\tapi3.dll
A          C:\WINDOWS\system32\tapi32.dll
A          C:\WINDOWS\system32\tapiperf.dll
A          C:\WINDOWS\system32\tapisrv.dll
A          C:\WINDOWS\system32\tapiui.dll
A          C:\WINDOWS\system32\taskman.exe
A          C:\WINDOWS\system32\taskmgr.exe
A          C:\WINDOWS\system32\tcmsetup.exe
A          C:\WINDOWS\system32\tcpmib.dll
A          C:\WINDOWS\system32\tcpmon.dll
A          C:\WINDOWS\system32\tcpmon.ini
A          C:\WINDOWS\system32\tcpmonui.dll
A          C:\WINDOWS\system32\tcpsvcs.exe
A          C:\WINDOWS\system32\tdc.ocx
A          C:\WINDOWS\system32\telephon.cpl
A          C:\WINDOWS\system32\telnet.exe
A          C:\WINDOWS\system32\termmgr.dll
A          C:\WINDOWS\system32\termsrv.dll
A          C:\WINDOWS\system32\tftp.exe
A          C:\WINDOWS\system32\themeui.dll
A          C:\WINDOWS\system32\Thumbs.db
           C:\WINDOWS\system32\ticrf.rat
A          C:\WINDOWS\system32\timedate.cpl
A          C:\WINDOWS\system32\timer.drv
A          C:\WINDOWS\system32\toolhelp.dll
A          C:\WINDOWS\system32\tourstart.exe
A          C:\WINDOWS\system32\tracert.exe
A          C:\WINDOWS\system32\tracert6.exe
A          C:\WINDOWS\system32\traffic.dll
A          C:\WINDOWS\system32\tree.com
A          C:\WINDOWS\system32\trkwks.dll
A          C:\WINDOWS\system32\tsappcmp.dll
A          C:\WINDOWS\system32\tsbyuv.dll
A          C:\WINDOWS\system32\tscfgwmi.dll
A          C:\WINDOWS\system32\tscon.exe
A          C:\WINDOWS\system32\tscupgrd.exe
A          C:\WINDOWS\system32\tsd32.dll
A          C:\WINDOWS\system32\tsddd.dll
A          C:\WINDOWS\system32\tsdiscon.exe
           C:\WINDOWS\system32\tsgqec.dll
A          C:\WINDOWS\system32\tskill.exe
A          C:\WINDOWS\system32\tslabels.h
A          C:\WINDOWS\system32\tslabels.ini
           C:\WINDOWS\system32\tspkg.dll
A          C:\WINDOWS\system32\tsshutdn.exe
A          C:\WINDOWS\system32\tssoft32.acm
A          C:\WINDOWS\system32\TsWpfWrp.exe
A          C:\WINDOWS\system32\twext.dll
A          C:\WINDOWS\system32\TwnLib20.dll
           C:\WINDOWS\system32\TwnLib4.dll
A          C:\WINDOWS\system32\txflog.dll
A          C:\WINDOWS\system32\typelib.dll
           C:\WINDOWS\system32\tzchange.exe
A          C:\WINDOWS\system32\TZLog.log
A          C:\WINDOWS\system32\udhisapi.dll
A          C:\WINDOWS\system32\ufat.dll
A          C:\WINDOWS\system32\uiautomationcore.dll
A          C:\WINDOWS\system32\ulib.dll
A          C:\WINDOWS\system32\umandlg.dll
A          C:\WINDOWS\system32\umdmxfrm.dll
A          C:\WINDOWS\system32\umpnpmgr.dll
A          C:\WINDOWS\system32\unicode.nls
A          C:\WINDOWS\system32\unimdm.tsp
A          C:\WINDOWS\system32\unimdmat.dll
A          C:\WINDOWS\system32\uniplat.dll
A          C:\WINDOWS\system32\unlodctr.exe
A          C:\WINDOWS\system32\untfs.dll
A          C:\WINDOWS\system32\upnp.dll
A          C:\WINDOWS\system32\upnpcont.exe
A          C:\WINDOWS\system32\upnphost.dll
A          C:\WINDOWS\system32\upnpui.dll
A          C:\WINDOWS\system32\ups.exe
A          C:\WINDOWS\system32\ureg.dll
A          C:\WINDOWS\system32\url.dll
A          C:\WINDOWS\system32\urlmon.dll
A          C:\WINDOWS\system32\usbmon.dll
A          C:\WINDOWS\system32\usbui.dll
A          C:\WINDOWS\system32\user.exe
A          C:\WINDOWS\system32\user32.dll
A          C:\WINDOWS\system32\userenv.dll
A          C:\WINDOWS\system32\userinit.exe
A          C:\WINDOWS\system32\usp10.dll
A          C:\WINDOWS\system32\usrcntra.dll
A          C:\WINDOWS\system32\usrcoina.dll
A          C:\WINDOWS\system32\usrdpa.dll
A          C:\WINDOWS\system32\usrdtea.dll
A          C:\WINDOWS\system32\usrfaxa.dll
A          C:\WINDOWS\system32\usrlbva.dll
A          C:\WINDOWS\system32\usrlogon.cmd
A          C:\WINDOWS\system32\usrmlnka.exe
A          C:\WINDOWS\system32\usrprbda.exe
A          C:\WINDOWS\system32\usrrtosa.dll
A          C:\WINDOWS\system32\usrsdpia.dll
A          C:\WINDOWS\system32\usrshuta.exe
A          C:\WINDOWS\system32\usrsvpia.dll
A          C:\WINDOWS\system32\usrv42a.dll
A          C:\WINDOWS\system32\usrv80a.dll
A          C:\WINDOWS\system32\usrvoica.dll
A          C:\WINDOWS\system32\usrvpa.dll
A          C:\WINDOWS\system32\utildll.dll
A          C:\WINDOWS\system32\utilman.exe
A          C:\WINDOWS\system32\uwdf.exe
A          C:\WINDOWS\system32\uxtheme.dll
A          C:\WINDOWS\system32\v7vga.rom
A          C:\WINDOWS\system32\VB5DB.DLL
A          C:\WINDOWS\system32\VBAEN32.OLB
A          C:\WINDOWS\system32\VBAEND32.OLB
A          C:\WINDOWS\system32\vbajet32.dll
A          C:\WINDOWS\system32\VBAME.DLL
A          C:\WINDOWS\system32\VBAR332.DLL
A          C:\WINDOWS\system32\vbisurf.ax
A          C:\WINDOWS\system32\vbscript.dll
A          C:\WINDOWS\system32\vcdex.dll
A          C:\WINDOWS\system32\vdmdbg.dll
A          C:\WINDOWS\system32\vdmredir.dll
A          C:\WINDOWS\system32\VEN2232.OLB
A          C:\WINDOWS\system32\ver.dll
           C:\WINDOWS\system32\verclsid.exe
A          C:\WINDOWS\system32\verifier.dll
A          C:\WINDOWS\system32\verifier.exe
A          C:\WINDOWS\system32\version.dll
A          C:\WINDOWS\system32\vfpodbc.dll
A          C:\WINDOWS\system32\vga.dll
A          C:\WINDOWS\system32\vga.drv
A          C:\WINDOWS\system32\vga256.dll
A          C:\WINDOWS\system32\vga64k.dll
           C:\WINDOWS\system32\vidcap.ax
A          C:\WINDOWS\system32\View Channels.scf
A          C:\WINDOWS\system32\vjoy.dll
A   H      C:\WINDOWS\system32\vsconfig.xml
A          C:\WINDOWS\system32\vsdata.dll
A          C:\WINDOWS\system32\vsdatant.sys
A          C:\WINDOWS\system32\vsinit.dll
A          C:\WINDOWS\system32\vsmonapi.dll
A          C:\WINDOWS\system32\vspubapi.dll
A          C:\WINDOWS\system32\vsregexp.dll
A          C:\WINDOWS\system32\vssadmin.exe
A          C:\WINDOWS\system32\vssapi.dll
A          C:\WINDOWS\system32\vssvc.exe
A          C:\WINDOWS\system32\vss_ps.dll
A          C:\WINDOWS\system32\vsutil.dll
A          C:\WINDOWS\system32\vswmi.dll
A          C:\WINDOWS\system32\vsxml.dll
A          C:\WINDOWS\system32\w32time.dll
A          C:\WINDOWS\system32\w32tm.exe
A          C:\WINDOWS\system32\w32topl.dll
A          C:\WINDOWS\system32\w3ssl.dll
A          C:\WINDOWS\system32\watchdog.sys
A          C:\WINDOWS\system32\wavemsp.dll
A          C:\WINDOWS\system32\wbcache.deu
A          C:\WINDOWS\system32\wbcache.enu
A          C:\WINDOWS\system32\wbcache.esn
A          C:\WINDOWS\system32\wbcache.fra
A          C:\WINDOWS\system32\wbcache.ita
A          C:\WINDOWS\system32\wbcache.nld
A          C:\WINDOWS\system32\wbcache.sve
A          C:\WINDOWS\system32\wbdbase.deu
A          C:\WINDOWS\system32\wbdbase.enu
A          C:\WINDOWS\system32\wbdbase.esn
A          C:\WINDOWS\system32\wbdbase.fra
A          C:\WINDOWS\system32\wbdbase.ita
A          C:\WINDOWS\system32\wbdbase.nld
A          C:\WINDOWS\system32\wbdbase.sve
A          C:\WINDOWS\system32\wdfapi.dll
A          C:\WINDOWS\system32\wdfmgr.exe
A          C:\WINDOWS\system32\wdigest.dll
A          C:\WINDOWS\system32\wdl.trm
A          C:\WINDOWS\system32\wdmaud.drv
A          C:\WINDOWS\system32\webcheck.dll
A          C:\WINDOWS\system32\webclnt.dll
A          C:\WINDOWS\system32\webfldrs.msi
A          C:\WINDOWS\system32\webhits.dll
A          C:\WINDOWS\system32\webvw.dll
           C:\WINDOWS\system32\wevtfwd.dll
A          C:\WINDOWS\system32\wextract.exe
A          C:\WINDOWS\system32\wfwnet.drv
A          C:\WINDOWS\system32\wiaacmgr.exe
A          C:\WINDOWS\system32\wiadefui.dll
A          C:\WINDOWS\system32\wiadss.dll
A          C:\WINDOWS\system32\wiascr.dll
A          C:\WINDOWS\system32\wiaservc.dll
A          C:\WINDOWS\system32\wiasf.ax
A          C:\WINDOWS\system32\wiashext.dll
A          C:\WINDOWS\system32\wiavideo.dll
A          C:\WINDOWS\system32\wiavusd.dll
A          C:\WINDOWS\system32\wifeman.dll
A          C:\WINDOWS\system32\win.com
A          C:\WINDOWS\system32\win32k.sys
A          C:\WINDOWS\system32\win32spl.dll
A          C:\WINDOWS\system32\win87em.dll
A          C:\WINDOWS\system32\winbrand.dll
A          C:\WINDOWS\system32\winchat.exe
A          C:\WINDOWS\system32\WindowsAccessBridge.dll
           C:\WINDOWS\system32\windowscodecs.dll
           C:\WINDOWS\system32\windowscodecsext.dll
A   HR     C:\WINDOWS\system32\WindowsLogon.manifest
A          C:\WINDOWS\system32\winfax.dll
A          C:\WINDOWS\system32\WinFXDocObj.exe
A          C:\WINDOWS\system32\winhelp.hlp
A          C:\WINDOWS\system32\winhlp32.exe
A          C:\WINDOWS\system32\winhttp.dll
A          C:\WINDOWS\system32\wininet.dll
A          C:\WINDOWS\system32\winipsec.dll
A          C:\WINDOWS\system32\winlogon.exe
A          C:\WINDOWS\system32\winmine.exe
A          C:\WINDOWS\system32\winmm.dll
A          C:\WINDOWS\system32\winmsd.exe
A          C:\WINDOWS\system32\winnls.dll
A          C:\WINDOWS\system32\winntbbu.dll
A          C:\WINDOWS\system32\winoldap.mod
           C:\WINDOWS\system32\winrm.cmd
           C:\WINDOWS\system32\winrm.vbs
           C:\WINDOWS\system32\winrmprov.dll
           C:\WINDOWS\system32\winrmprov.mof
A          C:\WINDOWS\system32\winrnr.dll
           C:\WINDOWS\system32\winrs.exe
           C:\WINDOWS\system32\winrscmd.dll
           C:\WINDOWS\system32\winrshost.exe
           C:\WINDOWS\system32\winrsmgr.dll
           C:\WINDOWS\system32\winrssrv.dll
A          C:\WINDOWS\system32\winscard.dll
A          C:\WINDOWS\system32\winshfhc.dll
A          C:\WINDOWS\system32\winsock.dll
A          C:\WINDOWS\system32\winspool.drv
A          C:\WINDOWS\system32\winspool.exe
A          C:\WINDOWS\system32\winsrv.dll
A          C:\WINDOWS\system32\winsta.dll
A          C:\WINDOWS\system32\winstrm.dll
A          C:\WINDOWS\system32\wintrust.dll
A          C:\WINDOWS\system32\winver.exe
A          C:\WINDOWS\system32\wkssvc.dll
           C:\WINDOWS\system32\wlanapi.dll
A          C:\WINDOWS\system32\wldap32.dll
A          C:\WINDOWS\system32\wlnotify.dll
A          C:\WINDOWS\system32\WMADMOD.dll
A          C:\WINDOWS\system32\WMADMOE.dll
A          C:\WINDOWS\system32\wmasf.dll
A          C:\WINDOWS\system32\wmdmlog.dll
A          C:\WINDOWS\system32\wmdmps.dll
A          C:\WINDOWS\system32\wmdrmdev.dll
A          C:\WINDOWS\system32\wmdrmnet.dll
           C:\WINDOWS\system32\wmdrmsdk.dll
A          C:\WINDOWS\system32\wmerrenu.dll
A          C:\WINDOWS\system32\wmerror.dll
A          C:\WINDOWS\system32\wmi.dll
A          C:\WINDOWS\system32\wmidx.dll
A          C:\WINDOWS\system32\wmimgmt.msc
A          C:\WINDOWS\system32\wmiprop.dll
A          C:\WINDOWS\system32\WMNetmgr.dll
A          C:\WINDOWS\system32\wmp.dll
A          C:\WINDOWS\system32\wmp.ocx
A          C:\WINDOWS\system32\wmpasf.dll
A          C:\WINDOWS\system32\wmpcd.dll
A          C:\WINDOWS\system32\wmpcore.dll
A          C:\WINDOWS\system32\wmpdxm.dll
           C:\WINDOWS\system32\wmpeffects.dll
A          C:\WINDOWS\system32\wmpencen.dll
           C:\WINDOWS\system32\wmphoto.dll
A          C:\WINDOWS\system32\wmploc.dll
           C:\WINDOWS\system32\wmpmde.dll
A          C:\WINDOWS\system32\wmpns.dll
           C:\WINDOWS\system32\wmpps.dll
A          C:\WINDOWS\system32\wmpshell.dll
A          C:\WINDOWS\system32\wmpsrcwp.dll
A          C:\WINDOWS\system32\wmpui.dll
A          C:\WINDOWS\system32\wmsdmod.dll
A          C:\WINDOWS\system32\wmsdmoe.dll
A          C:\WINDOWS\system32\wmsdmoe2.dll
A          C:\WINDOWS\system32\wmspdmod.dll
A          C:\WINDOWS\system32\WMSPDMOE.dll
A          C:\WINDOWS\system32\wmstream.dll
A          C:\WINDOWS\system32\wmv8ds32.ax
A          C:\WINDOWS\system32\WMVADVD.dll
A          C:\WINDOWS\system32\WMVADVE.DLL
A          C:\WINDOWS\system32\WMVCore.dll
           C:\WINDOWS\system32\WMVDECOD.dll
A          C:\WINDOWS\system32\wmvdmod.dll
A          C:\WINDOWS\system32\wmvdmoe2.dll
A          C:\WINDOWS\system32\wmvds32.ax
           C:\WINDOWS\system32\WMVENCOD.dll
           C:\WINDOWS\system32\WMVSDECD.dll
           C:\WINDOWS\system32\WMVSENCD.dll
           C:\WINDOWS\system32\WMVXENCD.dll
A          C:\WINDOWS\system32\wow32.dll
A          C:\WINDOWS\system32\wowdeb.exe
A          C:\WINDOWS\system32\wowexec.exe
A          C:\WINDOWS\system32\wowfax.dll
A          C:\WINDOWS\system32\wowfaxui.dll
A          C:\WINDOWS\system32\wpa.bak
A          C:\WINDOWS\system32\wpa.dbl
A          C:\WINDOWS\system32\wpabaln.exe
A          C:\WINDOWS\system32\wpdconns.dll
A          C:\WINDOWS\system32\wpdmtp.dll
A          C:\WINDOWS\system32\wpdmtpdr.dll
A          C:\WINDOWS\system32\wpdmtpus.dll
           C:\WINDOWS\system32\WpdShext.dll
           C:\WINDOWS\system32\wpdshextautoplay.exe
           C:\WINDOWS\system32\wpdshextres.dll
           C:\WINDOWS\system32\WPDShServiceObj.dll
A          C:\WINDOWS\system32\wpdsp.dll
A          C:\WINDOWS\system32\wpdtrace.dll
A          C:\WINDOWS\system32\wpd_ci.dll
A          C:\WINDOWS\system32\wpnpinst.exe
A          C:\WINDOWS\system32\write.exe
A          C:\WINDOWS\system32\ws2help.dll
A          C:\WINDOWS\system32\ws2_32.dll
A          C:\WINDOWS\system32\wscntfy.exe
A          C:\WINDOWS\system32\wscript.exe
A          C:\WINDOWS\system32\wscsvc.dll
A          C:\WINDOWS\system32\wscui.cpl
A          C:\WINDOWS\system32\wshatm.dll
A          C:\WINDOWS\system32\wshbth.dll
A          C:\WINDOWS\system32\wshcon.dll
A          C:\WINDOWS\system32\wshext.dll
A          C:\WINDOWS\system32\wship6.dll
A          C:\WINDOWS\system32\wshisn.dll
A          C:\WINDOWS\system32\wshnetbs.dll
A          C:\WINDOWS\system32\wshom.ocx
A          C:\WINDOWS\system32\wshrm.dll
A          C:\WINDOWS\system32\wshtcpip.dll
           C:\WINDOWS\system32\wsmanhttpconfig.exe
           C:\WINDOWS\system32\WsmAuto.dll
           C:\WINDOWS\system32\wsmplpxy.dll
           C:\WINDOWS\system32\wsmprovhost.exe
           C:\WINDOWS\system32\WsmPty.xsl
           C:\WINDOWS\system32\WsmRes.dll
           C:\WINDOWS\system32\WsmSvc.dll
           C:\WINDOWS\system32\WsmTxt.xsl
           C:\WINDOWS\system32\WsmWmiPl.dll
A          C:\WINDOWS\system32\wsnmp32.dll
A          C:\WINDOWS\system32\wsock32.dll
A          C:\WINDOWS\system32\wstdecod.dll
A          C:\WINDOWS\system32\wtsapi32.dll
A          C:\WINDOWS\system32\wuapi.dll
A          C:\WINDOWS\system32\wuapi.dll.mui
A          C:\WINDOWS\system32\wuauclt.exe
A          C:\WINDOWS\system32\wuauclt1.exe
A          C:\WINDOWS\system32\wuaucpl.cpl
A   HR     C:\WINDOWS\system32\wuaucpl.cpl.manifest
A          C:\WINDOWS\system32\wuaucpl.cpl.mui
A          C:\WINDOWS\system32\wuaueng.dll
A          C:\WINDOWS\system32\wuaueng.dll.mui
A          C:\WINDOWS\system32\wuaueng1.dll
A          C:\WINDOWS\system32\wuauserv.dll
A          C:\WINDOWS\system32\wucltui.dll
A          C:\WINDOWS\system32\wucltui.dll.mui
           C:\WINDOWS\system32\WUDFCoinstaller.dll
           C:\WINDOWS\system32\WudfHost.exe
           C:\WINDOWS\system32\WudfPlatform.dll
           C:\WINDOWS\system32\WudfSvc.dll
           C:\WINDOWS\system32\WUDFx.dll
A          C:\WINDOWS\system32\wupdmgr.exe
A          C:\WINDOWS\system32\wups.dll
A          C:\WINDOWS\system32\wups2.dll
A          C:\WINDOWS\system32\wuweb.dll
A          C:\WINDOWS\system32\wzcdlg.dll
A          C:\WINDOWS\system32\wzcsapi.dll
A          C:\WINDOWS\system32\wzcsvc.dll
A          C:\WINDOWS\system32\xactsrv.dll
A          C:\WINDOWS\system32\xcopy.exe
A          C:\WINDOWS\system32\xenroll.dll
A          C:\WINDOWS\system32\xmllite.dll
A          C:\WINDOWS\system32\xmlprov.dll
A          C:\WINDOWS\system32\xmlprovi.dll
A          C:\WINDOWS\system32\xolehlp.dll
A          C:\WINDOWS\system32\xpob2res.dll
A          C:\WINDOWS\system32\xpsp1res.dll
A          C:\WINDOWS\system32\xpsp2res.dll
A          C:\WINDOWS\system32\xpsp3res.dll
A          C:\WINDOWS\system32\xpsp4res.dll
           C:\WINDOWS\system32\xpsshhdr.dll
           C:\WINDOWS\system32\xpssvcs.dll
A          C:\WINDOWS\system32\xvid.ax
A          C:\WINDOWS\system32\xvidcore.dll
A          C:\WINDOWS\system32\xvidvfw.dll
A          C:\WINDOWS\system32\zipfldr.dll
A          C:\WINDOWS\system32\zlcomm.dll
A          C:\WINDOWS\system32\zlcommdb.dll
A   H      C:\WINDOWS\system32\zllictbl.dat
A          C:\WINDOWS\system32\zpeng24.dll
A          C:\WINDOWS\system32\zpeng25.dll



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 07 February 2013 - 05:53 PM

Press Windows+R key and type

 

tasks and click ok

 

Delete both these files

 

"Udwtc.job"    "Xxuehpd.job

 

Restart the PC and post the new Farbar service scanner log


Edited by narenxp, 07 February 2013 - 05:53 PM.


#10 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 07 February 2013 - 06:05 PM

Results:

 

Farbar Service Scanner Version: 30-01-2013
Ran by Steve Parker (administrator) on 07-02-2013 at 17:00:25
Running from "C:\Documents and Settings\Steve Parker\Desktop\Temp"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start

type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2006-11-01 14:04] - [2008-04-13 18:12] - 0006656 ____A (Microsoft

Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 06:00] - [2009-02-06 05:11] - 0110592 ____A (Microsoft

Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 07 February 2013 - 06:16 PM

Press Windows+R key and type

 

services.msc and click ok

 

Right click on Security center service-properties

 

Change the startup type to automatic and start it.

 

Let me know if you still have redirects before we wrap up



#12 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 07 February 2013 - 06:30 PM

There is no longer any redirects.

 

Thank you very much for lending me your skills. Twice I have had to deal with this issue and twice your people at this site have fixed the issue for me.

 

Thanks again.



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 07 February 2013 - 06:32 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)
 



#14 Mok

Mok
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 08 February 2013 - 11:52 AM

Done everything suggested. Removed ZoneAlarm and installed Security Essentials. Computer is working good now.Thanks again for your help.

 

I noticed the site was down for a while about an hour ago. Did you get a virus? :)



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:32 PM

Posted 08 February 2013 - 01:43 PM

You're most welcome :)

 

I noticed the site was down for a while about an hour ago. Did you get a virus? smile.png

 

Ha ha.There was a forum upgrade yesterday.I guess they are still fixing things.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users