Thread: Need assistance removing NTOSKRNL-HOOK
View Single Post
Old 07-03-2009, 06:00 PM   #1 (permalink)
rpaulie
Registered User
 
Join Date: Jul 2009
Posts: 28
OS: Windows XP


Need assistance removing NTOSKRNL-HOOK
Hello all,

I found this thread with a similar resolution

Ntoskrnl-hook

However, after reading the solution for using this particular software I am not sure if I would need to apply the same procedure so I am posting here.

Same deal. Every time I run McAfee, it says NTOSKRNL-HOOK is removed but it always appears every time I run it again. Also, Malaware Bytes - Anti-Malware cannot pick it up. I ran both programs on Safe Mode as well. No dice.

If this helps, GMER gave me this warning after the scan completion:

Warning!!

GMER has found system modification caused by ROOTKIT activity

This was the line:

C:\WINDOWS\system32\drivers\hjgruissamdvmg.sys 68096 bytes executable

Here is the information. Thank you very much for the assistance.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Paul Jacobsen at 17:00:36.50 on Fri 07/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.533 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Paul Jacobsen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Paul Jacobsen] c:\documents and settings\paul jacobsen\Paul Jacobsen.exe /i
uRun: [<NO NAME>] c:\docume~1\paulja~1\locals~1\temp\dmc6x6.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217351185015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: XHZZicfwj - {E8CE9841-4264-32EB-55BF-6752BDFD4EF2} - c:\windows\system32\ejqtsv.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\paulja~1\applic~1\mozilla\firefox\profiles\gjw7b1wl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-24 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-24 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\Mcshield.exe [2009-6-24 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-23 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 93696]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-24 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-24 35240]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-8-29 10664]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-24 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-24 40488]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-24 695624]

=============== Created Last 30 ================

2009-07-03 14:01 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-07-03 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-06-25 19:45 0 a------- c:\windows\ativpsrm.bin
2009-06-25 19:41 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-06-25 19:40 <DIR> --d----- c:\program files\USB TV
2009-06-25 19:39 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-06-25 19:39 <DIR> --d----- c:\program files\ATI Technologies
2009-06-25 19:37 <DIR> --d----- C:\AMD
2009-06-25 19:31 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-24 19:28 9,895 a------- c:\windows\system32\Config.MPF
2009-06-24 19:26 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-24 19:26 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-06-24 19:26 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-24 19:26 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-24 19:26 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-24 19:25 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-24 19:25 <DIR> --d----- c:\program files\McAfee.com
2009-06-24 19:25 <DIR> --d----- c:\program files\common files\McAfee
2009-06-24 19:25 <DIR> --d----- c:\program files\McAfee
2009-06-23 15:12 <DIR> --d----- c:\docume~1\paulja~1\applic~1\Malwarebytes
2009-06-23 15:12 <DIR> --d----- c:\program files\Trend Micro
2009-06-23 15:12 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-23 15:12 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 15:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-23 15:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 15:01 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-06-23 15:01 <DIR> --d----- c:\program files\MSECACHE
2009-06-23 14:13 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-23 13:51 <DIR> a-dshr-- C:\cmdcons
2009-06-23 13:48 161,792 a------- c:\windows\SWREG.exe
2009-06-23 13:48 155,136 a------- c:\windows\PEV.exe
2009-06-23 13:48 98,816 a------- c:\windows\sed.exe
2009-06-21 11:30 109 a--sh--- c:\windows\system32\3905853504.dat
2009-06-21 11:30 40,960 ---shr-- c:\windows\system32\activedsp.exe
2009-06-21 11:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\93535306
2009-06-21 11:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13525314
2009-06-11 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-06-11 18:51 <DIR> --d----- c:\docume~1\paulja~1\applic~1\Azureus
2009-06-06 01:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-06 01:58 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-06 01:58 <DIR> --d----- c:\docume~1\paulja~1\applic~1\SUPERAntiSpyware.com

==================== Find3M ====================

2009-07-03 12:58 58,368 a------- c:\windows\system32\spoolsv.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-04-29 00:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 00:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 00:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 00:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 00:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 00:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 00:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 00:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 00:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 05:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 01:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 01:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-07-11 14:52 61,224 a------- c:\documents and settings\paul jacobsen\GoToAssistDownloadHelper.exe
2008-03-03 09:50 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-03-03 09:50 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2008-02-27 22:17 394 a------- c:\docume~1\paulja~1\applic~1\wklnhst.dat
2008-01-18 21:32 71,512 a------- c:\docume~1\paulja~1\applic~1\GDIPFONTCACHEV1.DAT
2007-08-29 18:08 20,480 a--sh--- c:\program files\Thumbs.db
2007-01-01 20:17 1 a------- c:\documents and settings\paul jacobsen\SI.bin
2004-03-11 16:55 4,709,818 a------- c:\program files\VS6sp64.cab
2004-03-11 16:55 71,964 a------- c:\program files\sp698ent.inf
2004-03-11 16:54 10,010,624 a------- c:\program files\VS6sp63.cab
2004-03-11 16:51 10,010,624 a------- c:\program files\VS6sp62.cab
2004-03-11 16:47 28,712,960 a------- c:\program files\VS6sp61.cab
2004-03-11 16:40 75,871 -------- c:\program files\sp698ent.stf
2004-03-11 16:40 1,636 -------- c:\program files\setupsp6.lst
2004-03-11 15:01 989,512 a------- c:\program files\vbrun60.cab
2004-03-10 22:39 60,699 a------- c:\program files\msstdfmt.cab
2004-03-10 22:39 37,721 a------- c:\program files\MSBind.CAB
2004-03-09 17:45 397,072 a------- c:\program files\mswless.ocx
2004-03-09 17:45 107,008 a------- c:\program files\msscript.ocx
2004-02-23 21:35 3,027,068 a------- c:\program files\msvbvm60.dbg
2004-02-17 21:56 110,080 -------- c:\program files\sp698ent.dll
2004-02-17 21:34 1,821,920 a------- c:\program files\vcredist.exe
2004-02-17 06:11 737,329 a------- c:\program files\msvcep.dll
2004-02-17 05:36 708,669 a------- c:\program files\msse.dll
2004-02-11 18:36 6,308 -------- c:\program files\readme.htm
2004-02-11 14:32 2,302 -------- c:\program files\eula.txt
2003-01-14 15:58 487,481 a------- c:\program files\jscript.dll
2003-01-14 15:58 438,330 a------- c:\program files\vbscript.dll
2001-03-30 12:54 149 -------- c:\program files\setup.ini
2000-11-29 16:34 4,291 -------- c:\program files\toc.htm
2000-07-15 15:43 84 -------- c:\program files\setup.tdf
2000-07-15 15:10 26,896 a------- c:\program files\dispex.dll
2000-06-13 13:47 2,718 -------- c:\program files\redist.txt
2000-06-13 12:08 46,189 a------- c:\program files\ocdb.h
2000-06-13 11:56 12,972 a------- c:\program files\sqloledb.h
2000-06-13 11:52 3,090 a------- c:\program files\adc.h
2000-06-13 11:52 2,289 a------- c:\program files\msremote.h
2000-06-13 11:52 1,387 a------- c:\program files\persist.h
2000-06-13 11:52 5,904 a------- c:\program files\simpdata.tlb
2000-06-13 11:52 1,710 a------- c:\program files\osptk.lib
2000-06-13 11:52 27,832 a------- c:\program files\simpdata.h
2000-06-13 11:52 5,797 a------- c:\program files\msdaosp.h
2000-06-13 11:52 1,432 a------- c:\program files\msdaora.h
2000-06-13 11:51 31,366 a------- c:\program files\oledb.lib
2000-06-13 11:51 2,112 a------- c:\program files\msdasc.lib
2000-06-13 11:51 2,492 a------- c:\program files\msdatsrc.tlb
2000-06-13 11:51 592,505 a------- c:\program files\oledb.h
2000-06-13 11:51 80,300 a------- c:\program files\oledbdep.h
2000-06-13 11:51 36,515 a------- c:\program files\oledberr.h
2000-06-13 11:51 31,675 a------- c:\program files\cmdtree.h
2000-06-13 11:51 31,424 a------- c:\program files\msdasc.h
2000-06-13 11:51 17,975 a------- c:\program files\msdasql.h
2000-06-13 11:51 13,176 a------- c:\program files\msdadc.h
2000-06-13 11:51 12,676 a------- c:\program files\msdatsrc.h
2000-06-13 11:51 1,451 a------- c:\program files\msdaguid.h
2000-06-13 11:47 146,332 a------- c:\program files\odbc32.lib
2000-06-13 11:47 75,418 a------- c:\program files\odbccp32.lib
2000-06-13 11:47 80,246 a------- c:\program files\sqlext.h
2000-06-13 11:47 30,383 a------- c:\program files\sql.h
2000-06-13 11:47 22,825 a------- c:\program files\sqlucode.h
2000-06-13 11:47 15,315 a------- c:\program files\odbcinst.h
2000-06-13 11:47 6,947 a------- c:\program files\sqltypes.h
2000-06-13 11:45 19,199 a------- c:\program files\jetoledb.h
2000-06-13 11:45 11,461 a------- c:\program files\msjetodb.h
2000-06-13 11:45 3,066 a------- c:\program files\jetoledb.idl
2000-06-13 11:45 1,350 a------- c:\program files\jetoledb.lib
2000-06-13 11:33 2,482 a------- c:\program files\mswless.dep
2000-06-13 11:31 384,395 a------- c:\program files\msado15.h
2000-06-13 11:31 384,395 a------- c:\program files\adoint.h
2000-06-13 11:31 138,092 a------- c:\program files\adomd.h
2000-06-13 11:31 51,135 a------- c:\program files\msado15.idl
2000-06-13 11:31 46,620 a------- c:\program files\adojet.h
2000-06-13 11:31 16,452 a------- c:\program files\adomd.idl
2000-06-13 11:31 8,521 a------- c:\program files\adojet.idl
2000-06-13 11:31 4,458 a------- c:\program files\icrsint.h
2000-06-13 11:31 3,061 a------- c:\program files\adoid.h
2000-06-13 11:31:14 A------- 1,273 c:\program files\msdshape.h
2008-03-24 17:19 88 ---shr-- c:\windows\system32\756A3564C3.sys
2008-03-24 17:19 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-01-14 13:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011420090115\index.dat

============= FINISH: 17:02:18.29 ===============
Attached Files
File Type: zip Attach.zip (4.9 KB, 3 views)
Last edited by rpaulie; 07-03-2009 at 06:03 PM.
rpaulie is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here