Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 14th, 2008, 12:42 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:30, on 14/01/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy02.pacific.net.th:8080
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll (file missing)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [WhitneyXerox_S2P] C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10174 bytes

====================================

Here is my Uninstall list:

5.1b1
Able ITS
AC3
ACDSee Photo Editor
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
All-in-one For Win Version M
All-in-one For Win Version M
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Software Update
ArcSoft Panorama Maker 3
ATI Display Driver
AVG Free Edition
Azureus Vuze
BitComet 0.93
Calculator Powertoy for Windows XP
Cambridge Advanced Learners Dictionary
Camfrog Video Chat 3.94 (remove only)
CeRegEditor PreRelease 0.0.2.2
Change Analysis Diagnostic for Windows XP (KB924732)
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Concord WinFax Plugin v3.0
CopyProfile
CyberGuard Lite
dBpowerAMP Mp4 Codec
DVD Shrink 3.2
DVD Suite
GdiplusUpgrade
GDS-RAM2Free
GG E-Sports Platform
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows Media Format 11 SDK (KB928788)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB917821)
Hotfix for Windows Media Format SDK (KB921108)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB319740)
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB897338)
Hotfix for Windows XP (KB898900)
Hotfix for Windows XP (KB900485)
Hotfix for Windows XP (KB903234)
Hotfix for Windows XP (KB904412)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB907865)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB912461)
Hotfix for Windows XP (KB912817)
Hotfix for Windows XP (KB913538)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB917021)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918093)
Hotfix for Windows XP (KB918766)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB919071)
Hotfix for Windows XP (KB924867)
Hotfix for Windows XP (KB924941)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB927544)
Hotfix for Windows XP (KB932662)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB935843)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HTML Slideshow Powertoy for Windows XP
ieSpell
Image Resizer Powertoy for Windows XP
Java(TM) SE Runtime Environment 6 Update 1
JGsoft EditPad Lite 6.3.1
K-Lite Codec Pack 2.83 Full
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magnifier Powertoy for Windows XP
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Hotfix (KB925168)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Portrait 3.0 Beta
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Windows Journal Viewer
Microsoft Windows User State Migration Tool version 2.61
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MyFreeCodec
Nero 7 Ultra Edition
Nero Mega Plugin Pack
neroxml
Nikon Message Center
Offline Crash Diagnostic for Windows XP
overland
PCI SoftV92 Modem
PCManager 2.0W
PE Explorer 1.99 R2
Philips Flat Panel Adjust
PictureProject
PowerDVD
PowerProducer
QuickTime
Real Alternative 1.50
Samsung Anycall HSP Plus Driver
SAMSUNG CDMA Modem Driver Set
Samsung Media Studio
Samsung PC Studio 5
ScanSoft OmniPage SE 3.0
ScanSoft PaperPort 10
SDFormatter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB900930)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Slideshow Generator Powertoy for Windows XP
SoftV90 Voice Speakerphone Modem
SoundMAX
StartupMonitor
Symantec WinFax PRO
SyncToy
SyncToy
TCGex - Client
ThaiWinCE Professional
Tiger Woods PGA Tour Golf
Timershot Powertoy for Windows XP
UltraISO Premium V8.62
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows Media Player 10 (KB912452)
Update for Windows XP (KB896256)
Update for Windows XP (KB896427)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB907265)
Update for Windows XP (KB908521)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB917425)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932590)
Update for Windows XP (KB933360)
Update for Windows XP (KB933612)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
User Profile Hive Cleanup Service
VCT
VIA Integrated Setup Wizard
VIMICRO USB PC Camera VC0305
Virtual Desktop Manager Powertoy for Windows XP
VORBISLQ
VXIS nAVI DShow-Codec (Remove only)
WAVPACK
WinCE CAB Manager
Windows Communication Foundation
Windows Defender
Windows Driver Package - MobileTop (sshpmdm) Modem (12/06/2005 2.4.0)
Windows Driver Package - MobileTop (sshpusb) USB (12/06/2005 2.4.0)
Windows Easy Transfer
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Hotfix - KB895181
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Messenger 5.1
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB894395
Windows XP Hotfix - KB896626
WinHex
WinRAR archiver
Xerox Font Management Utility
Xerox WorkCentre PE220 Series Driver Uninstall
XP Royale Theme
XviD MPEG-4 Video Codec
YMPEG: Fast MPEG-1/2/VCD/SVCD Codec
ZoneAlarm
ZoneAlarm Spy Blocker

I was so stupid to download a file from one of my friends who got hacked on her MSN account. The hacker was using her account and sent me a zip file named "newpicture025.zip."

At first, I scanned with AVG Free Edition. It didn't catch anything until I unziped this file and opened it. AVG caught it later after I excecuted the .exe file but it was too late. This bad file allowed the hacker to use my MSN account to send this bad file to my contact list.

I disabled my network after I executed the file about 1 minute later. Then I tried to scan by AVG and installed zonealarm later to see incoming and outgoing bound. Next, I installed Ad-Aware 2007 free edition to check this out and deleted all infected items.

Last, I installed HijackThis to see log files because the Trojan file kept showing up again when I scaned with AVG on rebooting Window XP. I checked Task Manager but no suspected files running. (At first, I found this suspect file "msgrlive.exe" running .. I found it I killed the process then I killed it with AVG again.)

To sum up, everytime I turn on my PC. I always run AVG, Ad-Aware, and check ZoneAlarm to see in-out activities. AVG always catch this Trojan. It always come back after I kill it on fresh reboot Window XP.

Thank You for your time.
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am
Advertisement
Register to Remove

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby 'KotaGuy » January 17th, 2008, 12:48 pm

If you still require help can you post a new HijackThis log please. Its been a few days since you've posted and something in the log may have changed since then.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 17th, 2008, 11:01 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:28, on 18/01/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy02.pacific.net.th:8080
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll (file missing)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [WhitneyXerox_S2P] C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10262 bytes

==================================================

I think I killed the Trojan Horse. AVG and Ad-Aware can't see any suspect files now.
I checked Task Manager .. nothing harmful there ..
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby 'KotaGuy » January 18th, 2008, 10:18 am

Run HijackThis. Click the Misc Tools button. Then the Uninstall Manager button. Then the Save List button. Save that list to your Desktop.

Copy/paste the contents of that list in your next reply please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 21st, 2008, 2:37 am

AC3
ACDSee Photo Editor
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
All-in-one For Win Version M
All-in-one For Win Version M
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Software Update
ArcSoft Panorama Maker 3
ATI Display Driver
AVG Free Edition
Azureus Vuze
BitComet 0.93
Calculator Powertoy for Windows XP
Cambridge Advanced Learners Dictionary
CeRegEditor PreRelease 0.0.2.2
Change Analysis Diagnostic for Windows XP (KB924732)
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Concord WinFax Plugin v3.0
CopyProfile
CyberGuard Lite
dBpowerAMP Mp4 Codec
DVD Shrink 3.2
DVD Suite
GdiplusUpgrade
GDS-RAM2Free
GG E-Sports Platform
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for MSXML 2 (KB887606)
Hotfix for Windows Media Format 11 SDK (KB928788)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB917821)
Hotfix for Windows Media Format SDK (KB921108)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB319740)
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB897338)
Hotfix for Windows XP (KB898900)
Hotfix for Windows XP (KB900485)
Hotfix for Windows XP (KB903234)
Hotfix for Windows XP (KB904412)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB907865)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB912461)
Hotfix for Windows XP (KB912817)
Hotfix for Windows XP (KB913538)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB917021)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918093)
Hotfix for Windows XP (KB918766)
Hotfix for Windows XP (KB918997)
Hotfix for Windows XP (KB919071)
Hotfix for Windows XP (KB924867)
Hotfix for Windows XP (KB924941)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB927544)
Hotfix for Windows XP (KB932662)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB935843)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
HTML Slideshow Powertoy for Windows XP
ieSpell
Image Resizer Powertoy for Windows XP
Java(TM) SE Runtime Environment 6 Update 1
JGsoft EditPad Lite 6.3.1
K-Lite Codec Pack 2.83 Full
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Magnifier Powertoy for Windows XP
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Hotfix (KB925168)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Portrait 3.0 Beta
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Windows Journal Viewer
Microsoft Windows User State Migration Tool version 2.61
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MyFreeCodec
Nero 7 Ultra Edition
Nero Mega Plugin Pack
neroxml
Nikon Message Center
Offline Crash Diagnostic for Windows XP
overland
PCI SoftV92 Modem
PCManager 2.0W
PE Explorer 1.99 R2
Philips Flat Panel Adjust
PictureProject
PowerDVD
PowerProducer
QuickTime
Real Alternative 1.50
Samsung Anycall HSP Plus Driver
SAMSUNG CDMA Modem Driver Set
Samsung Media Studio
Samsung PC Studio 5
ScanSoft OmniPage SE 3.0
ScanSoft PaperPort 10
SDFormatter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB900930)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Slideshow Generator Powertoy for Windows XP
SoftV90 Voice Speakerphone Modem
SoundMAX
StartupMonitor
Symantec WinFax PRO
SyncToy
SyncToy
TCGex - Client
ThaiWinCE Professional
Timershot Powertoy for Windows XP
UltraISO Premium V8.62
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows Media Player 10 (KB912452)
Update for Windows XP (KB896256)
Update for Windows XP (KB896427)
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB907265)
Update for Windows XP (KB908521)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB917425)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932590)
Update for Windows XP (KB933360)
Update for Windows XP (KB933612)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
User Profile Hive Cleanup Service
VCT
VIA Integrated Setup Wizard
VIMICRO USB PC Camera VC0305
Virtual Desktop Manager Powertoy for Windows XP
VORBISLQ
VXIS nAVI DShow-Codec (Remove only)
WAVPACK
WinCE CAB Manager
Windows Communication Foundation
Windows Defender
Windows Driver Package - MobileTop (sshpmdm) Modem (12/06/2005 2.4.0)
Windows Driver Package - MobileTop (sshpusb) USB (12/06/2005 2.4.0)
Windows Easy Transfer
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Hotfix - KB895181
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Messenger 5.1
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB894395
Windows XP Hotfix - KB896626
WinHex
WinRAR archiver
Xerox Font Management Utility
Xerox WorkCentre PE220 Series Driver Uninstall
XP Royale Theme
XviD MPEG-4 Video Codec
YMPEG: Fast MPEG-1/2/VCD/SVCD Codec
ZoneAlarm
ZoneAlarm Spy Blocker

**** I don't know which manager that you want me to uninstall. If PCManager 2.0W, it is a software by samsung cell phone.

I don't know what is it about "overland."
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby 'KotaGuy » January 21st, 2008, 9:59 am

Click Start>Run type in appwiz.cpl and hit Enter. From the list uninstall the following:

Java(TM) SE Runtime Environment 6 Update 1
overland


Run and scan with HijackThis and place checks beside the following:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb Wallet\SpbWalletToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll


Close all open browsers/windows and click the Fix button.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Run SDFix.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 22nd, 2008, 10:08 pm

SDFix: Version 1.129

Run by Administrator on Wed 01/23/2008 at 08:14 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 08:52:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\Src\ceDevice\MactionMap\Projects\\n\16X\16\4\0161\16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\Src\ceDevice\MactionMap\Projects\\n\16X\16\4\0161\16\PC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\Src\ceDevice\MactionMap\Projects\\n\16X\16\4\0161\16\PC\Cpp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\Src\ceDevice\MactionMap\Projects\\n\16X\16\4\0161\16\PC\Cpp\BaseWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\Src\ceDevice\MactionMap\Projects\\n\16X\16\4\0161\16\PC\Cpp\BaseWnd\Release]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\Src\ceDevice\MactionMap\Projects\\n\16X\16\4\0161\16\PC\Cpp\BaseWnd\Release\gpschecker.exe]
@="C:\Program Files\Maction\GpsViewer\D:\Src\ceDevice\MactionMap\Projects\\xe0a\xe58\xe04\xe31\PC\Cpp\BaseWnd\Release\gpschecker.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\\2\16I\16-\16!\169\16%\16]
"Order"=hex:08,00,00,00,02,00,00,00,3e,01,00,00,01,00,00,00,02,00,00,00,9a,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\\4\169\16H\16!\0167\16-\16]
"Order"=hex:08,00,00,00,02,00,00,00,38,04,00,00,01,00,00,00,05,00,00,00,d6,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Essentials\@\16-\0162\16\24\0164\16B\16-\16]
"Order"=hex:08,00,00,00,02,00,00,00,a4,00,00,00,01,00,00,00,01,00,00,00,98,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Warcraft III\\war3.exe"="C:\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\myMovo\\bin\\jre1.6.0_01\\launch4j-tmp\\myMoVoLauncher_internal.exe"="C:\\Program Files\\myMovo\\bin\\jre1.6.0_01\\launch4j-tmp\\myMoVoLauncher_internal.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"E:\\STHIWREG\\stInstall.exe"="E:\\STHIWREG\\stInstall.exe:*:Disabled:SpeedTouch Home Install Wizard"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\WZSE5.TMP\\UpgradeWizard\\upgradeST.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\WZSE5.TMP\\UpgradeWizard\\upgradeST.exe:*:Disabled:SpeedTouch Upgrade Wizard"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files:
---------------


Files with Hidden Attributes:

Fri 16 Nov 2007 23,040 ...H. --- "C:\Program Files\CeRegEditor\CeRegMon.exe"
Wed 31 Aug 2005 1,658,592 ..SH. --- "C:\Program Files\Messenger\Msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 4 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 24 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Mon 5 May 2003 348,160 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\AACMP4.EXE"
Thu 7 Feb 2002 94,208 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\lpaccodec.dll"
Fri 2 Feb 2001 40,960 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\lpac_codec_api.dll"
Wed 16 Apr 2003 200,704 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\OFR.EXE"
Fri 17 Jan 2003 278,528 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\PNCRT.dll"
Mon 5 May 2003 16,384 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\RMADEC.EXE"
Wed 8 Aug 2007 107,040 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\OEM\OEMAPPS\atl80.dll_"
Wed 8 Aug 2007 40,480 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\OEM\OEMAPPS\msvcr80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\OEM\OEMAPPS\QAlarm.tmp"
Wed 8 Aug 2007 38,432 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\OEM\OEMAPPS\SDNMaker.exe"
Wed 8 Aug 2007 33,312 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\OEM\OEMAPPS\WapDaemonLib2.dll"
Wed 29 Nov 2006 116,632 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\BaseApps\dssdh.dll"
Wed 1 Aug 2007 11,512 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 7,928 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 34,040 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 156,920 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 70,904 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 5,880 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 78,072 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\MediaOSFiles\mp3dmod.dll"
Wed 1 Aug 2007 27,896 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\MediaOSFiles\msdmo.dll"
Tue 13 Feb 2007 1,031,704 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 65,576 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 465,936 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 243,248 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 16,936 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 353,840 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 33,848 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 185,920 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 913,432 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 696,344 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 60,960 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 77,864 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 20,000 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 52,288 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Thu 28 Sep 2006 175,520 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\OS\rsaenh.dll"
Wed 1 Aug 2007 765,176 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\OSFiles\wmvdmoe.dll"
Wed 1 Aug 2007 6,904 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 4,344 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\Shell\arinvalid.exe"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Wed 4 Jul 2007 191,216 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Wed 4 Jul 2007 232,176 A.SHR --- "C:\Scoter Kitchen\P51 Clean 1908\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Wed 8 Aug 2007 107,040 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\OEM\OEMAPPS\atl80.dll_"
Wed 8 Aug 2007 40,480 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\OEM\OEMAPPS\msvcr80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\OEM\OEMAPPS\QAlarm.tmp"
Wed 8 Aug 2007 38,432 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\OEM\OEMAPPS\SDNMaker.exe"
Wed 8 Aug 2007 33,312 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\OEM\OEMAPPS\WapDaemonLib2.dll"
Mon 9 Apr 2007 107,520 A..HR --- "C:\Scoter Kitchen\P51 Full 1908\OEM\Ultimate Theft Alert\LockApppen.exe"
Wed 29 Nov 2006 116,632 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\BaseApps\dssdh.dll"
Wed 1 Aug 2007 11,512 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 7,928 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 34,040 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 156,920 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 70,904 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 5,880 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 78,072 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\MediaOSFiles\mp3dmod.dll"
Wed 1 Aug 2007 27,896 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\MediaOSFiles\msdmo.dll"
Tue 13 Feb 2007 1,031,704 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 65,576 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 465,936 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 243,248 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 16,936 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 353,840 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 33,848 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 185,920 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 913,432 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 696,344 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 60,960 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 77,864 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 20,000 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 52,288 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Thu 28 Sep 2006 175,520 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\OS\rsaenh.dll"
Wed 1 Aug 2007 765,176 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\OSFiles\wmvdmoe.dll"
Wed 1 Aug 2007 6,904 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 4,344 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\Shell\arinvalid.exe"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Wed 4 Jul 2007 191,216 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Wed 4 Jul 2007 232,176 A.SHR --- "C:\Scoter Kitchen\P51 Full 1908\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Wed 8 Aug 2007 107,040 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\OEM\OEMAPPS\atl80.dll_"
Wed 8 Aug 2007 699,424 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\OEM\OEMAPPS\MFC80U.DLL_"
Wed 8 Aug 2007 40,480 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\OEM\OEMAPPS\msvcr80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\OEM\OEMAPPS\QAlarm.tmp"
Wed 8 Aug 2007 38,432 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\OEM\OEMAPPS\SDNMaker.exe"
Wed 8 Aug 2007 33,312 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\OEM\OEMAPPS\WapDaemonLib2.dll"
Mon 29 Oct 2007 116,632 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\BaseApps\dssdh.dll"
Mon 29 Oct 2007 11,512 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 7,928 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 34,040 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 156,920 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 70,904 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 5,880 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 78,072 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\MediaOSFiles\mp3dmod.dll"
Mon 29 Oct 2007 27,896 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\MediaOSFiles\msdmo.dll"
Mon 29 Oct 2007 1,031,704 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 65,576 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 465,936 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 243,248 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 16,936 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 353,840 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 33,848 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 185,920 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 913,432 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 696,344 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 60,960 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 77,864 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 20,000 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 52,288 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 175,520 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\OS\rsaenh.dll"
Mon 29 Oct 2007 765,176 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\OSFiles\wmvdmoe.dll"
Mon 29 Oct 2007 6,904 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Mon 29 Oct 2007 4,344 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\Shell\arinvalid.exe"
Mon 29 Oct 2007 569,592 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\Shell\wisplite.dll"
Mon 29 Oct 2007 191,216 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Mon 29 Oct 2007 232,176 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Mon 29 Oct 2007 35,544 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Mon 29 Oct 2007 35,544 A.SHR --- "C:\Scoter Kitchen\P51 OEM SYS 5.2.1933\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Wed 8 Aug 2007 107,040 A.SHR --- "C:\Scoter Kitchen\Utilities\OEM\OEMAPPS\atl80.dll_"
Wed 8 Aug 2007 40,480 A.SHR --- "C:\Scoter Kitchen\Utilities\OEM\OEMAPPS\msvcr80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Scoter Kitchen\Utilities\OEM\OEMAPPS\QAlarm.tmp"
Wed 8 Aug 2007 38,432 A.SHR --- "C:\Scoter Kitchen\Utilities\OEM\OEMAPPS\SDNMaker.exe"
Wed 8 Aug 2007 33,312 A.SHR --- "C:\Scoter Kitchen\Utilities\OEM\OEMAPPS\WapDaemonLib2.dll"
Wed 29 Nov 2006 116,632 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\BaseApps\dssdh.dll"
Wed 1 Aug 2007 11,512 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 7,928 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 34,040 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 156,920 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 70,904 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 5,880 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 78,072 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\MediaOSFiles\mp3dmod.dll"
Wed 1 Aug 2007 27,896 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\MediaOSFiles\msdmo.dll"
Tue 13 Feb 2007 1,031,704 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 65,576 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 465,936 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 243,248 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 16,936 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 353,840 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 33,848 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 185,920 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 913,432 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 696,344 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 60,960 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 77,864 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 20,000 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 52,288 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Thu 28 Sep 2006 175,520 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\OS\rsaenh.dll"
Wed 1 Aug 2007 765,176 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\OSFiles\wmvdmoe.dll"
Wed 1 Aug 2007 6,904 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 4,344 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\Shell\arinvalid.exe"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Wed 4 Jul 2007 191,216 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Wed 4 Jul 2007 232,176 A.SHR --- "C:\Scoter Kitchen\Utilities\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT12.tmp"
Thu 28 Jun 2007 3,202,259 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\13845fb1668dcf3e1108eea4eb534172\BITB.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT10.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT14.tmp"
Wed 27 Jun 2007 8,515,634 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3fb10e2ee33938ee49236de6117b67c1\BITA.tmp"
Thu 28 Jun 2007 7,568,495 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\47eb0141a701386c67c9523d41f88ce1\BITD.tmp"
Thu 28 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5788add07dcb9226c8ea1594f8a4ece2\BITC.tmp"
Thu 28 Jun 2007 7,760,926 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8119f5e3d99ed10c0ba827bd2bbc8bce\BIT9.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT13.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT15.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT11.tmp"
Mon 28 Aug 2006 36,352 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL0005.tmp"
Mon 28 Aug 2006 88,064 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL0768.tmp"
Mon 28 Aug 2006 61,440 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL1539.tmp"
Mon 28 Aug 2006 55,296 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL2389.tmp"
Mon 28 Aug 2006 86,528 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL3898.tmp"
Fri 11 Apr 2003 73,766 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\atrc3260.dll"
Fri 11 Apr 2003 45,099 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\auth3260.dll"
Fri 11 Apr 2003 65,575 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\cook3260.dll"
Fri 11 Apr 2003 102,437 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv13260.dll"
Fri 11 Apr 2003 176,165 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv23260.dll"
Fri 11 Apr 2003 208,935 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv33260.dll"
Fri 11 Apr 2003 217,127 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv43260.dll"
Tue 15 Apr 2003 976,896 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnen3260.dll"
Fri 11 Apr 2003 348,203 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnvi3260.dll"
Fri 11 Apr 2003 53,289 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnxr3260.dll"
Fri 11 Apr 2003 45,101 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\ramf3260.dll"
Fri 11 Apr 2003 135,213 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rare3260.dll"
Mon 14 Oct 2002 57,344 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rims3290.dll"
Fri 11 Apr 2003 163,885 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmff3260.dll"
Mon 14 Oct 2002 737,280 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmse3290.dll"
Mon 14 Oct 2002 245,760 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmwr3260.dll"
Fri 11 Apr 2003 245,805 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rnlt3260.dll"
Mon 14 Oct 2002 245,760 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rorw3290.dll"
Mon 14 Oct 2002 114,688 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtae3290.dll"
Mon 14 Oct 2002 65,536 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtin3290.dll"
Mon 14 Oct 2002 163,840 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtve3290.dll"
Fri 11 Apr 2003 45,093 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv103260.dll"
Fri 11 Apr 2003 98,341 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv203260.dll"
Fri 11 Apr 2003 94,247 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv303260.dll"
Fri 11 Apr 2003 90,151 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv403260.dll"
Fri 11 Apr 2003 159,785 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rvre3260.dll"
Mon 14 Oct 2002 102,400 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\sipr3260.dll"
Fri 11 Apr 2003 61,485 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\smpl3260.dll"
Fri 11 Apr 2003 106,541 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\vsrl3260.dll"
Fri 11 Apr 2003 86,061 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\xmlp3261.dll"
Fri 11 Apr 2003 159,787 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\Common\zipf3260.dll"
Sun 23 Feb 2003 64,512 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\MusePack\MPPDEC.EXE"
Sat 26 Oct 2002 79,360 ...H. --- "C:\Program Files\Common Files\Ahead\AudioPlugins\MusePack\MPPENC.EXE"
Mon 6 Sep 2004 17,408 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\DioNote\DioNote_SetupDll.dll"
Sun 27 May 2007 27,088 A.SH. --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\HTC SmartDial\DPadMenu.dll"
Sun 27 May 2007 50,128 A.SH. --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\HTC SmartDial\phcanhtc.dll"
Sun 27 May 2007 559,568 A.SH. --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\HTC SmartDial\phcanOverbmp.dll"
Sun 27 May 2007 36,304 A.SH. --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\HTC SmartDial\phcanrc.dll"
Sun 27 May 2007 112,080 A.SH. --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\HTC SmartDial\smartdialing.dll"
Mon 9 Apr 2007 6,144 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\iSilo\iSiloDvS.dll"
Wed 14 Mar 2007 12,752 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Java MIDlet Manager 11.1.7.1029 - byRisidoro\elatepushservice.exe"
Wed 14 Mar 2007 207,312 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Java MIDlet Manager 11.1.7.1029 - byRisidoro\jmm.exe"
Mon 9 Apr 2007 17,920 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\ThaiG Lite\ThaiGSIPLT.dll"
Mon 9 Apr 2007 107,520 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Ultimate Theft Alert\LockApppen.exe"
Fri 19 Oct 2007 6,096 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Voice Speed Dial 1.6.07\BTAGExtModule.dll"
Fri 19 Oct 2007 46,032 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Voice Speed Dial 1.6.07\contactsdmenu.dll"
Fri 19 Oct 2007 53,200 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Voice Speed Dial 1.6.07\contactsdmenures.dll"
Fri 19 Oct 2007 20,944 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Voice Speed Dial 1.6.07\vsddbmgr.dll"
Fri 19 Oct 2007 20,432 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Voice Speed Dial 1.6.07\VSDWMPPlugin.dll"
Fri 19 Oct 2007 152,016 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\myOEM\Voice Speed Dial 1.6.07\vsrsd_com.dll"
Thu 17 Jan 2008 4,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\arinvalid.exe"
Thu 17 Jan 2008 107,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\atl80.dll_"
Thu 17 Jan 2008 116,632 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\dssdh.dll"
Thu 17 Jan 2008 1,031,704 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 65,576 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 465,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 77,864 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 34,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 243,248 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 20,000 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 70,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 6,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 16,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 353,840 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 33,848 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 7,928 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 185,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 913,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Thu 17 Jan 2008 191,216 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Thu 17 Jan 2008 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Thu 17 Jan 2008 232,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Thu 17 Jan 2008 5,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 52,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 696,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 60,960 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 156,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Thu 17 Jan 2008 78,072 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\mp3dmod.dll"
Thu 17 Jan 2008 27,896 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\msdmo.dll"
Thu 17 Jan 2008 40,480 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\msvcr80.dll_"
Thu 17 Jan 2008 1,464 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\QAlarm.tmp"
Thu 17 Jan 2008 175,520 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\rsaenh.dll"
Thu 17 Jan 2008 38,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\SDNMaker.exe"
Thu 17 Jan 2008 33,312 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\WapDaemonLib2.dll"
Thu 17 Jan 2008 765,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\p51\tool\imgfs_tools\dump\wmvdmoe.dll"
Thu 7 Sep 2006 179,664 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\OEM\OEMAPPS\GifPlayer.exe"
Thu 7 Sep 2006 397,776 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\OEM\OEMAPPS\StreamingPlayer.exe"
Thu 7 Sep 2006 91,088 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\OEM\OEMAPPS\VideoStub.exe"
Wed 29 Nov 2006 116,632 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\BaseApps\dssdh.dll"
Wed 1 Aug 2007 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 7,928 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 34,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 156,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 70,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 5,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 78,072 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\MediaOSFiles\mp3dmod.dll"
Wed 1 Aug 2007 27,896 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\MediaOSFiles\msdmo.dll"
Tue 13 Feb 2007 1,031,704 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 65,576 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 465,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 243,248 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 16,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 353,840 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 33,848 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 185,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 913,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 696,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 60,960 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 77,864 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 20,000 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 52,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Thu 28 Sep 2006 175,520 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\OS\rsaenh.dll"
Wed 1 Aug 2007 765,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\OSFiles\wmvdmoe.dll"
Wed 1 Aug 2007 6,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Wed 1 Aug 2007 4,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\Shell\arinvalid.exe"
Wed 4 Jul 2007 191,216 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Wed 4 Jul 2007 232,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Wed 4 Jul 2007 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\jiggs os 5.2.1908 clean\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Wed 8 Aug 2007 107,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\OEM\OEMAPPS\atl80.dll_"
Wed 8 Aug 2007 699,424 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\OEM\OEMAPPS\MFC80U.DLL_"
Wed 8 Aug 2007 40,480 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\OEM\OEMAPPS\msvcr80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\OEM\OEMAPPS\QAlarm.tmp"
Wed 8 Aug 2007 38,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\OEM\OEMAPPS\SDNMaker.exe"
Wed 8 Aug 2007 33,312 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\OEM\OEMAPPS\WapDaemonLib2.dll"
Tue 18 Dec 2007 116,632 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\BaseApps\dssdh.dll"
Tue 18 Dec 2007 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 7,928 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 34,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 156,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 70,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 5,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 1,031,704 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 65,576 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 465,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 243,248 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 16,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 353,840 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 33,848 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 185,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 913,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 696,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 60,960 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 77,864 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 20,000 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 52,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 175,520 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\OS\rsaenh.dll"
Tue 18 Dec 2007 765,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\OSFiles\wmvdmoe.dll"
Tue 18 Dec 2007 6,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Tue 18 Dec 2007 4,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\Shell\arinvalid.exe"
Tue 18 Dec 2007 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Tue 18 Dec 2007 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"
Tue 18 Dec 2007 191,216 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Tue 18 Dec 2007 232,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\nk os 5.2.1908\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Thu 29 Mar 2007 107,552 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\OEM\OEMAPPS\atl80.dll_"
Thu 29 Mar 2007 635,424 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\OEM\OEMAPPS\MFC80U.DLL_"
Thu 29 Mar 2007 40,480 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\OEM\OEMAPPS\msvcr80.dll_"
Thu 22 Mar 2007 29,696 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\OEM\OEMAPPS\msvcrt80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\OEM\OEMAPPS\QAlarm.tmp"
Thu 29 Mar 2007 38,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\OEM\OEMAPPS\SDNMaker.exe"
Wed 29 Nov 2006 116,632 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\BaseApps\dssdh.dll"
Thu 22 Mar 2007 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Thu 22 Mar 2007 7,928 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Thu 22 Mar 2007 34,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Thu 22 Mar 2007 156,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Thu 22 Mar 2007 70,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Thu 22 Mar 2007 5,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 1,031,704 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 65,576 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 465,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 243,248 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 16,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 353,840 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 33,848 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 185,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 913,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 696,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 60,960 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 77,864 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 20,000 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Tue 13 Feb 2007 52,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Thu 28 Sep 2006 175,520 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\OS\rsaenh.dll"
Thu 22 Mar 2007 6,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Thu 22 Mar 2007 4,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 aku 0.3 JPN\SYS\Shell\arinvalid.exe"
Wed 8 Aug 2007 107,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\OEM\OEMAPPS\atl80.dll_"
Wed 8 Aug 2007 699,424 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\OEM\OEMAPPS\MFC80U.DLL_"
Wed 8 Aug 2007 40,480 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\OEM\OEMAPPS\msvcr80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\OEM\OEMAPPS\QAlarm.tmp"
Wed 8 Aug 2007 224,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\OEM\OEMAPPS\QSndMedia.exe"
Wed 8 Aug 2007 38,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\OEM\OEMAPPS\SDNMaker.exe"
Wed 8 Aug 2007 33,312 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\OEM\OEMAPPS\WapDaemonLib2.dll"
Tue 24 Jan 2006 115,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\BaseApps\dssdh.dll"
Tue 11 Apr 2006 13,560 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 72,440 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 17,144 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 39,672 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 162,552 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Mon 18 Oct 2004 194,560 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System.Xml_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 140,800 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System.Windows.Forms_v1_0_5000_0_cneutral_1.dll"
Mon 15 Nov 2004 98,304 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System.Web.Services_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 11,264 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System.Net.IrDA_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 10,752 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 147,456 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_Microsoft.VisualBasic_v7_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 395,264 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_mscorlib_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 402,944 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System.Data_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 40,448 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 38,400 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System.Drawing_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 256,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\NetCF\GAC_System_v1_0_5000_0_cneutral_1.dll"
Tue 24 Jan 2006 171,688 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\OS\rsaenh.dll"
Tue 11 Apr 2006 12,536 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\p51 wm5 ver 1.09\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 21,368 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\cgacutil.exe"
Fri 5 Oct 2007 1,031,704 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 65,576 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 465,936 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 243,248 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 16,936 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 353,840 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 33,848 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 185,920 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 913,432 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 696,344 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 60,960 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 77,864 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 20,000 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 52,288 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 61,456 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\mscoree.dll"
Fri 5 Oct 2007 822,808 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\MSCOREE2_0.dll"
Fri 5 Oct 2007 250,904 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\netcfagl2_0.dll"
Fri 5 Oct 2007 162,848 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\NetCF\netcfd3dm2_0.dll"
Fri 5 Oct 2007 105,208 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\OEMAPPS\atl80.dll_"
Fri 5 Oct 2007 697,592 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\OEMAPPS\MFC80U.DLL_"
Fri 5 Oct 2007 38,648 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\OEMAPPS\msvcr80.dll_"
Fri 5 Oct 2007 36,600 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\OEM\OEMAPPS\SDNMaker.exe"
Fri 5 Oct 2007 115,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\BaseApps\dssdh.dll"
Fri 5 Oct 2007 17,144 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 13,560 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 39,672 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 162,552 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 72,440 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Fri 5 Oct 2007 17,408 A..HR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\Enterprise_Lang_0409_DPI_96\DioNote_SetupDll.dll"
Fri 5 Oct 2007 171,688 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\OS\rsaenh.dll"
Fri 5 Oct 2007 12,536 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 aku 3.5.2 dump\SYS\Redist\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Mon 30 Apr 2007 107,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\OEM\OEMAPPS\atl80.dll_"
Mon 30 Apr 2007 699,424 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\OEM\OEMAPPS\MFC80U.DLL_"
Mon 30 Apr 2007 40,480 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\OEM\OEMAPPS\msvcr80.dll_"
Fri 26 Nov 2004 1,464 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\OEM\OEMAPPS\QAlarm.tmp"
Mon 30 Apr 2007 224,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\OEM\OEMAPPS\QSndMedia.exe"
Mon 30 Apr 2007 38,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\OEM\OEMAPPS\SDNMaker.exe"
Mon 30 Apr 2007 33,312 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\OEM\OEMAPPS\WapDaemonLib2.dll"
Tue 24 Jan 2006 115,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\BaseApps\dssdh.dll"
Tue 11 Apr 2006 13,560 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 72,440 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 17,144 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 39,672 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Tue 11 Apr 2006 162,552 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Mon 18 Oct 2004 194,560 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System.Xml_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 140,800 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System.Windows.Forms_v1_0_5000_0_cneutral_1.dll"
Mon 15 Nov 2004 98,304 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System.Web.Services_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 11,264 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System.Net.IrDA_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 10,752 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 147,456 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_Microsoft.VisualBasic_v7_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 395,264 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_mscorlib_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 402,944 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System.Data_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 40,448 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 38,400 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System.Drawing_v1_0_5000_0_cneutral_1.dll"
Mon 18 Oct 2004 256,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\NetCF\GAC_System_v1_0_5000_0_cneutral_1.dll"
Tue 24 Jan 2006 171,688 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\OS\rsaenh.dll"
Tue 11 Apr 2006 12,536 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm5 p51 chinese\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 107,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\OEM\OEMAPPS\atl80.dll_"
Mon 22 Oct 2007 699,424 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\OEM\OEMAPPS\MFC80U.DLL_"
Mon 22 Oct 2007 40,480 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\OEM\OEMAPPS\msvcr80.dll_"
Mon 22 Oct 2007 1,464 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\OEM\OEMAPPS\QAlarm.tmp"
Mon 22 Oct 2007 224,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\OEM\OEMAPPS\QSndMedia.exe"
Mon 22 Oct 2007 38,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\OEM\OEMAPPS\SDNMaker.exe"
Mon 22 Oct 2007 33,312 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\OEM\OEMAPPS\WapDaemonLib2.dll"
Mon 22 Oct 2007 116,632 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\BaseApps\dssdh.dll"
Mon 22 Oct 2007 11,512 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 7,928 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 34,040 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 156,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\BaseApps\GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 70,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\BaseApps\GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 5,880 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\BaseApps\GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 78,072 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\MediaOSFiles\mp3dmod.dll"
Mon 22 Oct 2007 27,896 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\MediaOSFiles\msdmo.dll"
Mon 22 Oct 2007 1,031,704 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Xml_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 65,576 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Web.Services_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 465,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 243,248 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Windows.Forms_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 16,936 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_CustomMarshalers_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 353,840 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_Microsoft.VisualBasic_v8_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 33,848 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_Microsoft.WindowsCE.Forms_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 185,920 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_Microsoft.WindowsMobile.DirectX_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 913,432 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_mscorlib_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 696,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Data_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 60,960 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Drawing_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 77,864 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Messaging_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 20,000 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Net.IrDA_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 52,288 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\NetCF\GAC_System.Windows.Forms.DataGrid_v2_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 175,520 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\OS\rsaenh.dll"
Mon 22 Oct 2007 765,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\OSFiles\wmvdmoe.dll"
Mon 22 Oct 2007 6,904 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\Phone\GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll"
Mon 22 Oct 2007 4,344 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\Shell\arinvalid.exe"
Mon 22 Oct 2007 191,216 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\SqlCeMobile\GAC_System.Data.SqlClient_v3_0_3600_0_cneutral_1.dll"
Mon 22 Oct 2007 232,176 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\SqlCeMobile\GAC_System.Data.SqlServerCe_v3_0_3600_0_cneutral_1.dll"
Mon 22 Oct 2007 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlClient.resources_v3_0_3600_0_cen_1.dll"
Mon 22 Oct 2007 35,544 A.SHR --- "C:\Documents and Settings\Administrator\Desktop\package_tool\wm6 5.2.1921\SYS\SqlCeMobile_Lang_0409\GAC_System.Data.SqlServerCe.resources_v3_0_3600_0_cen_1.dll"

Finished!

*****************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:37, on 23/01/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [WhitneyXerox_S2P] C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Azureus Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 8240 bytes

First, I didn't remove the key that you told me. I ran straight to SDFix and caught one Trojan. (something _exception.nls) ..

When it finished, I removed all key as you guided me then I ran SDFix again. The result above was the current one for both of them.
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby 'KotaGuy » January 23rd, 2008, 10:26 am

Your log looks good. Can I get you to do another scan for me please.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 24th, 2008, 12:01 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 24, 2008 11:03:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/01/2008
Kaspersky Anti-Virus database records: 530110
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 135994
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:17:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21077.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21078.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21079.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21080.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21081.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21082.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21083.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Azureus\tmp\AZU21084.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3na3scul.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008012420080125\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\3124 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE3E7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE23.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF09B.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06162007-124141.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\WinFax\Data\Status.WFD Object is locked skipped
C:\Program Files\WinFax\Data\Status.WFF Object is locked skipped
C:\Program Files\WinFax\Data\Status.WFG Object is locked skipped
C:\Program Files\WinFax\Data\Status.WFR Object is locked skipped
C:\Program Files\WinFax\Data\Status.WFX Object is locked skipped
C:\Program Files\WinFax\Data\Status2.WFD Object is locked skipped
C:\Program Files\WinFax\Data\Status2.WFG Object is locked skipped
C:\Program Files\WinFax\Data\Status2.WFX Object is locked skipped
C:\Program Files\WinFax\Data\Status3.WFD Object is locked skipped
C:\Program Files\WinFax\Data\Status3.WFG Object is locked skipped
C:\Program Files\WinFax\Data\Status3.WFX Object is locked skipped
C:\Program Files\WinFax\Data\StatusS.WFD Object is locked skipped
C:\Program Files\WinFax\Data\StatusS.WFG Object is locked skipped
C:\Program Files\WinFax\Data\StatusS.WFX Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{54D4BA35-B949-4548-8201-CA13419F7A7D}\RP530\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\TONG-PC.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_SoftV90 Voice Speakerphone Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\WindowsPowerShell.evt Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT067f9.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT067ff.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{54D4BA35-B949-4548-8201-CA13419F7A7D}\RP530\change.log Object is locked skipped

Scan process completed.
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby 'KotaGuy » January 24th, 2008, 3:33 pm

Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 4 and click on Download button.
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u4-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Post a new HijackThis log when done.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 26th, 2008, 1:14 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:51, on 26/01/2551
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [WhitneyXerox_S2P] C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Azureus Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 8610 bytes
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby 'KotaGuy » January 26th, 2008, 10:51 am

Do a Windows search(Windows Key+F) for msgrlive.exe. Delete it if found then empty your Recycle bin.

Let me know if you were able to find it.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 27th, 2008, 10:37 pm

Thank you for your quick response!

I couldn't find the file "msgrlive.exe" on search.
I think I killed it since I saw it on my Task Manager on the first day.
It was funny that AVG anti virus couldn't see it.
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby 'KotaGuy » January 30th, 2008, 10:47 am

Your logs looks good... how is the computer behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Trojan Horse SHeur.ALXB and .ALBQ .. Here is my log ..

Unread postby neogin » January 30th, 2008, 11:12 pm

i think my case is done .. thx u for your time ..
the computer is working normal .. since the very first step that u told me ...
i see process acting normal on my Task Manager .. and so on ..
neogin
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:02 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware