Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Clean Up


  • This topic is locked This topic is locked
52 replies to this topic

#1 Gilthantis

Gilthantis

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 08 September 2008 - 03:24 PM

Hello,

I am trying to fix this computer which had about 400+ infected files. At first it would only load for a few minutes before freezing up and saying that McAfee had found a Vundo infection. I ram Mbam and I believe it has removed and fixed all infected files, but the computer is still running a bit slower then I think it should. Can you please review my Mbam and Hjakthis logs and help?

Mbam Log

Malwarebytes' Anti-Malware 1.26
Database version: 1127
Windows 5.1.2600 Service Pack 2

9/8/2008 3:16:28 PM
mbam-log-2008-09-08 (15-16-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 127088
Time elapsed: 1 hour(s), 35 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{D64721B8-2DFB-4D84-8F9C-DD1B354502DF}\RP1003\A0385732.dll (Adware.Shopper) -> Quarantined and deleted successfully.




Hjackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:19 PM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Piolet\Piolet.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Winferno\WSS\WSS.exe
C:\Program Files\Net Nanny\nntray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1:4664/&s=EmAnaulEtn1sxvnDO_w899AYdOk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {50902E71-C05F-4B63-8CB6-888399E8E70F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8f7adf86-3330-4719-894f-82d1c22b68bd} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)
O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O3 - Toolbar: Piolet Toolbar - {C75C8E7E-5059-4469-AC11-D7544B260382} - C:\Program Files\Piolet Toolbar\v3.2.0.0\Piolet_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\APP_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\INDEX_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\INDEX_~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GJ3LJQSL\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\I2GB162Y\DW_PAS~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\I2GB162Y\D
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0856e99c812796...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151367448973
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: jkkjjki - jkkjjki.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NNSvc - Net Nanny Software International, Inc. - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Winferno Subscription Service - Capital Intellect Inc - C:\Program Files\Common Files\Winferno\WSS\WSS.exe

--
End of file - 16026 bytes


Thanks for the help,
Gilthantis

BC AdBot (Login to Remove)

 


#2 Gilthantis

Gilthantis
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 08 September 2008 - 10:18 PM

Noticed that I'm still having freeze problems when I use explorer, control panel, or my computer. Same symptom of when I had a Trojan on my other computer. Ran Kaspersky, here are results.

File name Threat name Threats count
C:\Documents and Settings\Owner\My Documents\My Music\Incomplete\Preview-T-3098403-02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Owner\My Documents\My Music\Incomplete\Preview-T-3545425-radio remixes.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\capricorn kid rock.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\codom song pat mccurdy.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\if your friends dont dance.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\paint it black rolling stones.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip Infected: not-a-virus:AdWare.Win32.TrafficSol.o 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip Infected: not-a-virus:AdWare.Win32.BHO.adj 1
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip Infected: not-a-virus:AdWare.Win32.BHO.ww 1
The selected area was scanned.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:51 PM

Posted 18 September 2008 - 06:08 PM

Hello Gilthantis,

Looks like you have been downloading illegal tunes with your P2P. :thumbsup: Those files are always infected.


Please download the
OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
    (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Owner\My Documents\My Music\Incomplete\Preview-T-3098403-02 Track 2.wma
    C:\Documents and Settings\Owner\My Documents\My Music\Incomplete\Preview-T-3545425-radio remixes.mp3
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\02 Track 2.wma
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\capricorn kid rock.mp3
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\codom song pat mccurdy.mp3
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\if your friends dont dance.mp3
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\paint it black rolling stones.mp3
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip
    C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip


  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt2\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt2 is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized). info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 18 September 2008 - 06:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Gilthantis

Gilthantis
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 September 2008 - 01:56 PM

Hi SifuMike,

Thanks for responding.

Here is the list from QT

C:\Documents and Settings\Owner\My Documents\My Music\Incomplete\Preview-T-3098403-02 Track 2.wma moved successfully.
C:\Documents and Settings\Owner\My Documents\My Music\Incomplete\Preview-T-3545425-radio remixes.mp3 moved successfully.
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\02 Track 2.wma moved successfully.
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\capricorn kid rock.mp3 moved successfully.
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\codom song pat mccurdy.mp3 moved successfully.
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\if your friends dont dance.mp3 moved successfully.
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\paint it black rolling stones.mp3 moved successfully.
C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip moved successfully.
File/Folder C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip not found.
File/Folder C:\Documents and Settings\Owner\My Documents\My Music\iTunes\pearl jam (uncensored).zip not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 11052003_230552


Here is the Log.txt file, wow its long :thumbsup:

Logfile of random's system information tool 1.02 (written by random/random)
Run by Owner at 2003-11-05 23:10:09
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 27 GB (36%) free of 76 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:22 PM, on 11/5/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Piolet\Piolet.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Net Nanny\nnsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Winferno\WSS\WSS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Net Nanny\nntray.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1:4664/&s=EmAnaulEtn1sxvnDO_w899AYdOk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O2 - BHO: (no name) - {50902E71-C05F-4B63-8CB6-888399E8E70F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8f7adf86-3330-4719-894f-82d1c22b68bd} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: (no name) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NNTray] C:\Program Files\Net Nanny\nnstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\APP_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\INDEX_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\INDEX_~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GJ3LJQSL\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\I2GB162Y\DW_PAS~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\I2GB162Y\D
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151367448973
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: jkkjjki - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0018881221704057) (0018881221704057mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\001888~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NNSvc - Net Nanny Software International, Inc. - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Winferno Subscription Service - Capital Intellect Inc - C:\Program Files\Common Files\Winferno\WSS\WSS.exe

--
End of file - 14917 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Internet Explorer.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\NOD32.job
C:\WINDOWS\tasks\rpc.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9684B139-E152-48DD-8B70-63AD7A08E596}.job
C:\WINDOWS\tasks\Windows Media Player.job
C:\WINDOWS\tasks\WSSHelper.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50902E71-C05F-4B63-8CB6-888399E8E70F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f7adf86-3330-4719-894f-82d1c22b68bd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-07-03 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-05-12 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~2.DLL [2006-11-07 1821184]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-03-23 1025584]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-07-03 2554944]
{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008]
{b69a9db4-d0a1-4722-b56b-f20757a29cdf}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-10-17 4800512]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-06-02 270336]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]
"StorageGuard"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-02-13 155648]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-14 29744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]
"NNTray"=C:\Program Files\Net Nanny\nnstart.exe [2002-09-24 61440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]
"Piolet"=C:\Program Files\Piolet\Piolet.exe [2008-01-16 5984256]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-10-04 50528]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-08-07 700416]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-12-08 3096576]
"Uniblue Registry Booster2"=C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe [2007-04-13 1848864]
"2"=C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe [2007-04-13 1848864]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"=c:\program files\mcafee\mshr\ShrCL.EXE [2007-12-04 111904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\Program Files\LimeWire\LimeWire.exe [2008-02-12 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkjjki]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Disabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Piolet\Piolet.exe"="C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-09-18 02:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-18 02:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-18 02:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-18 02:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-18 02:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-18 02:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-18 02:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-18 02:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-18 02:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-18 02:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-18 02:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-18 02:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-09-18 02:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 02:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-09-17 20:46:12 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 20:29:28 ----A---- C:\ComboFix.txt
2008-09-17 20:20:59 ----A---- C:\Boot.bak
2008-09-17 20:20:48 ----D---- C:\cmdcons
2008-09-17 20:19:59 ----D---- C:\WINDOWS\erdnt
2008-09-17 20:19:33 ----A---- C:\WINDOWS\zip.exe
2008-09-17 20:19:33 ----A---- C:\WINDOWS\swreg.exe
2008-09-17 20:19:33 ----A---- C:\WINDOWS\sed.exe
2008-09-17 20:19:33 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-17 20:19:33 ----A---- C:\WINDOWS\grep.exe
2008-09-17 20:19:33 ----A---- C:\WINDOWS\fdsv.exe
2008-09-17 20:19:32 ----A---- C:\WINDOWS\VFind.exe
2008-09-17 20:19:32 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-17 20:19:32 ----A---- C:\WINDOWS\swsc.exe
2008-09-17 20:19:02 ----D---- C:\ComboFix
2008-09-08 14:57:36 ----D---- C:\QooBox
2008-09-07 21:31:40 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-07 21:31:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 21:31:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 21:05:30 ----D---- C:\Program Files\Lavasoft
2008-09-07 21:05:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-07 21:01:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-07 21:00:42 ----D---- C:\Program Files\Trend Micro
2008-09-07 21:00:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-07 21:00:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 10:58:04 ----A---- C:\WINDOWS\system32\lsdelete.exe
2008-05-11 18:10:20 ----A---- C:\WINDOWS\system32\gaqnyiwn.exe
2008-05-10 17:10:01 ----ASH---- C:\WINDOWS\system32\wroidqny.ini
2008-05-10 17:07:00 ----A---- C:\WINDOWS\system32\drfvhkrk.exe
2008-05-10 17:01:05 ----A---- C:\WINDOWS\system32\neminyjc.dll
2008-05-09 17:10:01 ----ASH---- C:\WINDOWS\system32\gfhdjgjc.ini
2008-05-09 17:07:00 ----A---- C:\WINDOWS\system32\asjnftmo.exe
2008-05-09 17:01:01 ----A---- C:\WINDOWS\system32\nlqjkqot.dll
2008-05-08 17:09:54 ----ASH---- C:\WINDOWS\system32\iaxelsvt.ini
2008-05-08 17:03:54 ----A---- C:\WINDOWS\system32\kriifgua.exe
2008-05-08 17:00:54 ----A---- C:\WINDOWS\system32\hfsnpjdr.dll
2008-05-07 17:05:41 ----ASH---- C:\WINDOWS\system32\takjogoa.ini
2008-05-07 17:02:47 ----A---- C:\WINDOWS\system32\ejrbmrqe.exe
2008-05-07 16:59:36 ----A---- C:\WINDOWS\system32\idtpcgwp.dll
2008-05-06 17:05:41 ----A---- C:\WINDOWS\system32\jchjqbop.exe
2008-05-06 17:02:42 ----ASH---- C:\WINDOWS\system32\sbmjminw.ini
2008-05-06 16:59:36 ----A---- C:\WINDOWS\system32\oqtvkkqn.dll
2008-05-05 17:06:09 ----A---- C:\WINDOWS\system32\yybiqnvb.dll
2008-05-05 17:03:10 ----ASH---- C:\WINDOWS\system32\dadttxia.ini
2008-05-05 17:00:09 ----A---- C:\WINDOWS\system32\qdsxgoiy.dll
2008-05-05 12:01:44 ----ASH---- C:\WINDOWS\system32\qfsbeull.ini
2008-05-05 11:59:10 ----A---- C:\WINDOWS\system32\qcwrewho.dll
2008-05-05 11:58:34 ----A---- C:\WINDOWS\system32\umbyrswt.dll
2008-05-03 03:18:45 ----A---- C:\WINDOWS\system32\vdhabjkn.dll
2008-05-03 03:15:45 ----ASH---- C:\WINDOWS\system32\gvkebhjc.ini
2008-04-27 14:35:28 ----D---- C:\Program Files\Dealio
2008-04-27 14:34:22 ----A---- C:\WINDOWS\Piolet_Toolbar_Uninstaller_1234.exe
2008-04-27 14:34:21 ----D---- C:\Program Files\Piolet Toolbar
2008-04-27 14:34:18 ----D---- C:\Program Files\Piolet
2008-04-22 18:15:19 ----D---- C:\Program Files\Apple Software Update
2008-04-11 22:20:49 ----ASH---- C:\WINDOWS\system32\enkyqcrj.ini
2008-04-11 22:17:53 ----A---- C:\WINDOWS\system32\yxrkoqpq.dll
2008-04-09 04:35:20 ----ASH---- C:\WINDOWS\system32\jjkkauuq.ini
2008-04-09 04:29:20 ----A---- C:\WINDOWS\system32\eofdknot.dll
2008-03-20 15:35:32 ----ASH---- C:\WINDOWS\system32\euhuftar.ini
2008-03-20 15:32:56 ----A---- C:\WINDOWS\system32\tbpfbmhu.dll
2008-03-18 18:47:24 ----A---- C:\WINDOWS\system32\kjpvpbup.dll
2008-03-18 18:44:33 ----ASH---- C:\WINDOWS\system32\cixekndw.ini
2008-03-18 14:50:20 ----A---- C:\WINDOWS\system32\jaflkmha.dll
2008-03-16 19:08:04 ----D---- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-03-16 19:07:49 ----D---- C:\Program Files\Uniblue
2008-03-16 19:04:21 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-03-16 19:03:44 ----D---- C:\Program Files\WinRAR
2008-03-16 18:23:42 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-03-16 18:22:11 ----D---- C:\Program Files\Conduit
2008-03-16 17:42:29 ----ASH---- C:\WINDOWS\system32\sybemwxx.ini
2008-03-16 17:38:49 ----A---- C:\WINDOWS\system32\dmsqlwin.dll
2008-03-14 22:58:10 ----D---- C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP
2008-03-10 04:22:59 ----A---- C:\WINDOWS\system32\WINGDI1.DLL
2008-03-10 04:15:47 ----D---- C:\Program Files\Common Files\Winferno
2008-03-09 15:29:39 ----D---- C:\Program Files\History Cleaner
2008-03-09 15:25:05 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-03-09 15:24:59 ----D---- C:\Program Files\Registry Mechanic
2008-03-09 15:13:38 ----D---- C:\Program Files\Abexo
2008-02-20 17:31:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-20 17:31:13 ----A---- C:\WINDOWS\system32\ArmAccess.dll
2008-02-20 17:31:12 ----D---- C:\Program Files\PC Doc Pro
2008-02-20 17:31:12 ----A---- C:\WINDOWS\system32\SHDOC401.DLL
2008-02-18 16:03:17 ----D---- C:\Program Files\LimeWire
2008-02-14 22:01:39 ----AC---- C:\WINDOWS\NNS.INI
2008-02-14 21:53:50 ----D---- C:\Program Files\Norton Security Scan
2008-02-14 17:06:56 ----D---- C:\Config.Msi
2008-02-13 12:03:50 ----A---- C:\WINDOWS\system32\ScrrnES.dll
2008-02-13 03:29:41 ----D---- C:\Program Files\Norton Security Scan(2)
2008-02-13 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-02-13 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-02-07 20:15:33 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-02-05 04:32:59 ----RD---- C:\Program Files\Net Nanny
2008-01-27 17:44:45 ----A---- C:\WINDOWS\system32\NNComm.dll
2008-01-27 17:44:45 ----A---- C:\WINDOWS\system32\HookRes.dll
2008-01-15 23:11:22 ----D---- C:\Program Files\iPod
2008-01-15 23:11:14 ----D---- C:\Program Files\iTunes
2008-01-15 23:09:46 ----D---- C:\Program Files\Bonjour
2008-01-15 17:03:07 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-01-14 21:19:08 ----D---- C:\Documents and Settings\Owner\Application Data\TomTom
2008-01-14 21:18:47 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom
2008-01-14 21:18:26 ----D---- C:\Program Files\TomTom HOME 2
2008-01-09 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-01-09 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-01-07 17:39:01 ----A---- C:\WINDOWS\system32\PalmDevC.dll
2008-01-07 17:38:54 ----D---- C:\Program Files\Handspring
2008-01-07 17:38:41 ----AC---- C:\WINDOWS\trace.txt
2008-01-03 17:04:15 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-31 19:41:24 ----D---- C:\Program Files\Aztec Ball
2007-12-31 19:41:12 ----D---- C:\Program Files\ReflexiveArcade
2007-12-31 19:20:19 ----D---- C:\Documents and Settings\Owner\Application Data\Zango
2007-12-12 03:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2007-12-12 03:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2007-12-12 03:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2007-12-12 03:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2007-12-07 16:54:21 ----D---- C:\Program Files\MetaStream
2007-12-06 20:10:46 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem #2.txt
2007-12-06 19:25:54 ----A---- C:\WINDOWS\system32\VZWDownManager.exe
2007-12-06 19:25:54 ----A---- C:\WINDOWS\system32\VZWDLManager.dll
2007-12-06 19:25:48 ----D---- C:\Program Files\Verizon Wireless
2007-12-06 19:24:37 ----N---- C:\WINDOWS\system32\spmsg.dll
2007-12-06 18:32:28 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem.txt
2007-12-06 18:10:32 ----SHD---- C:\WINDOWS\ftpcache
2007-12-06 18:03:04 ----D---- C:\temp
2007-12-06 18:02:12 ----D---- C:\Program Files\LG Electronics
2007-12-06 17:54:33 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2007-12-01 17:35:23 ----A---- C:\WINDOWS\system32\pxsfs.dll
2007-11-14 03:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2007-11-10 09:35:20 ----D---- C:\Documents and Settings\Owner\Application Data\QQ Games Plugin
2007-11-09 16:58:17 ----D---- C:\Program Files\TLI
2007-11-07 22:45:02 ----D---- C:\Program Files\EA Games
2007-11-07 18:09:40 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-07 18:02:15 ----D---- C:\Program Files\Common Files\Macrovision Shared
2007-11-07 18:01:11 ----D---- C:\Program Files\Rosetta Stone
2007-11-07 18:01:11 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone DEMO
2007-11-06 05:00:42 ----D---- C:\Google Desktop Data
2007-10-29 18:25:14 ----D---- C:\Program Files\Babylon
2007-10-29 15:51:23 ----AC---- C:\WINDOWS\lexstat.ini
2007-10-19 08:00:06 ----D---- C:\Documents and Settings\All Users\Application Data\Winferno
2007-10-13 02:01:29 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-12 16:04:04 ----D---- C:\Program Files\Freeze.com
2007-10-12 16:03:26 ----A---- C:\WINDOWS\system32\WINUTIL5.DLL
2007-10-12 16:03:26 ----A---- C:\WINDOWS\system32\WINLCTL5.DLL
2007-10-12 16:03:22 ----A---- C:\WINDOWS\system32\CapiCom.dll
2007-10-12 16:03:20 ----D---- C:\Program Files\Free Offers from Freeze.com
2007-10-12 16:03:19 ----D---- C:\Program Files\Winferno
2007-10-12 16:02:58 ----D---- C:\Program Files\Blink
2007-10-12 16:01:35 ----D---- C:\Documents and Settings\Owner\Application Data\COMCASTTOOLBAR
2007-10-12 12:26:38 ----D---- C:\Program Files\SiteAdvisor
2007-10-12 12:26:37 ----D---- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-10-12 12:26:37 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-12 12:19:00 ----D---- C:\Program Files\McAfee.com
2007-10-12 12:18:28 ----D---- C:\Program Files\Common Files\McAfee
2007-10-12 12:17:36 ----D---- C:\Program Files\McAfee
2007-10-12 12:15:32 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-10 02:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2007-10-10 02:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2007-09-30 11:58:39 ----A---- C:\WINDOWS\WININIT.INI
2007-08-30 18:44:17 ----D---- C:\Program Files\Common Files\Symantec Shared
2007-08-30 02:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2007-08-15 02:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2007-08-15 02:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2007-08-15 02:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB921503$
2007-08-15 02:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2007-08-15 02:02:36 ----D---- C:\Program Files\MSXML 6.0
2007-08-15 02:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2007-07-31 10:49:24 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2007-07-31 10:49:17 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2007-07-29 15:44:33 ----D---- C:\Documents and Settings\Owner\Application Data\Electronic Arts
2007-07-29 13:49:52 ----D---- C:\Mythic
2007-07-24 15:17:08 ----A---- C:\WINDOWS\system32\dns-sd.exe
2007-07-24 15:17:08 ----A---- C:\WINDOWS\system32\dnssd.dll
2007-07-22 23:57:56 ----D---- C:\acccore
2007-07-19 06:26:32 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-18 17:50:07 ----D---- C:\Documents and Settings\Owner\Application Data\Talkback
2007-07-18 17:49:57 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-07-17 12:06:02 ----A---- C:\WINDOWS\system32\msvcr80.dll
2007-07-17 12:04:54 ----D---- C:\Program Files\Mozilla Firefox
2007-07-17 12:04:44 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla
2007-07-17 12:04:03 ----D---- C:\WINDOWS\system32\runtime
2007-07-13 12:50:54 ----D---- C:\Program Files\QuickTime
2007-07-13 12:48:36 ----D---- C:\Program Files\Common Files\Apple
2007-07-13 12:48:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-11 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2007-07-08 11:37:09 ----AC---- C:\WINDOWS\data.ini
2007-07-06 02:48:10 ----A---- C:\WINDOWS\undst.exe
2007-07-06 02:48:03 ----D---- C:\Program Files\PopsMedia
2007-07-02 21:30:25 ----A---- C:\WINDOWS\UnGins.exe
2007-07-02 19:04:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-06-30 21:29:28 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2007-06-29 12:53:35 ----AC---- C:\WINDOWS\NeroDigital.ini
2007-06-24 08:11:19 ----A---- C:\WINDOWS\Copy of winhelp.exe
2007-06-22 16:28:51 ----D---- C:\Program Files\WarRock
2007-06-13 02:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2007-06-13 02:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2007-06-13 02:07:56 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2007-06-12 23:28:48 ----HD---- C:\WINDOWS\$hf_mig$
2007-06-06 07:08:39 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2007-06-05 12:06:25 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2007-06-05 12:06:24 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2007-06-05 12:06:24 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2007-05-22 17:08:10 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-05-22 17:02:36 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2007-05-22 17:02:33 ----D---- C:\Program Files\Common Files\Adobe
2007-05-15 14:43:10 ----A---- C:\WINDOWS\system32\msxml6.dll
2007-05-13 11:40:11 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-05-13 11:38:37 ----D---- C:\Program Files\360Share Pro
2007-05-08 14:03:04 ----A---- C:\WINDOWS\system32\msxml4.dll
2007-04-14 22:52:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2007-03-25 18:20:15 ----A---- C:\WINDOWS\system32\javaws.exe
2007-03-25 18:20:15 ----A---- C:\WINDOWS\system32\javaw.exe
2007-03-25 18:20:15 ----A---- C:\WINDOWS\system32\java.exe
2007-03-23 15:49:51 ----D---- C:\Program Files\Common Files\iS3
2007-03-23 15:49:50 ----D---- C:\Program Files\STOPzilla!
2007-03-23 15:49:46 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-02-24 10:51:17 ----D---- C:\Documents and Settings\Owner\Application Data\Yahoo!
2007-02-03 13:37:35 ----D---- C:\Start Menu
2007-02-03 13:37:31 ----D---- C:\Program Files\MTV Networks
2007-01-29 02:58:06 ----A---- C:\WINDOWS\system32\tzchange.exe
2007-01-20 14:08:48 ----D---- C:\Program Files\Windows Media Connect 2
2007-01-20 14:04:14 ----D---- C:\WINDOWS\system32\LogFiles
2007-01-17 19:40:20 ----D---- C:\Application Data
2007-01-17 19:40:18 ----D---- C:\Documents and Settings\Owner\Application Data\MySpace
2007-01-17 19:40:13 ----D---- C:\Program Files\MySpace
2007-01-13 03:00:55 ----D---- C:\WINDOWS\ie7updates
2006-12-25 13:04:47 ----D---- C:\Program Files\Adobe
2006-12-25 13:03:08 ----D---- C:\WINDOWS\Cache
2006-12-25 13:02:26 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2006-12-25 13:02:26 ----A---- C:\WINDOWS\system32\xvidcore.dll
2006-12-25 13:02:25 ----A---- C:\WINDOWS\system32\vidccleaner.exe
2006-12-25 13:01:31 ----A---- C:\WINDOWS\system32\skjpeg40.dll
2006-12-25 13:01:29 ----A---- C:\WINDOWS\system32\Skbase40.dll
2006-12-25 13:01:28 ----D---- C:\Program Files\Samsung
2006-12-25 10:47:33 ----RSD---- C:\WINDOWS\assembly
2006-12-25 10:47:32 ----D---- C:\WINDOWS\Microsoft.NET
2006-12-25 10:47:30 ----D---- C:\WINDOWS\system32\URTTemp
2006-12-25 10:45:29 ----A---- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-12-25 10:45:29 ----A---- C:\WINDOWS\system32\CTSVCCDA.EXE
2006-12-25 10:45:09 ----D---- C:\Program Files\Common Files\Creative
2006-12-25 10:45:08 ----HD---- C:\Program Files\Creative Installation Information
2006-12-25 10:43:26 ----A---- C:\WINDOWS\system32\pxinsi64.exe
2006-12-25 10:43:26 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2006-12-25 10:43:26 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2006-12-25 10:43:26 ----A---- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-25 10:43:26 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2006-12-25 10:43:21 ----D---- C:\Program Files\illiminable
2006-12-25 10:43:02 ----D---- C:\Documents and Settings\All Users\Application Data\YAHOO
2006-12-25 10:37:11 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2006-12-22 12:28:14 ----A---- C:\WINDOWS\system32\mscoree.dll
2006-12-16 06:31:33 ----D---- C:\WINDOWS\WBEM
2006-12-16 06:31:32 ----D---- C:\WINDOWS\system32\en-US
2006-12-16 06:30:00 ----HDC---- C:\WINDOWS\ie7
2006-12-16 06:27:33 ----A---- C:\WINDOWS\system32\xmllite.dll
2006-12-16 06:26:16 ----D---- C:\WINDOWS\network diagnostic
2006-12-16 03:01:42 ----A---- C:\WINDOWS\system32\MRT.INI
2006-12-03 01:22:03 ----D---- C:\Program Files\Common Files\SureThing Shared
2006-12-02 18:54:33 ----D---- C:\Program Files\Cosmo Virtual Makeover 2
2006-12-02 18:43:24 ----AC---- C:\WINDOWS\system32\rwx20.dll
2006-12-02 18:43:24 ----AC---- C:\WINDOWS\system32\rwdx8d20.dll
2006-12-02 18:43:24 ----AC---- C:\WINDOWS\system32\rwdx6d20.dll
2006-12-02 18:43:23 ----D---- C:\Program Files\Hasbro
2006-12-02 18:27:54 ----A---- C:\WINDOWS\system32\LMRTREND.dll
2006-12-02 18:27:51 ----A---- C:\WINDOWS\system32\dxtmsft3.dll
2006-12-02 18:27:43 ----A---- C:\WINDOWS\system32\unam4ie.exe
2006-12-02 18:27:39 ----A---- C:\WINDOWS\system32\vidx16.dll
2006-12-02 18:27:38 ----A---- C:\WINDOWS\system32\qcut.dll
2006-12-02 18:27:34 ----A---- C:\WINDOWS\system32\w95inf32.dll
2006-12-02 18:27:34 ----A---- C:\WINDOWS\system32\w95inf16.dll
2006-12-02 18:26:21 ----A---- C:\WINDOWS\disney.ini
2006-12-01 16:25:09 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-01 16:23:18 ----D---- C:\Program Files\AIM6
2006-11-17 23:15:17 ----D---- C:\Program Files\MSXML 4.0
2006-11-12 16:38:05 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2006-11-07 21:03:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03:36 ----A---- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03:36 ----A---- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2006-11-07 03:26:32 ----A---- C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:25:58 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\SET21E.tmp
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47:20 ----AC---- C:\WINDOWS\system32\SET217.tmp
2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47:18 ----AC---- C:\WINDOWS\system32\SET229.tmp
2006-10-18 21:47:18 ----AC---- C:\WINDOWS\system32\SET228.tmp
2006-10-18 21:47:18 ----AC---- C:\WINDOWS\system32\SET212.tmp
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47:16 ----AC---- C:\WINDOWS\system32\SET22C.tmp
2006-10-18 21:47:16 ----AC---- C:\WINDOWS\system32\SET227.tmp
2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47:08 ----AC---- C:\WINDOWS\system32\SET22B.tmp
2006-10-18 20:00:46 ----A---- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00:14 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:05:58 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:02:20 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2006-10-17 11:58:32 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:58:20 ----A---- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:57:20 ----A---- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:57:20 ----A---- C:\WINDOWS\system32\iertutil(2).dll
2006-10-17 11:27:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 17:42:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2006-10-03 18:47:52 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2006-10-02 15:28:42 ----A---- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13:26 ----A---- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56:38 ----A---- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56:38 ----A---- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 18:56:16 ----A---- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56:14 ----A---- C:\WINDOWS\system32\WudfSvc.dll
2006-07-25 11:27:12 ----A---- C:\WINDOWS\system32\muweb.dll
2006-07-25 11:27:12 ----A---- C:\WINDOWS\system32\mucltui.dll
2006-07-24 21:36:37 ----A---- C:\WINDOWS\system32\kbdkor.dll
2006-07-24 21:36:37 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2006-07-24 21:36:37 ----A---- C:\WINDOWS\system32\kbd106.dll
2006-07-24 21:36:37 ----A---- C:\WINDOWS\system32\kbd103.dll
2006-07-24 21:36:37 ----A---- C:\WINDOWS\system32\kbd101c.dll
2006-07-24 21:36:37 ----A---- C:\WINDOWS\system32\kbd101b.dll
2006-07-24 18:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2006-07-24 18:58:49 ----D---- C:\Program Files\Windows Live Toolbar
2006-07-10 16:23:19 ----D---- C:\WINDOWS\Prefetch
2006-07-10 13:32:38 ----A---- C:\WINDOWS\system32\wmpns.dll
2006-07-10 13:30:06 ----D---- C:\WINDOWS\peernet
2006-07-10 13:30:05 ----D---- C:\WINDOWS\provisioning
2006-07-10 13:17:13 ----D---- C:\WINDOWS\EHome
2006-07-07 15:08:59 ----A---- C:\WINDOWS\system32\spnpinst.exe
2006-06-30 02:16:09 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2006-06-30 02:16:09 ----A---- C:\WINDOWS\system32\h323msp.dll
2006-06-30 02:16:08 ----A---- C:\WINDOWS\system32\netapi32.dll
2006-06-29 11:01:59 ----A---- C:\WINDOWS\system32\esent.dll
2006-06-29 08:05:44 ----A---- C:\WINDOWS\system32\normaliz.dll
2006-06-29 08:05:44 ----A---- C:\WINDOWS\system32\idndl.dll
2006-06-28 17:59:26 ----A---- C:\WINDOWS\system32\nlsdl.dll
2006-06-28 16:46:00 ----D---- C:\WINDOWS\system32\bits
2006-06-28 16:42:53 ----D---- C:\WINDOWS\system32\PreInstall
2006-06-28 16:42:42 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2006-06-28 15:55:04 ----A---- C:\WINDOWS\system32\xpob2res.dll
2006-06-28 15:55:04 ----A---- C:\WINDOWS\system32\winhttp.dll
2006-06-28 15:55:04 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2006-06-28 15:55:04 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2006-06-28 15:55:04 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2006-06-28 12:11:07 ----A---- C:\WINDOWS\system32\wups2.dll
2006-06-28 12:11:01 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2006-06-26 20:25:58 ----AC---- C:\WINDOWS\ssdiag.ini
2006-06-26 18:21:09 ----A---- C:\WINDOWS\ssdiag.exe
2006-06-22 04:59:17 ----A---- C:\WINDOWS\system32\rasmans.dll
2006-06-19 15:20:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2006-06-19 15:19:42 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2006-06-19 15:19:26 ----A---- C:\WINDOWS\system32\WgaTray.exe
2006-06-04 13:10:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-06-04 13:09:15 ----D---- C:\WINDOWS\Downloaded Installations
2006-05-18 17:05:23 ----D---- C:\Documents and Settings\Owner\Application Data\acccore
2006-05-17 11:51:05 ----D---- C:\WINDOWS\SoftwareDistribution
2006-05-17 11:50:50 ----A---- C:\WINDOWS\system32\wups.dll
2006-05-17 11:50:50 ----A---- C:\WINDOWS\system32\wucltui.dll
2006-05-17 11:50:50 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2006-05-17 11:50:50 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2006-05-17 11:50:50 ----A---- C:\WINDOWS\system32\wuapi.dll
2006-05-16 15:51:08 ----D---- C:\Program Files\Plaxo
2006-05-16 15:44:18 ----D---- C:\Program Files\AOD
2006-05-16 15:44:01 ----D---- C:\Program Files\Common Files\Nullsoft
2006-05-16 15:43:59 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2006-05-16 15:43:39 ----D---- C:\Program Files\Common Files\AOL
2006-05-16 15:43:34 ----D---- C:\Program Files\AOL
2006-05-16 15:41:04 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-05-16 15:41:01 ----AC---- C:\WINDOWS\atid.ini
2006-05-14 03:13:41 ----A---- C:\WINDOWS\system32\winipsec.dll
2006-05-14 03:13:41 ----A---- C:\WINDOWS\system32\polstore.dll
2006-05-14 03:13:41 ----A---- C:\WINDOWS\system32\oakley.dll
2006-05-14 03:13:41 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2006-05-14 03:13:41 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2006-05-14 03:13:41 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2006-05-08 09:50:58 ----A---- C:\WINDOWS\system32\urlmon.dll
2006-05-08 09:50:58 ----A---- C:\WINDOWS\system32\urlmon(3).dll
2006-05-08 09:50:58 ----A---- C:\WINDOWS\system32\urlmon(2).dll
2006-04-28 09:58:58 ----A---- C:\WINDOWS\system32\wininet.dll
2006-04-28 09:58:58 ----A---- C:\WINDOWS\system32\wininet(3).dll
2006-04-28 09:58:58 ----A---- C:\WINDOWS\system32\wininet(2).dll
2006-04-18 17:16:53 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2006-04-11 17:46:30 ----D---- C:\WINDOWS\Minidump
2006-04-10 15:46:29 ----A---- C:\WINDOWS\system32\ptpusb.dll
2006-04-10 15:46:28 ----A---- C:\WINDOWS\system32\ptpusd.dll
2006-04-08 14:45:20 ----A---- C:\WINDOWS\cdplayer.ini
2006-04-08 14:41:17 ----D---- C:\Program Files\Common Files\Real
2006-04-08 14:41:16 ----D---- C:\Program Files\Real
2006-04-08 14:41:08 ----D---- C:\Documents and Settings\Owner\Application Data\Real
2006-04-08 14:39:15 ----D---- C:\My Downloads
2006-04-03 20:18:27 ----D---- C:\Documents and Settings\Owner\Application Data\Help
2006-04-03 16:49:20 ----D---- C:\Documents and Settings\Owner\Application Data\Creative
2006-04-02 20:29:05 ----D---- C:\Program Files\Microsoft Encarta
2006-04-02 20:26:27 ----D---- C:\Program Files\Microsoft Picture It! 7
2006-04-02 20:23:20 ----D---- C:\Program Files\Microsoft Money
2006-04-02 20:19:09 ----D---- C:\Program Files\Microsoft ActiveSync
2006-04-02 20:19:04 ----D---- C:\WINDOWS\ShellNew
2006-04-02 20:18:59 ----D---- C:\Program Files\Common Files\Designer
2006-04-02 20:18:43 ----D---- C:\Program Files\Microsoft Office
2006-04-02 20:16:30 ----D---- C:\Program Files\Microsoft Works
2006-04-02 20:14:51 ----D---- C:\Program Files\Microsoft Works Suite 2003
2006-04-02 08:30:09 ----D---- C:\Program Files\Common Files\SWF Studio
2006-04-02 08:29:48 ----D---- C:\Program Files\fsupport
2006-03-31 18:21:54 ----D---- C:\Program Files\Yahoo!
2006-03-27 18:25:46 ----D---- C:\WINDOWS\Sun
2006-03-27 18:25:46 ----D---- C:\Documents and Settings\Owner\Application Data\Sun
2006-03-27 18:25:25 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2006-03-27 18:25:24 ----D---- C:\Program Files\Google
2006-03-26 16:28:04 ----A---- C:\WINDOWS\IsUninst.exe
2006-03-26 16:28:00 ----A---- C:\WINDOWS\system32\msvcr70.dll
2006-03-26 16:28:00 ----A---- C:\WINDOWS\system32\msvcp70.dll
2006-03-26 16:28:00 ----A---- C:\WINDOWS\system32\msvci70.dll
2006-03-26 16:28:00 ----A---- C:\WINDOWS\system32\mfc70.dll
2006-03-26 16:27:46 ----D---- C:\Program Files\Audible
2006-03-26 16:25:22 ----A---- C:\WINDOWS\system32\wstdecod.dll
2006-03-26 16:25:22 ----A---- C:\WINDOWS\system32\psisdecd.dll
2006-03-26 16:25:21 ----A---- C:\WINDOWS\system32\msyuv.dll
2006-03-26 16:25:21 ----A---- C:\WINDOWS\system32\msvidctl.dll
2006-03-26 16:25:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2006-03-26 16:25:20 ----A---- C:\WINDOWS\system32\quartz.dll
2006-03-26 16:25:20 ----A---- C:\WINDOWS\system32\qedwipes.dll
2006-03-26 16:25:20 ----A---- C:\WINDOWS\system32\qedit.dll
2006-03-26 16:25:20 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2006-03-26 16:25:20 ----A---- C:\WINDOWS\system32\msdmo.dll
2006-03-26 16:25:19 ----AC---- C:\WINDOWS\system32\qcap.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\qdvd.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\qdv.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\encapi.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dswave.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmusic.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmsynth.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmstyle.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmscript.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmloader.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmime.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmcompos.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\dmband.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\devenum.dll
2006-03-26 16:25:19 ----A---- C:\WINDOWS\system32\amstream.dll
2006-03-26 16:25:18 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2006-03-26 16:25:18 ----A---- C:\WINDOWS\system32\d3d9.dll
2006-03-26 16:25:18 ----A---- C:\WINDOWS\system32\d3d8.dll
2006-03-26 16:25:17 ----AC---- C:\WINDOWS\system32\dpnet.dll
2006-03-26 16:25:17 ----AC---- C:\WINDOWS\system32\dplayx.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dxdiag.exe
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dx8vb.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dx7vb.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dsound3d.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dsound.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dsdmo.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpvvox.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpvoice.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpvacm.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\ddrawex.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\ddraw.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\d3dim700.dll
2006-03-26 16:25:17 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2006-03-26 16:21:00 ----A---- C:\WINDOWS\system32\setb3.tmp
2006-03-24 18:58:19 ----D---- C:\Documents and Settings\Owner\Application Data\MP3Rocket
2006-03-24 18:57:39 ----D---- C:\Program Files\Java
2006-03-24 18:57:37 ----D---- C:\Program Files\Common Files\Java
2006-03-24 18:56:40 ----D---- C:\Program Files\MP3Rocket
2006-03-24 18:36:41 ----C---- C:\WINDOWS\Ctregrun.exe
2006-03-24 18:33:54 ----D---- C:\WINDOWS\RegisteredPackages
2006-03-24 18:33:38 ----A---- C:\WINDOWS\system32\MP4SDMOD.dll
2006-03-24 18:33:38 ----A---- C:\WINDOWS\system32\MP43DMOD.dll
2006-03-24 18:33:37 ----A---- C:\WINDOWS\system32\MPG4DMOD.dll
2006-03-24 18:33:25 ----D---- C:\Program Files\Creative
2006-03-24 18:13:50 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-03-24 18:05:06 ----D---- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-03-24 18:03:24 ----D---- C:\Documents and Settings\Owner\Application Data\Sonic
2006-03-24 18:03:20 ----D---- C:\Program Files\Common Files\Sonic
2006-03-24 18:03:12 ----D---- C:\WINDOWS\system32\dla
2006-03-24 18:03:12 ----A---- C:\WINDOWS\system32\tfswapi.dll
2006-03-24 18:03:12 ----A---- C:\WINDOWS\dla.exe
2006-03-24 18:02:32 ----D---- C:\Program Files\Sonic
2006-03-21 19:28:49 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2006-03-21 18:25:59 ----A---- C:\WINDOWS\system32\BCMSMI32.dll
2006-03-21 18:25:59 ----A---- C:\WINDOWS\system32\BCMSM168.dll
2006-03-21 18:25:59 ----A---- C:\WINDOWS\BCMSMU.exe
2006-03-21 18:25:59 ----A---- C:\WINDOWS\BCMSMMSG.exe
2006-03-21 18:25:59 ----A---- C:\WINDOWS\BCMSMD2K.exe
2006-03-21 17:24:54 ----D---- C:\Program Files\ABBYY FineReader 6.0
2006-03-21 17:24:54 ----D---- C:\Program Files\ABBYY FineReader 5.0 Sprint
2006-03-21 17:24:36 ----D---- C:\Program Files\FaxTools
2006-03-21 17:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2006-03-21 17:24:03 ----A---- C:\WINDOWS\dellstat.ini
2006-03-21 17:23:43 ----A---- C:\WINDOWS\system32\LEXPPS.EXE
2006-03-21 17:23:43 ----A---- C:\WINDOWS\system32\LEXP2P32.DLL
2006-03-21 17:23:43 ----A---- C:\WINDOWS\system32\LEXBCES.EXE
2006-03-21 17:23:43 ----A---- C:\WINDOWS\system32\LEXBCE.DLL
2006-03-21 17:23:43 ----A---- C:\WINDOWS\system32\LEX2KUSB.DLL
2006-03-21 17:23:43 ----A---- C:\WINDOWS\system32\dlbkvs.dll
2006-03-21 17:23:42 ----A---- C:\WINDOWS\system32\dlbkpwr.dll
2006-03-21 17:23:42 ----A---- C:\WINDOWS\system32\dlbkcomm.dll
2006-03-21 17:23:40 ----A---- C:\WINDOWS\system32\lexlmpm.dll
2006-03-21 17:23:27 ----D---- C:\Program Files\Dell AIO Printer A920
2006-03-21 17:23:26 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2006-03-21 17:23:17 ----A---- C:\WINDOWS\system32\dlbkscin.dll
2006-03-21 17:23:17 ----A---- C:\WINDOWS\system32\dlbkcoin.ini
2006-03-21 17:23:17 ----A---- C:\WINDOWS\system32\dlbkcoin.dll
2006-03-21 17:23:17 ----A---- C:\WINDOWS\system32\dlbkcinf.dll
2006-03-21 17:23:16 ----D---- C:\Program Files\Dell A920
2006-03-21 17:23:15 ----A---- C:\WINDOWS\uninst.exe
2006-03-20 17:57:51 ----D---- C:\Documents and Settings\Owner\Application Data\MSN6
2006-03-20 17:57:51 ----D---- C:\Documents and Settings\All Users\Application Data\MSN6
2006-03-20 17:52:30 ----D---- C:\Program Files\Common Files\scanner
2006-03-20 17:52:29 ----D---- C:\Program Files\ComcastToolbar
2006-03-20 09:05:20 ----D---- C:\Documents and Settings\All Users\Application Data\Support.com
2006-03-20 09:03:06 ----SD---- C:\WINDOWS\system32\Microsoft
2006-03-20 09:00:57 ----D---- C:\Program Files\ESET
2006-03-20 08:59:33 ----D---- C:\Program Files\Analog Devices
2006-03-20 08:59:33 ----A---- C:\WINDOWS\system32\DSndUp.exe
2006-03-20 08:59:33 ----A---- C:\WINDOWS\system32\CleanUp.exe
2006-03-20 08:59:33 ----A---- C:\WINDOWS\system32\a3d.dll
2006-03-20 08:58:20 ----D---- C:\Program Files\Intel
2006-03-20 08:56:46 ----A---- C:\WINDOWS\system32\usbui.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrses.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2006-03-20 08:54:08 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvrszht.dll
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvrssv.dll
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvrsno.dll
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2006-03-20 08:54:07 ----A---- C:\WINDOWS\system32\nvrsko.dll
2006-03-20 08:54:06 ----A---- C:\WINDOWS\system32\nvrsja.dll
2006-03-20 08:54:06 ----A---- C:\WINDOWS\system32\nvrsit.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvrses.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvrsde.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvrsda.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvmctray.dll
2006-03-20 08:54:05 ----A---- C:\WINDOWS\system32\nvinstnt.dll
2006-03-20 08:54:02 ----A---- C:\WINDOWS\system32\nvcpl.dll
2006-03-20 08:54:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2006-03-20 08:53:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2006-03-20 08:48:36 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2006-03-20 08:48:36 ----A---- C:\WINDOWS\system32\RcdScan.dll
2006-03-20 08:48:25 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2006-03-20 08:48:19 ----HD---- C:\Program Files\InstallShield Installation Information
2006-03-20 08:47:33 ----D---- C:\Program Files\Common Files\InstallShield
2006-03-20 08:43:22 ----SHD---- C:\WINDOWS\Installer
2006-03-20 08:43:20 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2006-03-20 08:43:10 ----HD---- C:\Program Files\Uninstall Information
2006-03-20 08:43:01 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-03-20 08:43:01 ----ASHC---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2006-03-16 23:04:14 ----A---- C:\WINDOWS\system32\shell32.dll
2006-03-16 18:49:30 ----A---- C:\WINDOWS\system32\verclsid.exe
2006-03-16 09:07:42 ----SHD---- C:\System Volume Information
2006-03-16 09:07:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2006-03-15 13:42:56 ----D---- C:\WINDOWS\system32\xircom
2006-03-15 13:42:56 ----D---- C:\Program Files\xerox
2006-03-15 13:42:55 ----D---- C:\Program Files\microsoft frontpage
2006-03-15 13:42:54 ----D---- C:\DELL
2006-03-15 13:40:06 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2006-03-15 13:38:48 ----AC---- C:\WINDOWS\control.ini
2006-03-15 13:38:48 ----A---- C:\AUTOEXEC.BAT
2006-03-15 13:38:39 ----A---- C:\WINDOWS\system32\mapi32.dll
2006-03-15 13:37:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2006-03-15 13:37:53 ----RD---- C:\WINDOWS\Offline Web Pages
2006-03-15 13:37:53 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2006-03-15 13:37:48 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2006-03-15 13:37:25 ----D---- C:\WINDOWS\system32\DirectX
2006-03-15 13:37:03 ----A---- C:\WINDOWS\system32\safrslv.dll
2006-03-15 13:37:03 ----A---- C:\WINDOWS\system32\safrdm.dll
2006-03-15 13:37:03 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2006-03-15 13:37:03 ----A---- C:\WINDOWS\system32\racpldlg.dll
2006-03-15 13:37:02 ----A---- C:\WINDOWS\system32\atrace.dll
2006-03-15 13:37:00 ----AC---- C:\WINDOWS\system32\desktop.ini
2006-03-15 13:37:00 ----AC---- C:\WINDOWS\desktop.ini
2006-03-15 13:36:55 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2006-03-15 13:36:55 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2006-03-15 13:36:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2006-03-15 13:36:54 ----A---- C:\WINDOWS\system32\acctres.dll
2006-03-15 13:36:53 ----D---- C:\Program Files\Common Files\Services
2006-03-15 13:36:52 ----A---- C:\WINDOWS\system32\inetres.dll
2006-03-15 13:36:49 ----SD---- C:\WINDOWS\Tasks
2006-03-15 13:36:49 ----A---- C:\WINDOWS\system32\isign32.dll
2006-03-15 13:36:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2006-03-15 13:36:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2006-03-15 13:36:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2006-03-15 13:36:49 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2006-03-15 13:36:47 ----D---- C:\Program Files\Common Files\MSSoap
2006-03-15 13:36:43 ----D---- C:\WINDOWS\system32\Macromed
2006-03-15 13:36:43 ----D---- C:\WINDOWS\srchasst
2006-03-15 13:36:42 ----A---- C:\WINDOWS\system32\qmgr.dll
2006-03-15 13:36:41 ----D---- C:\Program Files\Movie Maker
2006-03-15 13:36:38 ----D---- C:\WINDOWS\system32\Restore
2006-03-15 13:36:38 ----D---- C:\WINDOWS\PCHealth
2006-03-15 13:36:38 ----A---- C:\WINDOWS\system32\srrstr.dll
2006-03-15 13:36:37 ----A---- C:\WINDOWS\system32\srsvc.dll
2006-03-15 13:36:37 ----A---- C:\WINDOWS\system32\srclient.dll
2006-03-15 13:36:37 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2006-03-15 13:36:37 ----A---- C:\WINDOWS\system32\msconf.dll
2006-03-15 13:36:37 ----A---- C:\WINDOWS\system32\mnmdd.dll
2006-03-15 13:36:37 ----A---- C:\WINDOWS\system32\ils.dll
2006-03-15 13:36:34 ----D---- C:\Program Files\NetMeeting
2006-03-15 13:36:34 ----A---- C:\WINDOWS\system32\msoert2.dll
2006-03-15 13:36:34 ----A---- C:\WINDOWS\system32\msoeacct.dll
2006-03-15 13:36:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
2006-03-15 13:36:33 ----D---- C:\Program Files\Outlook Express
2006-03-15 13:36:33 ----A---- C:\WINDOWS\system32\schedsvc.dll
2006-03-15 13:36:33 ----A---- C:\WINDOWS\system32\mstinit.exe
2006-03-15 13:36:33 ----A---- C:\WINDOWS\system32\mstask.dll
2006-03-15 13:36:30 ----D---- C:\Program Files\Common Files\System
2006-03-15 13:36:27 ----D---- C:\Program Files\Internet Explorer
2006-03-15 13:36:13 ----D---- C:\Program Files\ComPlus Applications
2006-03-15 13:36:12 ----AC---- C:\WINDOWS\vbaddin.ini
2006-03-15 13:36:12 ----AC---- C:\WINDOWS\vb.ini
2006-03-15 13:36:08 ----D---- C:\WINDOWS\Registration
2006-03-15 13:35:44 ----HD---- C:\Program Files\WindowsUpdate
2006-03-15 13:35:43 ----D---- C:\Program Files\Windows Media Player
2006-03-15 13:35:43 ----D---- C:\Program Files\Online Services
2006-03-15 13:35:39 ----D---- C:\Program Files\Messenger
2006-03-15 13:35:35 ----D---- C:\Program Files\MSN Gaming Zone
2006-03-15 13:35:35 ----A---- C:\WINDOWS\system32\write.exe
2006-03-15 13:35:27 ----A---- C:\WINDOWS\system32\sndvol32.exe
2006-03-15 13:35:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2006-03-15 13:35:27 ----A---- C:\WINDOWS\system32\hticons.dll
2006-03-15 13:35:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2006-03-15 13:35:26 ----A---- C:\WINDOWS\system32\winchat.exe
2006-03-15 13:35:26 ----A---- C:\WINDOWS\system32\avwav.dll
2006-03-15 13:35:26 ----A---- C:\WINDOWS\system32\avtapi.dll
2006-03-15 13:35:26 ----A---- C:\WINDOWS\system32\avmeter.dll
2006-03-15 13:35:21 ----A---- C:\WINDOWS\system32\getuname.dll
2006-03-15 13:35:21 ----A---- C:\WINDOWS\system32\charmap.exe
2006-03-15 13:35:20 ----A---- C:\WINDOWS\system32\winmine.exe
2006-03-15 13:35:20 ----A---- C:\WINDOWS\system32\sol.exe
2006-03-15 13:35:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2006-03-15 13:35:20 ----A---- C:\WINDOWS\system32\freecell.exe
2006-03-15 13:35:20 ----A---- C:\WINDOWS\system32\calc.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\tslabels.ini
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\tskill.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\tscon.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\shadow.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\rwinsta.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\reset.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\regini.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\rdshost.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\qwinsta.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\qprocess.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\qappsrv.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\msg.exe
2006-03-15 13:35:19 ----A---- C:\WINDOWS\system32\logoff.exe
2006-03-15 13:35:18 ----A---- C:\WINDOWS\system32\xolehlp.dll
2006-03-15 13:35:18 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2006-03-15 13:35:18 ----A---- C:\WINDOWS\system32\msdtctm.dll
2006-03-15 13:35:18 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2006-03-15 13:35:18 ----A---- C:\WINDOWS\system32\msdtclog.dll
2006-03-15 13:35:18 ----A---- C:\WINDOWS\system32\cdmodem.dll
2006-03-15 13:35:17 ----A---- C:\WINDOWS\system32\msdtc.exe
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\stclient.dll
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\mtxex.dll
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\mtxdm.dll
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\comrepl.dll
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\comaddin.dll
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\clbcatex.dll
2006-03-15 13:35:16 ----A---- C:\WINDOWS\system32\catsrvps.dll
2006-03-15 13:35:15 ----A---- C:\WINDOWS\system32\comuid.dll
2006-03-15 13:35:15 ----A---- C:\WINDOWS\system32\comsnap.dll
2006-03-15 13:35:10 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2006-03-15 13:35:10 ----A---- C:\WINDOWS\system32\servdeps.dll
2006-03-15 13:35:10 ----A---- C:\WINDOWS\system32\mmfutil.dll
2006-03-15 13:35:10 ----A---- C:\WINDOWS\system32\cmprops.dll
2006-03-15 13:35:05 ----D---- C:\Program Files\Windows NT
2006-03-15 13:35:05 ----D---- C:\Program Files\MSN
2006-03-15 13:35:05 ----A---- C:\WINDOWS\system32\mspaint.exe
2006-03-15 13:35:05 ----A---- C:\WINDOWS\system32\mplay32.exe
2006-03-15 13:35:05 ----A---- C:\WINDOWS\system32\clipbrd.exe
2006-03-15 13:35:04 ----A---- C:\WINDOWS\system32\wuauserv.dll
2006-03-15 13:35:04 ----A---- C:\WINDOWS\system32\wuaueng.dll
2006-03-15 13:35:04 ----A---- C:\WINDOWS\system32\wuauclt.exe
2006-03-15 13:35:04 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2006-03-15 13:35:04 ----A---- C:\WINDOWS\system32\spider.exe
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\termsrv.dll
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\sessmgr.exe
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\remotepg.dll
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\rdchost.dll
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\mstscax.dll
2006-03-15 13:35:03 ----A---- C:\WINDOWS\system32\mstsc.exe
2006-03-15 13:35:02 ----D---- C:\WINDOWS\system32\MsDtc
2006-03-15 13:35:02 ----D---- C:\WINDOWS\system32\Com
2006-03-15 13:35:02 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2006-03-15 13:35:02 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2006-03-15 13:35:02 ----A---- C:\WINDOWS\system32\rdpclip.exe
2006-03-15 13:35:02 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2006-03-15 13:35:02 ----A---- C:\WINDOWS\system32\icaapi.dll
2006-03-15 13:35:02 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2006-03-15 13:34:58 ----A---- C:\WINDOWS\system32\licwmi.dll
2006-03-15 07:33:51 ----A---- C:\WINDOWS\system32\h323log.txt
2006-03-15 06:33:58 ----A---- C:\WINDOWS\imsins.BAK
2006-03-15 06:33:54 ----D---- C:\Program Files\Common Files\ODBC
2006-03-15 06:33:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2006-03-15 06:33:51 ----D---- C:\Program Files\Common Files\SpeechEngines
2006-03-15 06:33:50 ----RD---- C:\Program Files
2006-03-15 06:33:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2006-03-15 06:33:50 ----D---- C:\Program Files\Common Files
2006-03-15 06:33:48 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2006-03-15 06:33:48 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2006-03-15 06:33:48 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdur.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdru.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2006-03-15 06:33:46 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2006-03-15 06:33:45 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2006-03-15 06:33:45 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2006-03-15 06:33:45 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2006-03-15 06:33:45 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2006-03-15 06:33:45 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2006-03-15 06:33:45 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2006-03-15 06:33:44 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2006-03-15 06:33:43 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2006-03-15 06:33:43 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2006-03-15 06:33:43 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2006-03-15 06:33:43 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2006-03-15 06:33:43 ----RA---- C:\WINDOWS\system32\kbdest.dll
2006-03-15 06:33:42 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2006-03-15 06:33:42 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2006-03-15 06:33:42 ----RA---- C:\WINDOWS\system32\kbdro.dll
2006-03-15 06:33:42 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2006-03-15 06:33:41 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2006-03-15 06:33:39 ----A---- C:\WINDOWS\system32\spxcoins.dll
2006-03-15 06:33:39 ----A---- C:\WINDOWS\system32\irclass.dll
2006-03-15 06:33:39 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2006-03-15 06:33:39 ----A---- C:\WINDOWS\system32\dgsetup.dll
2006-03-15 06:33:39 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2006-03-15 06:33:37 ----AC---- C:\WINDOWS\system32\batt.dll
2006-03-15 06:33:37 ----A---- C:\WINDOWS\TASKMAN.EXE
2006-03-15 06:33:37 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2006-03-15 06:33:37 ----A---- C:\WINDOWS\notepad.exe
2006-03-15 06:33:36 ----AC---- C:\WINDOWS\system32\storprop.dll
2006-03-15 06:33:30 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2006-03-15 06:33:15 ----D---- C:\WINDOWS\system32\CatRoot2
2006-03-15 06:33:15 ----D---- C:\WINDOWS\system32\CatRoot
2006-03-15 06:33:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-03-15 06:32:51 ----D---- C:\Documents and Settings
2006-03-15 06:32:11 ----RASH---- C:\boot.ini
2006-03-15 06:29:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2006-03-15 06:29:05 ----RSD---- C:\WINDOWS\Fonts
2006-03-15 06:29:05 ----RD---- C:\WINDOWS\Web
2006-03-15 06:29:05 ----HD---- C:\WINDOWS\inf
2006-03-15 06:29:05 ----D---- C:\WINDOWS\WinSxS
2006-03-15 06:29:05 ----D---- C:\WINDOWS\twain_32
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Temp
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\wins
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\wbem
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\usmt
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\spool
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\ShellExt
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\Setup
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\ras
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\oobe
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\npp
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\mui
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\inetsrv
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\IME
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\icsxml
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\ias
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\export
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\drivers
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\dhcp
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\config
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\3com_dmi
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\3076
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\2052
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\1054
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\1042
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\1041
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\1037
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\1033
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\1031
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32\1028
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system32
2006-03-15 06:29:05 ----D---- C:\WINDOWS\system
2006-03-15 06:29:05 ----D---- C:\WINDOWS\security
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Resources
2006-03-15 06:29:05 ----D---- C:\WINDOWS\repair
2006-03-15 06:29:05 ----D---- C:\WINDOWS\mui
2006-03-15 06:29:05 ----D---- C:\WINDOWS\msapps
2006-03-15 06:29:05 ----D---- C:\WINDOWS\msagent
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Media
2006-03-15 06:29:05 ----D---- C:\WINDOWS\java
2006-03-15 06:29:05 ----D---- C:\WINDOWS\ime
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Help
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Driver Cache
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Debug
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Cursors
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Connection Wizard
2006-03-15 06:29:05 ----D---- C:\WINDOWS\Config
2006-03-15 06:29:05 ----D---- C:\WINDOWS\AppPatch
2006-03-15 06:29:05 ----D---- C:\WINDOWS\addins
2006-03-15 06:29:05 ----D---- C:\WINDOWS
2006-03-01 13:44:39 ----A---- C:\WINDOWS\system32\mtxoci.dll
2006-03-01 13:44:39 ----A---- C:\WINDOWS\system32\mtxclu.dll
2006-01-03 21:37:34 ----A---- C:\WINDOWS\system32\webclnt.dll
2005-09-08 01:03:50 ----A---- C:\WINDOWS\system32\msxml6r.dll
2005-08-31 17:49:30 ----A---- C:\WINDOWS\system32\shlwapi.dll
2005-08-22 21:51:10 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2005-08-22 12:36:34 ----A---- C:\WINDOWS\system32\netman.dll
2005-07-25 22:31:13 ----A---- C:\WINDOWS\system32\rpcss.dll
2005-07-25 22:31:13 ----A---- C:\WINDOWS\system32\olecli32.dll
2005-07-25 22:31:13 ----A---- C:\WINDOWS\system32\ole32.dll
2005-07-25 22:31:12 ----A---- C:\WINDOWS\system32\es.dll
2005-07-25 22:30:49 ----A---- C:\WINDOWS\system32\comsvcs.dll
2005-07-25 22:30:41 ----A---- C:\WINDOWS\system32\colbact.dll
2005-07-25 22:30:41 ----A---- C:\WINDOWS\system32\clbcatq.dll
2005-07-25 22:30:38 ----A---- C:\WINDOWS\system32\catsrvut.dll
2005-07-25 22:30:34 ----A---- C:\WINDOWS\system32\catsrv.dll
2005-07-08 10:09:48 ----A---- C:\WINDOWS\system32\tapisrv.dll
2005-06-28 19:54:58 ----A---- C:\WINDOWS\system32\mscms.dll
2005-06-16 07:48:24 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2005-06-15 13:27:42 ----A---- C:\WINDOWS\system32\Prounstl.exe
2005-06-15 11:50:24 ----A---- C:\WINDOWS\system32\kerberos.dll
2005-06-14 22:08:42 ----A---- C:\WINDOWS\system32\NicCo32.dll
2005-06-10 17:55:46 ----A---- C:\WINDOWS\system32\spoolsv.exe
2005-05-26 03:19:32 ----A---- C:\WINDOWS\system32\wuweb.dll
2005-05-19 07:28:12 ----A---- C:\WINDOWS\system32\NicIn32.dll
2005-05-16 18:43:39 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2005-03-02 12:20:03 ----A---- C:\WINDOWS\system32\authz.dll
2004-11-17 11:57:01 ----A---- C:\WINDOWS\system32\hypertrm.dll
2004-11-16 15:32:24 ----A---- C:\WINDOWS\system32\hlink.dll
2004-10-27 19:29:54 ----A---- C:\WINDOWS\system32\shsvcs.dll
2004-10-27 19:29:54 ----A---- C:\WINDOWS\system32\cscdll.dll
2004-10-26 22:07:58 ----A---- C:\WINDOWS\system32\odc.dll
2004-10-11 11:20:38 ----AC---- C:\WINDOWS\system32\wpdtrace.dll
2004-10-11 11:20:38 ----AC---- C:\WINDOWS\system32\wpdmtpdr.dll
2004-10-11 11:20:38 ----A---- C:\WINDOWS\system32\wpdsp.dll
2004-10-11 11:20:38 ----A---- C:\WINDOWS\system32\wpdmtpus.dll
2004-10-11 11:20:38 ----A---- C:\WINDOWS\system32\wpdmtp.dll
2004-10-11 11:20:38 ----A---- C:\WINDOWS\system32\wpdconns.dll
2004-10-11 11:20:38 ----A---- C:\WINDOWS\system32\wpd_ci.dll
2004-10-11 11:20:38 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2004-10-11 11:20:36 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2004-10-11 11:20:36 ----A---- C:\WINDOWS\system32\wmvcore.dll
2004-10-11 11:20:36 ----A---- C:\WINDOWS\system32\WMVADVE.DLL
2004-10-11 11:20:36 ----A---- C:\WINDOWS\system32\WMVADVD.dll
2004-10-11 11:20:36 ----A---- C:\WINDOWS\system32\WMSPDMOE.dll
2004-10-11 11:20:34 ----A---- C:\WINDOWS\system32\WMSPDMOD.dll
2004-10-11 11:20:34 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2004-10-11 11:20:34 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2004-10-11 11:20:32 ----A---- C:\WINDOWS\system32\WMNetMgr.dll
2004-10-11 11:20:32 ----A---- C:\WINDOWS\system32\wmidx.dll
2004-10-11 11:20:32 ----A---- C:\WINDOWS\system32\wmdrmnet.dll
2004-10-11 11:20:32 ----A---- C:\WINDOWS\system32\wmdrmdev.dll
2004-10-11 11:20:32 ----A---- C:\WINDOWS\system32\wmdmps.dll
2004-10-11 11:20:32 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\wmasf.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\WMADMOE.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\WMADMOD.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\wdfapi.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\uwdf.exe
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\qasf.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\mswmdm.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\msscp.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\mspmsp.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\msnetobj.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\logagent.exe
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\LAPRXY.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\drmstor.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\drmclien.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\cewmdm.dll
2004-10-11 11:20:30 ----A---- C:\WINDOWS\system32\blackbox.dll
2004-09-22 18:46:32 ----A---- C:\WINDOWS\system32\SET704.tmp
2004-09-22 18:46:26 ----A---- C:\WINDOWS\system32\SET771.tmp
2004-09-22 18:46:24 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
2004-09-22 18:46:24 ----A---- C:\WINDOWS\system32\wmpshell.dll
2004-09-22 18:46:22 ----A---- C:\WINDOWS\system32\SET74B.tmp
2004-09-22 18:46:20 ----A---- C:\WINDOWS\system32\wmpencen.dll
2004-09-22 18:46:20 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2004-09-22 18:46:20 ----A---- C:\WINDOWS\system32\wmpasf.dll
2004-09-22 18:46:20 ----A---- C:\WINDOWS\system32\SET76E.tmp
2004-09-22 18:46:20 ----A---- C:\WINDOWS\system32\SET769.tmp
2004-09-22 18:46:18 ----A---- C:\WINDOWS\system32\SET766.tmp
2004-09-22 18:46:16 ----A---- C:\WINDOWS\system32\wmp.dll
2004-09-22 18:46:14 ----A---- C:\WINDOWS\system32\wmerror.dll
2004-09-22 18:46:12 ----A---- C:\WINDOWS\system32\SET6F2.tmp
2004-09-22 18:45:36 ----A---- C:\WINDOWS\system32\audiodev.dll
2004-09-22 18:45:36 ----A---- C:\WINDOWS\system32\asferror.dll
2004-08-20 16:01:15 ----A---- C:\WINDOWS\system32\sxs.dll
2004-08-20 16:01:15 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\wscntfy.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2004-08-04 01:56:56 ----N---- C:\WINDOWS\slrundll.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\smbinst.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\slserv.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\slrundll.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\proxycfg.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\powercfg.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\logman.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\fsquirt.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\fltmc.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\faxpatch.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\blastcln.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\auditusr.exe
2004-08-04 01:56:46 ----AC---- C:\WINDOWS\system32\twext.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\xmlprov.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wshbth.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wscsvc.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\winshfhc.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\w3ssl.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\strmfilt.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\slgen.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\slextspk.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\slcoinst.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\sdhcinst.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\s3gnb.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\p2psvc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\p2p.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2004-08-04 01:56:42 ----AC---- C:\WINDOWS\system32\httpapi.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\msdadiag.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ieencode.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\fwcfg.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\fltlib.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\extmgr.dll
2004-08-04 01:56:41 ----AC---- C:\WINDOWS\system32\bthci.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\btpanui.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\bthserv.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\ati3duag.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdukx.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdno1.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdinben.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2004-08-04 01:56:10 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2004-07-17 12:40:21 ----A---- C:\WINDOWS\002280_.tmp
2004-07-14 23:34:06 ----A---- C:\WINDOWS\system32\mscorier.dll
2004-03-29 19:48:36 ----A---- C:\WINDOWS\system32\mf3216.dll
2004-03-05 20:16:11 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2004-01-29 08:08:23 ----A---- C:\WINDOWS\system32\ATHPRXY.DLL
2003-11-05 23:10:09 ----D---- C:\rsit
2003-11-05 23:05:52 ----D---- C:\_OTMoveIt
2003-11-05 23:04:16 ----D---- C:\WINDOWS\LastGood

======List of files/folders modified in the last 1 months======

2008-09-17 20:22:04 ----A---- C:\WINDOWS\system.ini
2008-07-18 21:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-06-24 09:57:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-06-23 10:57:41 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-06-23 10:57:40 ----A---- C:\WINDOWS\system32\url.dll
2008-06-23 10:57:40 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-06-23 10:57:40 ----A---- C:\WINDOWS\system32\occache.dll
2008-06-23 10:57:40 ----A---- C:\WINDOWS\system32\mstime.dll
2008-06-23 10:57:39 ----A---- C:\WINDOWS\system32\msrating.dll
2008-06-23 10:57:39 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-06-23 10:57:35 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-06-23 10:57:33 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-06-23 10:57:29 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-06-23 10:57:29 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-06-23 10:57:29 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-06-23 10:57:27 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-06-23 10:57:27 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-06-23 10:57:27 ----A---- C:\WINDOWS\system32\advpack.dll
2008-06-23 03:20:25 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-06-20 23:23:54 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-06-20 11:41:10 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:41:10 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-03-27 02:12:54 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-03-24 22:50:58 ----A---- C:\WINDOWS\system32\msxbde40.dll
2008-03-24 22:50:58 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-03-24 22:50:57 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-03-24 22:50:55 ----A---- C:\WINDOWS\system32\mstext40.dll
2008-03-24 22:50:52 ----A---- C:\WINDOWS\system32\msrepl40.dll
2008-03-24 22:50:49 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-03-24 22:50:47 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-03-24 22:50:45 ----A---- C:\WINDOWS\system32\mspbde40.dll
2008-03-24 22:50:44 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-03-24 22:50:42 ----A---- C:\WINDOWS\system32\msjtes40.dll
2008-03-24 22:50:42 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-03-24 22:50:40 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2008-03-24 22:50:34 ----A---- C:\WINDOWS\system32\msjet40.dll
2008-03-24 22:50:30 ----A---- C:\WINDOWS\system32\msexcl40.dll
2008-03-24 22:50:28 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-02-26 05:59:50 ----A---- C:\WINDOWS\system32\msctf.dll
2008-02-13 12:03:48 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2007-12-20 08:10:14 ----A---- C:\WINDOWS\system32\msvcr71.dll
2007-12-20 08:10:14 ----A---- C:\WINDOWS\system32\msvcp71.dll
2007-12-06 20:21:48 ----A---- C:\WINDOWS\system32\url(2).dll
2007-12-04 12:38:13 ----A---- C:\WINDOWS\system32\oleaut32.dll
2007-12-04 12:38:13 ----A---- C:\WINDOWS\system32\oleaut32(2).dll
2007-11-07 03:26:56 ----A---- C:\WINDOWS\system32\lsasrv.dll
2007-10-10 17:56:00 ----A---- C:\WINDOWS\system32\webcheck(2).dll
2007-10-10 17:55:59 ----A---- C:\WINDOWS\system32\url(3).dll
2007-10-10 17:55:58 ----A---- C:\WINDOWS\system32\mshtmled(2).dll
2007-10-10 17:55:51 ----A---- C:\WINDOWS\system32\advpack(2).dll
2007-06-26 00:08:16 ----A---- C:\WINDOWS\system32\msxml3.dll
2007-06-19 07:31:19 ----A---- C:\WINDOWS\system32\gdi32.dll
2007-06-13 04:23:07 ----A---- C:\WINDOWS\explorer.exe
2007-05-10 19:01:29 ----A---- C:\WINDOWS\win.ini
2007-04-25 08:21:15 ----A---- C:\WINDOWS\system32\schannel.dll
2007-04-18 10:12:23 ----A---- C:\WINDOWS\system32\msi.dll
2007-04-16 09:52:53 ----A---- C:\WINDOWS\system32\kernel32.dll
2007-03-17 07:43:01 ----A---- C:\WINDOWS\system32\winsrv.dll
2007-03-08 09:36:28 ----A---- C:\WINDOWS\system32\user32.dll
2007-02-28 03:10:57 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 02:38:55 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-05 14:17:02 ----A---- C:\WINDOWS\system32\upnphost.dll
2007-01-08 19:01:14 ----A---- C:\WINDOWS\system32\corpol.dll
2006-12-19 12:16:47 ----A---- C:\WINDOWS\system32\wiaservc.dll
2006-11-27 08:54:06 ----A---- C:\WINDOWS\system32\riched20.dll
2006-11-27 08:54:06 ----A---- C:\WINDOWS\system32\msftedit.dll
2006-11-07 21:03:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03:36 ----A---- C:\WINDOWS\system32\msls31.dll
2006-11-07 21:03:36 ----A---- C:\WINDOWS\system32\iepeers.dll
2006-11-07 03:26:44 ----A---- C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26:42 ----A---- C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26:24 ----AC---- C:\WINDOWS\system32\inseng.dll
2006-11-01 13:17:45 ----A---- C:\WINDOWS\system32\mfc40u.dll
2006-10-23 09:34:22 ----A---- C:\WINDOWS\system32\shdocvw.dll
2006-10-23 09:34:20 ----A---- C:\WINDOWS\system32\danim.dll
2006-10-23 09:34:19 ----A---- C:\WINDOWS\system32\cdfview.dll
2006-10-23 09:34:19 ----A---- C:\WINDOWS\system32\browseui.dll
2006-10-17 12:05:10 ----A---- C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:00:00 ----A---- C:\WINDOWS\system32\jscript.dll
2006-10-17 11:57:58 ----A---- C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:56:10 ----A---- C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28:56 ----A---- C:\WINDOWS\system32\mshtmler.dll
2006-10-16 10:15:00 ----A---- C:\WINDOWS\system32\oledlg.dll
2006-10-14 02:13:25 ----A---- C:\WINDOWS\system32\mfc42u.dll
2006-10-13 06:35:12 ----A---- C:\WINDOWS\system32\nwprovau.dll
2006-09-27 15:53:23 ----A---- C:\WINDOWS\system32\VXBLOCK.dll
2006-09-27 15:53:23 ----A---- C:\WINDOWS\system32\pxwave.dll
2006-09-27 15:53:22 ----A---- C:\WINDOWS\system32\pxmas.dll
2006-09-27 15:53:22 ----A---- C:\WINDOWS\system32\pxdrv.dll
2006-09-27 15:53:22 ----A---- C:\WINDOWS\system32\px.dll
2006-08-25 09:45:58 ----A---- C:\WINDOWS\system32\comctl32.dll
2006-08-22 04:05:26 ----A---- C:\WINDOWS\system32\dxmasf.dll
2006-08-21 09:52:08 ----A---- C:\WINDOWS\system32\strmdll.dll
2006-08-17 06:28:27 ----A---- C:\WINDOWS\system32\wkssvc.dll
2006-08-16 05:58:05 ----A---- C:\WINDOWS\system32\6to4svc.dll
2006-07-10 13:23:04 ----RASH---- C:\NTDETECT.COM
2006-06-26 11:37:10 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2006-06-21 23:06:30 ----A---- C:\WINDOWS\system32\query.dll
2006-06-21 23:06:29 ----A---- C:\WINDOWS\system32\ciodm.dll
2006-05-26 21:19:50 ----A---- C:\WINDOWS\system32\JGDW400.DLL
2006-05-19 06:59:41 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 06:59:41 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2006-04-06 15:15:48 ----A---- C:\WINDOWS\system32\JGPL400.DLL
2006-03-23 22:37:50 ----A---- C:\WINDOWS\system32\wdigest.dll
2005-10-17 15:14:46 ----A---- C:\WINDOWS\system32\t2embed.dll
2005-10-17 15:14:45 ----A---- C:\WINDOWS\system32\fontsub.dll
2005-09-09 19:53:41 ----A---- C:\WINDOWS\system32\cdosys.dll
2005-08-31 19:41:53 ----A---- C:\WINDOWS\system32\linkinfo.dll
2005-07-25 22:39:49 ----A---- C:\WINDOWS\system32\txflog.dll
2005-07-25 22:39:49 ----A---- C:\WINDOWS\system32\olecnv32.dll
2005-06-28 19:46:00 ----A---- C:\WINDOWS\system32\icm32.dll
2005-05-26 20:04:27 ----A---- C:\WINDOWS\system32\itss.dll
2005-05-26 20:04:27 ----A---- C:\WINDOWS\system32\itircl.dll
2005-05-26 20:04:27 ----A---- C:\WINDOWS\system32\hhsetup.dll
2005-05-26 17:22:01 ----A---- C:\WINDOWS\hh.exe
2005-05-26 03:16:24 ----A---- C:\WINDOWS\system32\iuengine.dll
2005-05-10 17:45:48 ----A---- C:\WINDOWS\system32\telnet.exe
2005-05-04 13:45:36 ----A---- C:\WINDOWS\system32\msisip.dll
2005-05-04 13:45:36 ----A---- C:\WINDOWS\system32\msimsg.dll
2005-05-04 13:45:36 ----A---- C:\WINDOWS\system32\msihnd.dll
2005-05-04 13:45:36 ----A---- C:\WINDOWS\system32\msiexec.exe
2004-12-07 13:32:34 ----A---- C:\WINDOWS\system32\srvsvc.dll
2004-09-22 18:46:26 ----A---- C:\WINDOWS\system32\wmpui.dll
2004-09-22 18:46:22 ----A---- C:\WINDOWS\system32\wmploc.dll
2004-09-22 18:46:20 ----A---- C:\WINDOWS\system32\wmpcore.dll
2004-08-04 02:02:44 ----A---- C:\WINDOWS\system32\netsetup.exe
2004-08-04 02:01:07 ----A---- C:\WINDOWS\system32\tsddd.dll
2004-08-04 02:01:07 ----A---- C:\WINDOWS\system32\rdpdd.dll
2004-08-04 01:56:57 ----A---- C:\WINDOWS\winhlp32.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\xcopy.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\wscript.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\wpabaln.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\winver.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\winlogon.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\wextract.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\vssvc.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\utilman.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\userinit.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\ups.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\upnpcont.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\tracert.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\tourstart.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\taskmgr.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\svchost.exe
2004-08-04 01:56:57 ----A---- C:\WINDOWS\system32\stimon.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\smss.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\skeys.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\sigverif.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\shutdown.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\shrpubw.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\shmgrate.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\setup.exe
2004-08-04 01:56:56 ----A---- C:\WINDOWS\system32\sethc.exe
2004-08-04 01:56:55 ----AC---- C:\WINDOWS\system32\reg.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\services.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\sdbinst.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\scardsvr.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\savedump.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\runonce.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\rundll32.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\rtcshare.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\rsh.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\rexec.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\regsvr32.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\rcp.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\rcimlby.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\rasphone.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\proquota.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\progman.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\ping.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\perfmon.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\packager.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\system32\osk.exe
2004-08-04 01:56:55 ----A---- C:\WINDOWS\regedit.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\odbcconf.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\odbcad32.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\ntvdm.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\nslookup.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\notepad.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\netstat.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\netsh.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\netdde.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\net1.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\net.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\nddeapir.exe
2004-08-04 01:56:54 ----A---- C:\WINDOWS\system32\narrator.exe
2004-08-04 01:56:51 ----A---- C:\WINDOWS\system32\mobsync.exe
2004-08-04 01:56:51 ----A---- C:\WINDOWS\system32\mmc.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\makecab.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\magnify.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\lsass.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\logonui.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\locator.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\ipxroute.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\ipv6.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\ipconfig.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\imapi.exe
2004-08-04 01:56:50 ----A---- C:\WINDOWS\system32\iexpress.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\grpconv.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\ftp.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\fontview.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\findstr.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\extrac32.exe
2004-08-04 01:56:49 ----A---- C:\WINDOWS\system32\eudcedit.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dwwin.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dumprep.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dmremote.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dmadmin.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dllhost.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\diskpart.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\diantz.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\defrag.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\ddeshare.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\ctfmon.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\csrss.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\cscript.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\conime.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\cmstp.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\cmmon32.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\cmdl32.exe
2004-08-04 01:56:48 ----A---- C:\WINDOWS\system32\cmd.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\clipsrv.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\cliconfg.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\cisvc.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\autolfn.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\autofmt.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\autoconv.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\autochk.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\atmadm.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\at.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\alg.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\ahui.exe
2004-08-04 01:56:47 ----A---- C:\WINDOWS\system32\actmovie.exe
2004-08-04 01:56:46 ----AC---- C:\WINDOWS\system32\wzcdlg.dll
2004-08-04 01:56:46 ----AC---- C:\WINDOWS\system32\upnpui.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\twain_32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\zipfldr.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\xactsrv.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wsock32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wshrm.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wship6.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wshext.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wshcon.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\ws2help.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\ws2_32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wow32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wmstream.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wmpcd.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wlnotify.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wldap32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wintrust.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\winsta.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\winscard.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\winrnr.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\winmm.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\win32spl.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wiavideo.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wiashext.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wiascr.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wiadss.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\wiadefui.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\webvw.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\w32time.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\vssapi.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\version.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\vdmredir.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\vbajet32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\uxtheme.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\usp10.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\userenv.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\usbmon.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\upnp.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\untfs.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\uniplat.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\unimdmat.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\umandlg.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\ulib.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\udhisapi.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\trkwks.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\themeui.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\termmgr.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\tcpmon.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\tcpmib.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\tapi32.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\tapi3.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\syssetup.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\syncui.dll
2004-08-04 01:56:46 ----A---- C:\WINDOWS\system32\synceng.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\stobject.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\sti_ci.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\sti.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\spoolss.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\snmpapi.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\slbiop.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\slayerxp.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\sigtab.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\shscrap.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\shmedia.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\shimgvw.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\shimeng.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\shgina.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\shfolder.dll
2004-08-04 01:56:45 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\photowiz.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\opengl32.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\odexl32.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\oddbse32.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\odbcjt32.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\odbccp32.dll
2004-08-04 01:56:44 ----AC---- C:\WINDOWS\system32\msxml.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sfc_os.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sfc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sensapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sens.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sendmail.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\security.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\secur32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\seclogon.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\scrrun.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\scrobj.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\scesrv.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\scecli.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sccsccp.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\scarddlg.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sbeio.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\sbe.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\samsrv.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\samlib.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rtutils.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rsmps.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rshx32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\resutils.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\regwizc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\regsvc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\regapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rastls.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rastapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rassapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rasppp.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rasman.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rasdlg.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\raschap.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rasauto.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\rasapi32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\pstorec.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\psbase.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\psapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\profmap.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\printui.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\powrprof.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\pjlmon.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\pid.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\perfproc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\perfos.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\perfdisk.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\perfctrs.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\pdh.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\pautoenr.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\osuninst.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\olepro32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\oleprn.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\offfilt.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odtext32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odpdx32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odfox32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odbctrac.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odbccu32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odbccr32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odbcconf.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\odbc32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\objsel.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntshrui.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntprint.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntmarta.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntlanman.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\npptools.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\nlhtml.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\newdev.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netui1.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netui0.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netshell.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netrap.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netplwiz.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netlogon.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netid.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\netcfgx.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\nddenb32.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\nddeapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\mydocs.dll
2004-08-04 01:56:44 ----A---- C:\WINDOWS\system32\msxml2.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msw3prt.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msvfw32.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msvcrt.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msvcp60.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msvcirt.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msv1_0.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msutb.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\mssap.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msrle32.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\mspatcha.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msorcl32.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msnsspc.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\mslbui.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msimtf.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msimg32.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msieftp.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msidle.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msident.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msgsvc.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msgina.dll
2004-08-04 01:56:43 ----A---- C:\WINDOWS\system32\msdart.dll
2004-08-04 01:56:42 ----AC---- C:\WINDOWS\system32\mobsync.dll
2004-08-04 01:56:42 ----AC---- C:\WINDOWS\system32\glu32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\msctfp.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\msasn1.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\msapsspc.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\msacm32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mprapi.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mpr.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\modemui.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mmcshext.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mmcbase.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mlang.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\miglibnt.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\midimap.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mfc42.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mdminst.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mciwave.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mciseq.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mciavi32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\mcastmib.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\lprhelp.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\lpk.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\localui.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\localspl.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\localsec.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\loadperf.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\lmrt.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\keymgr.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ixsso.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ir50_32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ippromon.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\input.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\initpki.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\inetppui.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\inetpp.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\inetmib1.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\imm32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\imeshare.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\imagehlp.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ifmon.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\idq.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\iccvid.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\iasrad.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\htui.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\hotplug.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\hid.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\hccoin.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\fontext.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\filemgmt.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\feclient.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\faultrep.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\expsrv.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\eventlog.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ersvc.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\encdec.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\els.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\duser.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dsuiext.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dssec.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dsquery.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dsprop.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dskquota.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\ds32gt.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\drprov.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\docprop2.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dmutil.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dmserver.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dinput8.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dinput.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\digest.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dgnet.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dfrgui.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\devmgr.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dciman32.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dbghelp.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\davclnt.dll
2004-08-04 01:56:42 ----A---- C:\WINDOWS\system32\dataclen.dll
2004-08-04 01:56:41 ----AC---- C:\WINDOWS\system32\atmlib.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\csrsrv.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cscui.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cryptui.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cryptnet.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cryptext.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cryptdll.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\crypt32.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\credui.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\comres.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\compstui.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\compatui.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\comdlg32.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cmutil.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cmdial32.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\clusapi.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cliconfg.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\certmgr.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\certcli.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\camocx.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cabview.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\cabinet.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\browsewm.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\browser.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\bidispl.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\batmeter.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\basesrv.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\avifil32.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\audiosrv.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\atl.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\asycfilt.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\apphelp.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\alrsvc.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\advapi32.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\adsnt.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\adsmsext.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\adsldpc.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\adsldp.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\actxprxy.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\activeds.dll
2004-08-04 01:56:41 ----A---- C:\WINDOWS\system32\aclui.dll
2004-08-04 01:56:36 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2004-08-04 01:56:36 ----A---- C:\WINDOWS\system32\ntdll.dll
2004-08-04 01:56:35 ----A---- C:\WINDOWS\system32\wmi.dll
2004-08-04 01:56:35 ----A---- C:\WINDOWS\system32\winntbbu.dll
2004-08-04 01:56:35 ----A---- C:\WINDOWS\system32\winbrand.dll
2004-08-04 01:56:27 ----A---- C:\WINDOWS\system32\shdoclc.dll
2004-08-04 01:56:22 ----AC---- C:\WINDOWS\system32\odbcji32.dll
2004-08-04 01:56:22 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2004-08-04 01:56:22 ----A---- C:\WINDOWS\system32\odbcint.dll
2004-08-04 01:56:18 ----A---- C:\WINDOWS\system32\msprivs.dll
2004-08-04 01:56:18 ----A---- C:\WINDOWS\system32\msorc32r.dll
2004-08-04 01:56:13 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2004-08-04 01:56:12 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2004-08-04 01:56:12 ----A---- C:\WINDOWS\system32\msafd.dll
2004-08-04 01:56:11 ----A---- C:\WINDOWS\system32\moricons.dll
2004-08-04 01:56:07 ----A---- C:\WINDOWS\system32\icmp.dll
2004-08-04 01:56:07 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2004-08-04 01:56:06 ----A---- C:\WINDOWS\system32\framebuf.dll
2004-08-04 01:56:04 ----A---- C:\WINDOWS\system32\dsprpres.dll
2004-08-04 01:56:00 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2004-08-04 01:55:59 ----A---- C:\WINDOWS\system32\browselc.dll
2004-08-04 01:55:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2004-08-04 00:13:53 ----A---- C:\WINDOWS\system32\dpcdll.dll
2004-08-04 00:04:41 ----A---- C:\WINDOWS\system32\pidgen.dll
2004-08-03 23:59:23 ----A---- C:\WINDOWS\system32\kd1394.dll
2004-08-03 23:59:09 ----A---- C:\WINDOWS\system32\HAL.DLL
2004-08-03 23:58:25 ----AC---- C:\WINDOWS\system32\msvcrt40.dll
2004-08-03 23:56:46 ----A---- C:\WINDOWS\system32\setupapi.dll
2004-08-03 23:56:44 ----A---- C:\WINDOWS\system32\licdll.dll
2004-08-03 23:51:21 ----A---- C:\WINDOWS\system32\dosx.exe
2004-08-03 23:51:11 ----A---- C:\WINDOWS\system32\mmsystem.dll
2004-08-03 23:49:32 ----A---- C:\WINDOWS\system32\krnl386.exe
2004-08-03 23:48:44 ----A---- C:\WINDOWS\system32\redir.exe
2004-08-03 23:31:43 ----A---- C:\WINDOWS\system32\slbcsp.dll
2004-08-03 23:31:43 ----A---- C:\WINDOWS\system32\rsaenh.dll
2004-08-03 23:31:43 ----A---- C:\WINDOWS\system32\dssenh.dll
2004-07-17 12:46:13 ----A---- C:\WINDOWS\system32\tcpmon.ini
2004-07-17 12:39:14 ----A---- C:\WINDOWS\system32\xenroll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-03-02 109608]
R1 npapimon;npapimon; C:\WINDOWS\system32\drivers\npapimon.sys [2003-07-14 21621]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssdiagn;ssdiagn; C:\WINDOWS\system32\drivers\ssdiagn.sys [2003-07-14 10900]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2003-07-16 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2003-07-16 55936]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-06-25 71496]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-06-25 34184]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-02-06 171400]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-17 1330172]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-06-25 32008]
S3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-06-25 37480]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-02 138680]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-02-13 540776]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-01-16 362064]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2007-03-08 256096]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-06-25 144960]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-06-19 841256]
R2 NNSvc;NNSvc; C:\Program Files\Net Nanny\nnsvc.exe [2002-09-24 241724]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-17 73728]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-15 66872]
R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-09-08 345376]
R2 Winferno Subscription Service;Winferno Subscription Service; C:\Program Files\Common Files\Winferno\WSS\WSS.exe [2007-09-07 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S2 0018881221704057mcinstcleanup;McAfee Application Installer Cleanup (0018881221704057); C:\WINDOWS\TEMP\001888~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2007-10-05 341328]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-07 658432]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-14 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-01-25 643664]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe []

-----------------EOF-----------------

and here is the info.txt file

info.txt logfile of random's system information tool 1.02 2003-11-05 23:10:31

======Uninstall list======

-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A+ Spanish-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{496D6EC6-2617-45CE-BBFF-211025C94A39}\setup.exe"
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Abexo Free Registry Cleaner-->C:\Program Files\Abexo\afrc\uninst.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Creative Mass Storage Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Dell AIO Printer A920-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Encarta Encyclopedia Standard 2003-->MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Money 2003 System Pack-->MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Money 2003-->MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Net Nanny 5 (Remove Only)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51945E07-120D-4E78-A368-C4C8D5042D21}\Setup.exe" -l0x9 UNINSTALL
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
PC Doc Pro-->"C:\Program Files\PC Doc Pro\unins000.exe"
Piolet 1.9.9-->C:\Program Files\Piolet\uninstall.exe
Piolet Toolbar-->"C:\WINDOWS\Piolet_Toolbar_Uninstaller_1234.exe" _?=C:\Program Files\Piolet Toolbar
Plaxo Toolbar for Outlook (with AIM Enhancements)-->C:\Program Files\Plaxo\2.12.1.1\uninstall.exe
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SnapZip 2008-->"C:\Program Files\Winferno\SnapZip\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winferno Registry Power Cleaner-->"C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
Winferno Registry Power Cleaner-->"C:\Program Files\Winferno\RegistryPowerCleaner\unins001.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox-->"C:\Program Files\Yahoo!\Yahoo! Music Engine\Uninstall.exe"
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

======Hosts File======

127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:51 PM

Posted 22 September 2008 - 02:41 PM

Hi Gilthantis,


I am trying to fix this computer which had about 400+ infected files. At first it would only load for a few minutes before freezing up and saying that McAfee had found a Vundo infection. I ram Mbam and I believe it has removed and fixed all infected files,



Is this your computer? Are you the only user? Are you fixing it for a client?

I can see you ran ComboFix by youself. :thumbsup:
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
 It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read  Combofix's Disclaimer.

Edited by SifuMike, 22 September 2008 - 03:08 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Gilthantis

Gilthantis
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 September 2008 - 09:06 PM

Hi SifuMike,

No, this is not my computer. I am trying to fix it for my father-in-law. I figured the root of the problem was from his son DLing using limewire and I told him that he needs to stop or his problems will continue.

I apologize for using combofix w/o instruction. I like to think I am more computer savvy than I am sometimes, hope I didn't mess anything up or make it more difficult for you to help?

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:51 PM

Posted 22 September 2008 - 11:12 PM

Hello Gilthantis,


I dislike working on logs where the user has run malware removal tools, as they usaully make the problem worse. :thumbsup:
We recently had a user run ComboFix himself (he thinks of himself as an "experienced" computer user) and now he cannot get his computer to run correctly and wants us to fix it.
ComboFix is not a toy and should only be run under supervision of a malware expert.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6u7-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
The following is referring to Winferno Registry Power Cleaner and Abexo Free Registry Cleaner.

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.



You have a suspicious file we need to check.

You will need to see hidden files, so follow these directions:
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\Program Files\Common Files\Winferno\WSS\WSS.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Perform the same for next files:
C:\WINDOWS\system32\gaqnyiwn.exe
C:\WINDOWS\system32\wroidqny.ini
C:\WINDOWS\system32\drfvhkrk.exe
C:\WINDOWS\system32\neminyjc.dll
C:\WINDOWS\system32\gfhdjgjc.ini
C:\WINDOWS\system32\asjnftmo.exe
C:\WINDOWS\system32\nlqjkqot.dll
C:\WINDOWS\system32\iaxelsvt.ini


Once scanned, copy and paste the results also in your next reply.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

Edited by SifuMike, 22 September 2008 - 11:19 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Gilthantis

Gilthantis
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 23 September 2008 - 10:59 AM

I tried to remove most of the anti virus programs that were installed on here and only DL'd the ones that you guys have recommended. I removed the Uniblue Registry Booster a few weeks ago, and there is continually a pop up that say
Error

Fail to Read from dependant file. This application will close now!

when I try to close this I just get another pop up.

Anyway that was just a side note here are the results you requested



File WSS.exe received on 05.05.2008 17:16:27 (CET)
Current status: finished
Result: 1/32 (3.12%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: c8d20be0c9ba1e8df67fcd0120123967
SHA1: afab15580a553121323a31e67a4811d0a0922b09
SHA256: 171dd4d62d54cdf3a1b788a8dd1c1b9ac3ec29556e630e3f20efeca4f13750f0
SHA512: 0c24c83969b01a5652afacd5aa1b412bbb83743d11b7242464011dcfe8c894240cfc5860c9c79d60bfbd8fc1af16ee88d08dbf77469fa5f6a1caa239623235d9




File gaqnyiwn.exe received on 09.23.2008 17:26:09 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 25/36 (69.45%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 43 and 61 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 TR/PrivacySet.A
Authentium 5.1.0.4 2008.09.23 W32/Trojan2.ASOZ
Avast 4.8.1195.0 2008.09.22 Win32:PrivacySet
AVG 8.0.0.161 2008.09.23 Generic10.UDV
BitDefender 7.2 2008.09.23 Trojan.PrivacySet.A
CAT-QuickHeal 9.50 2008.09.23 Trojan.PrivacySet.a
ClamAV 0.93.1 2008.09.23 -
DrWeb 4.44.0.09170 2008.09.23 Trojan.LowZones.882
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 Win32/SecDrop.QW
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 W32/Trojan2.ASOZ
F-Secure 8.0.14332.0 2008.09.23 Trojan.Win32.Agent.zae
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 Trojan.PrivacySet.A
Ikarus T3.1.1.34.0 2008.09.23 -
K7AntiVirus 7.10.469 2008.09.23 Trojan.Win32.Small.EGXV
Kaspersky 7.0.0.125 2008.09.23 Trojan.Win32.Agent.zae
McAfee 5389 2008.09.22 -
Microsoft 1.3903 2008.09.23 Trojan:Win32/Lowzones.DM
NOD32v2 3465 2008.09.23 Win32/PrivacySet.A
Norman 5.80.02 2008.09.19 W32/Smalltroj.EGXV
Panda 9.0.0.4 2008.09.22 Trj/Agent.ITR
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.23 Malicious Software
Rising 20.63.12.00 2008.09.23 Trojan.Win32.Small.emk
Sophos 4.33.0 2008.09.23 Troj/PrivZone-A
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 Trojan.LowZones
TheHacker 6.3.0.9.091 2008.09.23 Trojan/Agent.uuv
TrendMicro 8.700.0.1004 2008.09.23 TROJ_LOWZONE.AC
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 Trojan.Win32.Agent.2112.B
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 Trojan.PrivacySet.A
Additional information
File size: 2112 bytes
MD5...: 4cd730af306fa02afecb46efc52321a4
SHA1..: 7244908417eed8fad186ca23fe06ca6a731823b4
SHA256: 78660ac04f6e6c534f5c7af41f1612dcbce0c2d587446a4d1ab4f9aee3f3c8ba
SHA512: 189005b3577c02bb800e39408863d7814ff102da11d74e8a19214c550c526812
93f930a35c9e9427527a518b70e90eaa1bf0b0092783f4a02c573bfc27cf3d4e
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4003bc
timedatestamp.....: 0x481efb0f (Mon May 05 12:18:23 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x100 0x100 5.61 a41be52b475dfb013265b8b57025f995
.rdata 0x400 0x56 0x100 1.94 68d8c02b103700290ea8f3edd062f675
INIT 0x500 0x8e 0x100 2.56 0ea0b8b784d0ab9865f99165ef5808a7
.rsrc 0x600 0xb0 0x100 4.51 f69dace89ec47d43460b9c59b53ac76f
.reloc 0x700 0x20 0x100 0.47 919c4ebdb9f32d2f76bfdc55608301be

( 1 imports )
> KERNEL32.dll: LoadLibraryA, GetProcAddress, ExitProcess, GetModuleHandleA

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp...78BBA00B79BCD14



File wroidqny.ini received on 09.23.2008 17:46:12 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/36 (2.78%)
Loading server information...
Your file is queued in position: 7.
Estimated start time is between 70 and 100 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.22 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.23 -
CAT-QuickHeal 9.50 2008.09.23 -
ClamAV 0.93.1 2008.09.23 -
DrWeb 4.44.0.09170 2008.09.23 -
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 -
F-Secure 8.0.14332.0 2008.09.23 Vundo.gen197
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 -
Ikarus T3.1.1.34.0 2008.09.23 -
K7AntiVirus 7.10.469 2008.09.23 -
Kaspersky 7.0.0.125 2008.09.23 -
McAfee 5389 2008.09.22 -
Microsoft 1.3903 2008.09.23 -
NOD32v2 3465 2008.09.23 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.22 -
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.23 -
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.23 -
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 -
TheHacker 6.3.0.9.091 2008.09.23 -
TrendMicro 8.700.0.1004 2008.09.23 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 -
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 -
Additional information
File size: 981936 bytes
MD5...: 9e6e9e5a724b9a74aa07861581b1edb7
SHA1..: 1604c66a43836f8fe0660fe4c5f61f8a923307bf
SHA256: f673d0e7954b91cd822d33860797ba7b011f528dce3752210e7efe1629e70b63
SHA512: a4741c0df4bec99ad43a8d7700ae763b66027644d585f309ee1108fc01beb649
b0849653e3307c57e3c6031cd9b8b861fe38319c0b6e3f9d943d6baee8ed8c53
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -



File drfvhkrk.exe received on 09.23.2008 17:46:24 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 25/36 (69.45%)
Loading server information...
Your file is queued in position: 17.
Estimated start time is between 85 and 121 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 TR/PrivacySet.A
Authentium 5.1.0.4 2008.09.23 W32/Trojan2.ASOZ
Avast 4.8.1195.0 2008.09.22 Win32:PrivacySet
AVG 8.0.0.161 2008.09.23 Generic10.UDV
BitDefender 7.2 2008.09.23 Trojan.PrivacySet.A
CAT-QuickHeal 9.50 2008.09.23 Trojan.PrivacySet.a
ClamAV 0.93.1 2008.09.23 -
DrWeb 4.44.0.09170 2008.09.23 Trojan.LowZones.882
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 Win32/SecDrop.QW
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 W32/Trojan2.ASOZ
F-Secure 8.0.14332.0 2008.09.23 Trojan.Win32.Agent.zae
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 Trojan.PrivacySet.A
Ikarus T3.1.1.34.0 2008.09.23 -
K7AntiVirus 7.10.469 2008.09.23 Trojan.Win32.Small.EGXV
Kaspersky 7.0.0.125 2008.09.23 Trojan.Win32.Agent.zae
McAfee 5389 2008.09.22 -
Microsoft 1.3903 2008.09.23 Trojan:Win32/Lowzones.DM
NOD32v2 3465 2008.09.23 Win32/PrivacySet.A
Norman 5.80.02 2008.09.19 W32/Smalltroj.EGXV
Panda 9.0.0.4 2008.09.22 Trj/Agent.ITR
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.23 Malicious Software
Rising 20.63.12.00 2008.09.23 Trojan.Win32.Small.emk
Sophos 4.33.0 2008.09.23 Troj/PrivZone-A
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 Trojan.LowZones
TheHacker 6.3.0.9.091 2008.09.23 Trojan/Agent.uuv
TrendMicro 8.700.0.1004 2008.09.23 TROJ_LOWZONE.AC
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 Trojan.Win32.Agent.2112.B
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 Trojan.PrivacySet.A
Additional information
File size: 2112 bytes
MD5...: 4cd730af306fa02afecb46efc52321a4
SHA1..: 7244908417eed8fad186ca23fe06ca6a731823b4
SHA256: 78660ac04f6e6c534f5c7af41f1612dcbce0c2d587446a4d1ab4f9aee3f3c8ba
SHA512: 189005b3577c02bb800e39408863d7814ff102da11d74e8a19214c550c526812
93f930a35c9e9427527a518b70e90eaa1bf0b0092783f4a02c573bfc27cf3d4e
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4003bc
timedatestamp.....: 0x481efb0f (Mon May 05 12:18:23 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x100 0x100 5.61 a41be52b475dfb013265b8b57025f995
.rdata 0x400 0x56 0x100 1.94 68d8c02b103700290ea8f3edd062f675
INIT 0x500 0x8e 0x100 2.56 0ea0b8b784d0ab9865f99165ef5808a7
.rsrc 0x600 0xb0 0x100 4.51 f69dace89ec47d43460b9c59b53ac76f
.reloc 0x700 0x20 0x100 0.47 919c4ebdb9f32d2f76bfdc55608301be

( 1 imports )
> KERNEL32.dll: LoadLibraryA, GetProcAddress, ExitProcess, GetModuleHandleA

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp...78BBA00B79BCD14



File neminyjc.dll received on 09.23.2008 17:47:47 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 30/34 (88.24%)
Loading server information...
Your file is queued in position: 19.
Estimated start time is between 95 and 135 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 Win-Trojan/Virtumod.104512
AntiVir 7.8.1.34 2008.09.23 TR/Monder.104512
Authentium 5.1.0.4 2008.09.23 W32/Virtumonde!Generic
Avast 4.8.1195.0 2008.09.22 Win32:Monder-EX
AVG 8.0.0.161 2008.09.23 Vundo.N
BitDefender 7.2 2008.09.23 Trojan.Vundo.EKJ
CAT-QuickHeal 9.50 2008.09.23 Trojan.Monder.gen
ClamAV 0.93.1 2008.09.23 Trojan.Vundo-2909
DrWeb 4.44.0.09170 2008.09.23 Trojan.Virtumod.based.12
eSafe 7.0.17.0 2008.09.23 Suspicious File
eTrust-Vet 31.6.6101 2008.09.23 Win32/Vundo!generic
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 W32/Virtumonde.O2.gen!Eldorado
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 Trojan.Vundo.EKJ
Ikarus T3.1.1.34.0 2008.09.23 Win32.Rigel.6468
K7AntiVirus 7.10.469 2008.09.23 Trojan.Win32.Vundo.EKJ
Kaspersky 7.0.0.125 2008.09.23 Trojan.Win32.Monder.gen
McAfee 5389 2008.09.22 Vundo.gen.c
Microsoft 1.3903 2008.09.23 Trojan:Win32/Vundo.FAR
NOD32v2 3465 2008.09.23 Win32/Adware.AdMedia
Norman 5.80.02 2008.09.19 Vundo.gen165
Panda 9.0.0.4 2008.09.22 Trj/Proxy.BF
PCTools 4.4.2.0 2008.09.23 Adware.Vundo.Gen!Pac.21
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.23 Troj/Virtum-Gen
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 Trojan.Vundo.B
TheHacker 6.3.0.9.091 2008.09.23 Trojan/Monder.gen
TrendMicro 8.700.0.1004 2008.09.23 TROJ_VUNDO.BSJ
VBA32 3.12.8.5 2008.09.23 Trojan.Win32.Monder.gen
ViRobot 2008.9.23.1389 2008.09.23 Trojan.Win32.Monder.104512.C
VirusBuster 4.5.11.0 2008.09.23 Adware.Vundo.Gen!Pac.21
Webwasher-Gateway 6.6.2 2008.09.23 Trojan.Monder.104512
Additional information
File size: 104512 bytes
MD5...: dfcfe55b7553196c68b2400541fcf555
SHA1..: c2a4bbf69ecee747d7a7dbc2f317ede061e9b9c7
SHA256: bb36ba27a18931b453d37350b3c6183bfc5aa8ed71bcbf736979f0e592ea4b26
SHA512: 38a66a9be11f9e338b25f3c2fe319e690d587cceda8645e0020c3edc9b1ea1a4
4faf02a475ed7ce7ae41cdf1619f0311bb00036f33b16bab896ddff5be53cae4
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100076bf
timedatestamp.....: 0xaa152b01L (invalid)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a000 0x6a00 7.70 c688ed12e8b263b4089ed038ef53d44c
.data 0x1b000 0x12000 0x12000 7.99 c06d8faa45a97262f22567d73666363a
.rdata 0x2d000 0x1000 0x400 7.17 0d163c5c3bd3496afcfdf12537dfe3df
.idata 0x2e000 0x1000 0x600 3.40 0093bf1520c015c4bd162d2d32970f81

( 3 imports )
> user32.dll: ShowCursor, SetCursor, OemToCharA, GetMenu, GetFocus, FillRect, EnableWindow, DrawStateA, DrawIcon, DestroyMenu, DeleteMenu, CloseWindow, BeginPaint, wsprintfA
> kernel32.dll: GetCommandLineA, GetTimeFormatA, ExitThread, ExitProcess, MapViewOfFile, SetLastError, lstrcmpiA, lstrcpynA, LoadResource
> oleaut32.dll: GetErrorInfo, OleTranslateColor, RevokeActiveObject, SafeArrayAllocDescriptor, SafeArrayCreate, SafeArrayDestroy, SysFreeString, VarBstrCat, ClearCustData

( 0 exports )
packers (Kaspersky): PE_Patch


File gfhdjgjc.ini received on 09.23.2008 17:48:30 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/36 (2.78%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 45 and 64 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.22 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.23 -
CAT-QuickHeal 9.50 2008.09.23 -
ClamAV 0.93.1 2008.09.23 -
DrWeb 4.44.0.09170 2008.09.23 -
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 -
F-Secure 8.0.14332.0 2008.09.23 Vundo.gen197
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 -
Ikarus T3.1.1.34.0 2008.09.23 -
K7AntiVirus 7.10.469 2008.09.23 -
Kaspersky 7.0.0.125 2008.09.23 -
McAfee 5389 2008.09.22 -
Microsoft 1.3903 2008.09.23 -
NOD32v2 3465 2008.09.23 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.22 -
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.23 -
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.23 -
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 -
TheHacker 6.3.0.9.091 2008.09.23 -
TrendMicro 8.700.0.1004 2008.09.23 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 -
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 -
Additional information
File size: 981704 bytes
MD5...: 5a0c6595ebe80ec0d33f0dd3aa588744
SHA1..: 8ed505b1c305848c67ec92a529fa506999944f7b
SHA256: 1a9b19b5e6d388861dfda46bdd3e0b62c7f7111084937b5b3eebbde4b327b624
SHA512: 701e53af10c559b5e1e24c0f5a2749862dac37d459a364bd538eb2e27d07b40c
19d92f9d794c52b001aa534ce0d11fabb04c4518b6d06a8bc63259e6c049f06c
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -



File asjnftmo.exe received on 09.23.2008 17:48:48 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 25/36 (69.45%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 TR/PrivacySet.A
Authentium 5.1.0.4 2008.09.23 W32/Trojan2.ASOZ
Avast 4.8.1195.0 2008.09.22 Win32:PrivacySet
AVG 8.0.0.161 2008.09.23 Generic10.UDV
BitDefender 7.2 2008.09.23 Trojan.PrivacySet.A
CAT-QuickHeal 9.50 2008.09.23 Trojan.PrivacySet.a
ClamAV 0.93.1 2008.09.23 -
DrWeb 4.44.0.09170 2008.09.23 Trojan.LowZones.882
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 Win32/SecDrop.QW
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 W32/Trojan2.ASOZ
F-Secure 8.0.14332.0 2008.09.23 Trojan.Win32.Agent.zae
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 Trojan.PrivacySet.A
Ikarus T3.1.1.34.0 2008.09.23 -
K7AntiVirus 7.10.469 2008.09.23 Trojan.Win32.Small.EGXV
Kaspersky 7.0.0.125 2008.09.23 Trojan.Win32.Agent.zae
McAfee 5389 2008.09.22 -
Microsoft 1.3903 2008.09.23 Trojan:Win32/Lowzones.DM
NOD32v2 3465 2008.09.23 Win32/PrivacySet.A
Norman 5.80.02 2008.09.19 W32/Smalltroj.EGXV
Panda 9.0.0.4 2008.09.22 Trj/Agent.ITR
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.23 Malicious Software
Rising 20.63.12.00 2008.09.23 Trojan.Win32.Small.emk
Sophos 4.33.0 2008.09.23 Troj/PrivZone-A
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 Trojan.LowZones
TheHacker 6.3.0.9.091 2008.09.23 Trojan/Agent.uuv
TrendMicro 8.700.0.1004 2008.09.23 TROJ_LOWZONE.AC
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 Trojan.Win32.Agent.2112.B
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 Trojan.PrivacySet.A
Additional information
File size: 2112 bytes
MD5...: 4cd730af306fa02afecb46efc52321a4
SHA1..: 7244908417eed8fad186ca23fe06ca6a731823b4
SHA256: 78660ac04f6e6c534f5c7af41f1612dcbce0c2d587446a4d1ab4f9aee3f3c8ba
SHA512: 189005b3577c02bb800e39408863d7814ff102da11d74e8a19214c550c526812
93f930a35c9e9427527a518b70e90eaa1bf0b0092783f4a02c573bfc27cf3d4e
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4003bc
timedatestamp.....: 0x481efb0f (Mon May 05 12:18:23 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x100 0x100 5.61 a41be52b475dfb013265b8b57025f995
.rdata 0x400 0x56 0x100 1.94 68d8c02b103700290ea8f3edd062f675
INIT 0x500 0x8e 0x100 2.56 0ea0b8b784d0ab9865f99165ef5808a7
.rsrc 0x600 0xb0 0x100 4.51 f69dace89ec47d43460b9c59b53ac76f
.reloc 0x700 0x20 0x100 0.47 919c4ebdb9f32d2f76bfdc55608301be

( 1 imports )
> KERNEL32.dll: LoadLibraryA, GetProcAddress, ExitProcess, GetModuleHandleA

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp...78BBA00B79BCD14




File nlqjkqot.dll received on 09.23.2008 17:51:53 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 32/36 (88.89%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 Win-Trojan/Virtumod.104512
AntiVir 7.8.1.34 2008.09.23 TR/Monder.104512
Authentium 5.1.0.4 2008.09.23 W32/Virtumonde!Generic
Avast 4.8.1195.0 2008.09.22 Win32:Monder-EX
AVG 8.0.0.161 2008.09.23 Vundo.N
BitDefender 7.2 2008.09.23 Trojan.Vundo.EKJ
CAT-QuickHeal 9.50 2008.09.23 Trojan.Monder.gen
ClamAV 0.93.1 2008.09.23 Trojan.Vundo-2909
DrWeb 4.44.0.09170 2008.09.23 Trojan.Virtumod.based.12
eSafe 7.0.17.0 2008.09.23 Suspicious File
eTrust-Vet 31.6.6101 2008.09.23 Win32/Vundo!generic
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 W32/Virtumonde.O2.gen!Eldorado
F-Secure 8.0.14332.0 2008.09.23 Trojan.Win32.Monder.gen
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 Trojan.Vundo.EKJ
Ikarus T3.1.1.34.0 2008.09.23 Win32.Rigel.6468
K7AntiVirus 7.10.469 2008.09.23 Trojan.Win32.Vundo.EKJ
Kaspersky 7.0.0.125 2008.09.23 Trojan.Win32.Monder.gen
McAfee 5389 2008.09.22 Vundo.gen.c
Microsoft 1.3903 2008.09.23 Trojan:Win32/Vundo.FAR
NOD32v2 3465 2008.09.23 Win32/Adware.AdMedia
Norman 5.80.02 2008.09.19 Vundo.gen165
Panda 9.0.0.4 2008.09.22 Trj/Proxy.BF
PCTools 4.4.2.0 2008.09.23 Adware.Vundo.Gen!Pac.21
Prevx1 V2 2008.09.23 Fraudulent Security Program
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.23 Troj/Virtum-Gen
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 Trojan.Vundo.B
TheHacker 6.3.0.9.091 2008.09.23 Trojan/Monder.gen
TrendMicro 8.700.0.1004 2008.09.23 TROJ_VUNDO.BSJ
VBA32 3.12.8.5 2008.09.23 Trojan.Win32.Monder.gen
ViRobot 2008.9.23.1389 2008.09.23 Trojan.Win32.Monder.104512.C
VirusBuster 4.5.11.0 2008.09.23 Adware.Vundo.Gen!Pac.21
Webwasher-Gateway 6.6.2 2008.09.23 Trojan.Monder.104512
Additional information
File size: 104512 bytes
MD5...: dfcfe55b7553196c68b2400541fcf555
SHA1..: c2a4bbf69ecee747d7a7dbc2f317ede061e9b9c7
SHA256: bb36ba27a18931b453d37350b3c6183bfc5aa8ed71bcbf736979f0e592ea4b26
SHA512: 38a66a9be11f9e338b25f3c2fe319e690d587cceda8645e0020c3edc9b1ea1a4
4faf02a475ed7ce7ae41cdf1619f0311bb00036f33b16bab896ddff5be53cae4
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100076bf
timedatestamp.....: 0xaa152b01L (invalid)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1a000 0x6a00 7.70 c688ed12e8b263b4089ed038ef53d44c
.data 0x1b000 0x12000 0x12000 7.99 c06d8faa45a97262f22567d73666363a
.rdata 0x2d000 0x1000 0x400 7.17 0d163c5c3bd3496afcfdf12537dfe3df
.idata 0x2e000 0x1000 0x600 3.40 0093bf1520c015c4bd162d2d32970f81

( 3 imports )
> user32.dll: ShowCursor, SetCursor, OemToCharA, GetMenu, GetFocus, FillRect, EnableWindow, DrawStateA, DrawIcon, DestroyMenu, DeleteMenu, CloseWindow, BeginPaint, wsprintfA
> kernel32.dll: GetCommandLineA, GetTimeFormatA, ExitThread, ExitProcess, MapViewOfFile, SetLastError, lstrcmpiA, lstrcpynA, LoadResource
> oleaut32.dll: GetErrorInfo, OleTranslateColor, RevokeActiveObject, SafeArrayAllocDescriptor, SafeArrayCreate, SafeArrayDestroy, SysFreeString, VarBstrCat, ClearCustData

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp...C9CB7002092D19C
packers (Kaspersky): PE_Patch




File iaxelsvt.ini received on 09.23.2008 17:52:21 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/36 (2.78%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 45 and 64 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.23 -
AntiVir 7.8.1.34 2008.09.23 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.22 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.23 -
CAT-QuickHeal 9.50 2008.09.23 -
ClamAV 0.93.1 2008.09.23 -
DrWeb 4.44.0.09170 2008.09.23 -
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.22 -
F-Secure 8.0.14332.0 2008.09.23 Vundo.gen197
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.23 -
Ikarus T3.1.1.34.0 2008.09.23 -
K7AntiVirus 7.10.469 2008.09.23 -
Kaspersky 7.0.0.125 2008.09.23 -
McAfee 5389 2008.09.22 -
Microsoft 1.3903 2008.09.23 -
NOD32v2 3465 2008.09.23 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.22 -
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.23 -
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.23 -
Sunbelt 3.1.1662.1 2008.09.23 -
Symantec 10 2008.09.23 -
TheHacker 6.3.0.9.091 2008.09.23 -
TrendMicro 8.700.0.1004 2008.09.23 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 -
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 -
Additional information
File size: 981646 bytes
MD5...: e14b1c628de409000c86a09e7db62824
SHA1..: fd4711c14108186223cc5b77346b6ad40e2e090f
SHA256: f25d9a2d64f16f7dc4deab757215347ec552154677b9a7000b4f0b646968132c
SHA512: 1292b4096e7019fa2dccb3a5d3d4d0b60f4ee55a321a10d9e2d4f444a9539a4f
cb91eb0198ef45b535e9cf856386c0e90db4e53da10f3c61e3eb944a1cc05b3a
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:51 PM

Posted 23 September 2008 - 02:17 PM

Hi Gilthantis,

This computer is quite a mess! :thumbsup: More malware than I have seen in several months. :)



Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.


Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post.

If the file is too big to post, then you can upload it to me here. Let me know when you upload it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Gilthantis

Gilthantis
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 23 September 2008 - 04:21 PM

It fits :thumbsup:


OTScanIt logfile created on: 9/23/2008 5:15:23 PM
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Program Files\OYScanIt\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.98 Mb Total Physical Memory | 488.53 Mb Available Physical Memory | 47.76% Memory free
1.28 Gb Paging File | 0.79 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 26.38 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive D: | 163.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 3.68 Gb Total Space | 1.93 Gb Free Space | 52.46% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILCOX_FAMILY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
nnsvc.exe -> %ProgramFiles%\Net Nanny\NNSvc.exe -> Net Nanny Software International, Inc. [Ver = 5, 0, 2, 4 | Size = 241724 bytes | Modified Date = 9/24/2002 10:19:22 AM | Attr =	]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 8/15/2007 1:26:20 AM | Attr =	]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 9/8/2008 7:04:02 PM | Attr =	]
wss.exe -> %CommonProgramFiles%\Winferno\WSS\WSS.exe -> Capital Intellect Inc [Ver = 2007.4.0.1 | Size = 126976 bytes | Modified Date = 9/7/2007 10:00:46 AM | Attr =	]
piolet.exe -> %ProgramFiles%\Piolet\Piolet.exe -> MP2P Technologies. [Ver = 1.9.0.9 | Size = 5984256 bytes | Modified Date = 1/16/2008 8:02:54 AM | Attr =	]
nntray.exe -> %ProgramFiles%\Net Nanny\nntray.exe -> Net Nanny Software International, Inc. [Ver = 5, 0, 2, 4 | Size = 1630208 bytes | Modified Date = 9/24/2002 10:23:08 AM | Attr =	]
ctsyncu.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe ->  [Ver = 6.1.7.0 | Size = 700416 bytes | Modified Date = 8/7/2006 11:06:38 AM | Attr =	]
registrybooster.exe -> %ProgramFiles%\Uniblue\RegistryBooster2\RegistryBooster.exe -> Uniblue Software [Ver = 2.0.998.3011 | Size = 1848864 bytes | Modified Date = 4/13/2007 11:51:10 AM | Attr =	]
registrybooster.exe -> %ProgramFiles%\Uniblue\RegistryBooster2\RegistryBooster.exe -> Uniblue Software [Ver = 2.0.998.3011 | Size = 1848864 bytes | Modified Date = 4/13/2007 11:51:10 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe ->  [Ver =  | Size = 54776 bytes | Modified Date = 10/3/2006 1:04:38 PM | Attr =	]
memonitor.exe -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 3:25:16 AM | Attr =	]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 12/8/2005 2:55:10 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 9/9/2008 3:04:00 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(0018881221704057mcinstcleanup) McAfee Application Installer Cleanup (0018881221704057) [Win32_Own | Auto | Stopped] -> %SystemRoot%\TEMP\001888~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -> File not found
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.04.010 | Size = 658432 bytes | Modified Date = 11/7/2007 7:02:15 PM | Attr =	]
(NNSvc) NNSvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Net Nanny\NNSvc.exe -> Net Nanny Software International, Inc. [Ver = 5, 0, 2, 4 | Size = 241724 bytes | Modified Date = 9/24/2002 10:19:22 AM | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 8/15/2007 1:26:20 AM | Attr =	]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 9/8/2008 7:04:02 PM | Attr =	]
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> File not found
(Winferno Subscription Service) Winferno Subscription Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Winferno\WSS\WSS.exe -> Capital Intellect Inc [Ver = 2007.4.0.1 | Size = 126976 bytes | Modified Date = 9/7/2007 10:00:46 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\bvrp_pci.sys ->  [Ver =  | Size = 4272 bytes | Modified Date = 8/28/2003 6:58:40 PM | Attr = R  ]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 12:31:32 AM | Attr =	]
(szkg) szkg [Kernel | Boot | Stopped] -> %SystemRoot%\system32\DRIVERS\szkg.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 12:09:58 PM | Attr =	]
BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe [BCMSMMSG.exe] -> Broadcom Corporation [Ver =  3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr =	]
Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe ["C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"] -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 6/2/2003 1:25:24 PM | Attr =	]
dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr =	]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.5.709.30344 | Size = 29744 bytes | Modified Date = 3/14/2008 11:57:47 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 1/15/2008 4:22:56 AM | Attr =	]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =	]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> Microsoft® Corporation [Ver = 7.00.0716.0 | Size = 28672 bytes | Modified Date = 7/16/2002 8:21:48 PM | Attr =	]
NNTray -> %ProgramFiles%\Net Nanny\NNStart.exe [C:\Program Files\Net Nanny\nnstart.exe] -> Net Nanny Software International, Inc. [Ver = 5, 0, 2, 4 | Size = 61440 bytes | Modified Date = 9/24/2002 10:21:56 AM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4501 | Size = 4800512 bytes | Modified Date = 10/17/2003 1:52:00 PM | Attr =	]
Piolet -> %ProgramFiles%\Piolet\Piolet.exe [C:\Program Files\Piolet\Piolet.exe SILENT] -> MP2P Technologies. [Ver = 1.9.0.9 | Size = 5984256 bytes | Modified Date = 1/16/2008 8:02:54 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 4:27:36 PM | Attr =	]
StorageGuard -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 2:01:00 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
2 -> %ProgramFiles%\Uniblue\RegistryBooster2\RegistryBooster.exe [C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S] -> Uniblue Software [Ver = 2.0.998.3011 | Size = 1848864 bytes | Modified Date = 4/13/2007 11:51:10 AM | Attr =	]
Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 10:20:54 AM | Attr =	]
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe ["C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"] ->  [Ver = 6.1.7.0 | Size = 700416 bytes | Modified Date = 8/7/2006 11:06:38 AM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
Uniblue Registry Booster2 -> %ProgramFiles%\Uniblue\RegistryBooster2\RegistryBooster.exe [C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S] -> Uniblue Software [Ver = 2.0.998.3011 | Size = 1848864 bytes | Modified Date = 4/13/2007 11:51:10 AM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet] ->  [Ver =  | Size = 3096576 bytes | Modified Date = 12/8/2005 2:55:10 PM | Attr =	]
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
DelayShred -> %ProgramFiles%\McAfee\MSHR\ShrCL.exe ["c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\APP_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\DW_PAS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\BNMNIMGL\INDEX_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\INDEX_~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GJ3LJQSL\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\I2GB162Y\DW_PAS~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FZ7FQPN2\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\I2GB162Y\DW_PAS~4.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\I2GB162Y\APP_1_~1.SH!] ->  [Ver =  | Size = 111904 bytes | Modified Date = 12/4/2007 1:32:24 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 5/12/2008 8:57:54 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe ->  [Ver =  | Size = 54776 bytes | Modified Date = 10/3/2006 1:04:38 PM | Attr =	]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\MEMonitor.lnk -> %ProgramFiles%\Verizon Wireless\V CAST Music Manager\MEMonitor.exe -> Smith Micro Software, Inc. [Ver = 1.1.0 | Size = 947544 bytes | Modified Date = 7/4/2007 3:25:16 AM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.5.709.30344 | Size = 118784 bytes | Modified Date = 3/14/2008 11:57:47 PM | Attr =	]
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
jkkjjki ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 12:59:52 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 3/15/2006 2:38:48 PM | Attr =	]
autorun.inf [[AUTORUN] | open=install.exe | icon=misc\comcast.ico | ] -> D:\autorun.inf [ CDFS ] ->  [Ver =  | Size = 52 bytes | Modified Date = 1/18/2005 8:02:35 AM | Attr = R  ]
< HOSTS File > (271557 bytes and 9297 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1 localhost		#***Inserted By STOPzilla***
127.0.0.1 0websearch.com		# ***Inserted By STOPzilla***
127.0.0.1 2005-search.com		# ***Inserted By STOPzilla***
127.0.0.1 600pics.com		# ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com		# ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net		# ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com		# ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com		# ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org		# ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com		# ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com		# ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com		# ***Inserted By STOPzilla***
127.0.0.1 b.casalemedia.com		# ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com		# ***Inserted By STOPzilla***
127.0.0.1 barteros.net		# ***Inserted By STOPzilla***
127.0.0.1 best4all.net		# ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net		# ***Inserted By STOPzilla***
127.0.0.1 best-targeted-traffic.com		# ***Inserted By STOPzilla***
127.0.0.1 bins.elitemediagroup.net		# ***Inserted By STOPzilla***
127.0.0.1 bn.i-ru.net		# ***Inserted By STOPzilla***
127.0.0.1 brazauskas.info		# ***Inserted By STOPzilla***
127.0.0.1 bundleware.com		# ***Inserted By STOPzilla***
127.0.0.1 burnsrecyclinginc.com		# ***Inserted By STOPzilla***
127.0.0.1 campaigns.interclick.com		# ***Inserted By STOPzilla***
127.0.0.1 centralgate.biz		# ***Inserted By STOPzilla***
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://127.0.0.1:4664/&s=EmAnaulEtn1sxvnDO_w899AYdOk -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4796 domain(s) found. -> 
45 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4798 domain(s) found. -> 
45 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr =	]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr =	]
{50902E71-C05F-4B63-8CB6-888399E8E70F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 2:04:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{8f7adf86-3330-4719-894f-82d1c22b68bd} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 7/4/2007 12:05:02 AM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 5/12/2008 8:58:08 PM | Attr =	]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{CFC5345B-5D1F-4686-BAE0-B3BA4EE3ACC7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [McAfee SiteAdvisor] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr =	]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 7/4/2007 12:05:02 AM | Attr = R  ]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr =	]
{b69a9db4-d0a1-4722-b56b-f20757a29cdf} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 7/4/2007 12:05:02 AM | Attr = R  ]
WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> Comcast Cable Communications.				 [Ver = 5.0.0.72 | Size = 1821184 bytes | Modified Date = 11/7/2006 2:21:58 PM | Attr =	]
WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B69A9DB4-D0A1-4722-B56B-F20757A29CDF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
{3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [Yahoo! Messenger] ->  [Ver =  | Size = 3096576 bytes | Modified Date = 12/8/2005 2:55:10 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]
CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 5.0\aoltb.dll [AOL Toolbar] -> AOL LLC [Ver = 5.0.17.1 | Size = 1025584 bytes | Modified Date = 3/23/2007 3:35:30 PM | Attr =	]
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ->  [Ver =  | Size = 747 bytes | Modified Date = 9/7/2006 3:59:50 PM | Attr =	]
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr -> Google Inc. [Ver = 2.0.0.1077 | Size = 2790976 bytes | Modified Date = 9/28/2007 1:42:38 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9026356F-5F68-4681-8A4C-EE228A6688BE} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{FDD10D3D-6800-444D-AF98-3E78227812E4} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Key does not exist or could not be opened.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Key does not exist or could not be opened.] -> File not found
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> 
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15015/CTSUEng.cab[Creative Software AutoUpdate] -> 
{2F003D51-39FD-4D18-9016-95CF70B92ABE}[HKEY_LOCAL_MACHINE] -> http://download.movienetworks.com/install/US/altpmtscab.cab[Reg Error: Key does not exist or could not be opened.] -> 
{56336BCB-3D8A-11D6-A00B-0050DA18DE71}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151367448973[WUWebControl Class] -> 
{77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://www.nick.com/common/groove/gx/GrooveAX27.cab[Reg Error: Key does not exist or could not be opened.] -> 
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739}[HKEY_LOCAL_MACHINE] -> http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab[Verizon Wireless Media Upload] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15021/CTPID.cab[Creative Software AutoUpdate Support Package] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/APInstall_Tiny.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/APInstall_Tiny.dll\\.Owner -> {2F003D51-39FD-4D18-9016-95CF70B92ABE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/APInstall_Tiny.dll\\{2F003D51-39FD-4D18-9016-95CF70B92ABE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\.Owner -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\{77E32299-629F-43C6-AB77-6A1E6D7663F6} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\.Owner -> {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/VerizonWirelessUploadControl.dll\\{8A0019EB-51FA-4AE5-A40B-C0496BBFC739} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 936 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> B5 7E 84 CE 2A 33 B5 93 41 E1 B8 F6 C3 C2 C6 0B 35 62 64 34 31 31 32 31 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 21 26 E8 F0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> E7 3F 67 EC 46 16 1B 71 56  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C1 A0 30 6C 31 20  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> B0 8D 35 45 EE 7F 3D 38 28 77 CD 0B 11 27 17 5B  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 60 B5 A1 6C 6F A4 C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 33900 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\java.exe -> %SystemRoot%\system32\java.exe [C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:01 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine] -> Yahoo! [Ver = 2.0.1.037 (Build 037) | Size = 6104568 bytes | Modified Date = 10/3/2006 1:04:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/12/2008 2:10:37 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 2:17:27 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 10:20:54 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> %SystemRoot%\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 6/2/2003 10:56:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 1/15/2008 4:22:48 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Piolet\Piolet.exe -> %ProgramFiles%\Piolet\Piolet.exe [C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet] -> MP2P Technologies. [Ver = 1.9.0.9 | Size = 5984256 bytes | Modified Date = 1/16/2008 8:02:54 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FDD10D3D-6800-444D-AF98-3E78227812E4} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 211 bytes | Created Date = 9/17/2008 9:20:59 PM | Attr =	]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 9/17/2008 9:20:48 PM | Attr =	]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 9/17/2008 9:20:54 PM | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 9/17/2008 9:19:02 PM | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 9/8/2008 3:57:36 PM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 9/23/2008 5:06:21 PM | Attr =  HS]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Created Date = 9/17/2008 9:46:12 PM | Attr =	]
17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 9/17/2008 9:19:59 PM | Attr =	]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 9/17/2008 9:19:33 PM | Attr =	]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 9/17/2008 9:19:33 PM | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 9/17/2008 9:19:33 PM | Attr =	]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 9/17/2008 9:19:33 PM | Attr =	]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 9/17/2008 9:19:33 PM | Attr =	]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 9/17/2008 9:19:32 PM | Attr =	]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 9/17/2008 9:19:32 PM | Attr =	]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 9/17/2008 9:19:32 PM | Attr =	]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 9/17/2008 9:19:33 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 9/7/2008 10:31:15 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 9/7/2008 10:00:14 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 9/7/2008 10:31:40 PM | Attr =	]
My Music -> %AllUsersProfile%\Documents\My Music ->  [Folder | Created Date = 9/17/2008 9:46:50 PM | Attr = R  ]
Command and Conquer Generals Zero Hour Data -> %UserProfile%\My Documents\Command and Conquer Generals Zero Hour Data ->  [Folder | Created Date = 8/25/2008 12:33:51 PM | Attr =	]
Default.rdp -> %UserProfile%\My Documents\Default.rdp ->  [Ver =  | Size = 0 bytes | Created Date = 9/7/2008 8:27:30 PM | Attr =  H ]
MICHELLES INTODUCTORY LETTER.doc -> %UserProfile%\My Documents\MICHELLES INTODUCTORY LETTER.doc ->  [Ver =  | Size = 25088 bytes | Created Date = 8/30/2008 4:29:44 PM | Attr =	]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 793 bytes | Created Date = 9/7/2008 10:05:44 PM | Attr =	]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 793 bytes | Created Date = 9/7/2008 10:05:44 PM | Attr =	]
Command & Conquer The First Decade.lnk -> %AllUsersProfile%\Desktop\Command & Conquer The First Decade.lnk ->  [Ver =  | Size = 903 bytes | Created Date = 8/25/2008 12:05:58 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 696 bytes | Created Date = 9/7/2008 10:31:18 PM | Attr =	]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 2846795 bytes | Created Date = 9/8/2008 3:56:49 PM | Attr = R  ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 9/7/2008 10:00:44 PM | Attr =	]
jre-6u7-windows-i586-p(2).exe -> %UserProfile%\Desktop\jre-6u7-windows-i586-p(2).exe ->  [Ver =  | Size = 15823733 bytes | Created Date = 9/23/2008 11:09:01 AM | Attr =	]
jre-6u7-windows-i586-p(3).exe -> %UserProfile%\Desktop\jre-6u7-windows-i586-p(3).exe ->  [Ver =  | Size = 15984024 bytes | Created Date = 9/23/2008 11:17:48 AM | Attr =	]
jre-6u7-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u7-windows-i586-p.exe ->  [Ver =  | Size = 0 bytes | Created Date = 9/23/2008 11:08:06 AM | Attr =	]
jre-6u7-windows-i586-p.exe.part -> %UserProfile%\Desktop\jre-6u7-windows-i586-p.exe.part ->  [Ver =  | Size = 9734269 bytes | Created Date = 9/23/2008 11:08:01 AM | Attr =	]
Kaspersky.html -> %UserProfile%\Desktop\Kaspersky.html ->  [Ver =  | Size = 5173 bytes | Created Date = 9/8/2008 10:14:22 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 9/23/2008 5:08:09 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 9/7/2008 10:00:30 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 9/23/2008 11:18:19 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 9/7/2008 10:01:27 PM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 9/7/2008 10:31:15 PM | Attr =	]
OYScanIt -> %ProgramFiles%\OYScanIt ->  [Folder | Created Date = 9/23/2008 5:08:55 PM | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 9/7/2008 10:00:14 PM | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/7/2008 10:00:42 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 281 bytes | Modified Date = 9/17/2008 9:20:59 PM | Attr = RHS]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 271557 bytes | Modified Date = 9/8/2008 9:46:53 AM | Attr = R  ]
hosts.20080908-094653.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080908-094653.backup ->  [Ver =  | Size = 271557 bytes | Modified Date = 9/7/2008 10:55:01 PM | Attr = R  ]
17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 10418 bytes | Modified Date = 9/23/2008 12:02:17 PM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 218448 bytes | Modified Date = 8/31/2008 3:44:21 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 52764 bytes | Modified Date = 9/22/2008 10:00:08 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 380350 bytes | Modified Date = 9/22/2008 10:00:08 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 439552 bytes | Modified Date = 9/22/2008 10:00:07 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 9/23/2008 5:12:33 PM | Attr =	]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
dellstat.ini -> %SystemRoot%\dellstat.ini ->  [Ver =  | Size = 279 bytes | Modified Date = 9/1/2008 6:00:32 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 9/18/2008 3:05:02 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 9/23/2008 5:12:54 PM | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 9/17/2008 9:22:04 PM | Attr =	]
WININIT.INI -> %SystemRoot%\WININIT.INI ->  [Ver =  | Size = 4740 bytes | Modified Date = 9/7/2008 10:51:17 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 8/30/2008 12:29:01 PM | Attr =	]
Internet Explorer.job -> %SystemRoot%\tasks\Internet Explorer.job ->  [Ver =  | Size = 264 bytes | Modified Date = 9/23/2008 1:00:00 AM | Attr =	]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 352 bytes | Modified Date = 9/22/2008 10:00:36 PM | Attr =	]
NOD32.job -> %SystemRoot%\tasks\NOD32.job ->  [Ver =  | Size = 242 bytes | Modified Date = 9/23/2008 5:03:30 PM | Attr =	]
rpc.job -> %SystemRoot%\tasks\rpc.job ->  [Ver =  | Size = 386 bytes | Modified Date = 8/29/2008 10:00:49 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/23/2008 5:03:31 PM | Attr =  H ]
User_Feed_Synchronization-{9684B139-E152-48DD-8B70-63AD7A08E596}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{9684B139-E152-48DD-8B70-63AD7A08E596}.job ->  [Ver =  | Size = 392 bytes | Modified Date = 9/22/2008 10:00:19 PM | Attr =  H ]
Windows Media Player.job -> %SystemRoot%\tasks\Windows Media Player.job ->  [Ver =  | Size = 288 bytes | Modified Date = 9/23/2008 12:54:00 AM | Attr =	]
WSSHelper.job -> %SystemRoot%\tasks\WSSHelper.job ->  [Ver =  | Size = 400 bytes | Modified Date = 9/23/2008 5:12:33 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache ->  [Folder | Modified Date = 4/2/2006 9:24:12 PM | Attr =	]
about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\about.dat ->  [Ver =  | Size = 1528 bytes | Modified Date = 7/17/2002 11:00:00 AM | Attr =	]
college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\college.dat ->  [Ver =  | Size = 327746 bytes | Modified Date = 7/17/2002 11:00:00 AM | Attr =	]
ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\ylpgscat.dat ->  [Ver =  | Size = 12283223 bytes | Modified Date = 7/17/2002 11:00:00 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 3/20/2006 7:00:24 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 9/17/2008 10:13:05 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 9/17/2008 10:13:05 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 4/3/2006 9:41:48 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1372 bytes | Modified Date = 4/3/2006 9:41:58 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 12/15/2007 4:47:57 PM | Attr =	]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat ->  [Ver =  | Size = 524 bytes | Modified Date = 12/23/2006 10:26:03 AM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/3/2006 9:22:44 PM | Attr =	]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat ->  [Ver =  | Size = 938592 bytes | Modified Date = 8/30/2008 4:31:13 PM | Attr =	]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat ->  [Ver =  | Size = 938592 bytes | Modified Date = 8/30/2008 4:31:13 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 58320 bytes | Modified Date = 9/7/2008 9:34:27 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4988936 bytes | Modified Date = 9/7/2008 6:59:18 PM | Attr =  H ]
Global.sw2 -> %AllUsersProfile%\Documents\Global.sw2 ->  [Ver =  | Size = 4757 bytes | Modified Date = 9/23/2008 5:12:57 PM | Attr =	]
Default.rdp -> %UserProfile%\My Documents\Default.rdp ->  [Ver =  | Size = 0 bytes | Modified Date = 9/7/2008 8:27:30 PM | Attr =  H ]
MICHELLES INTODUCTORY LETTER.doc -> %UserProfile%\My Documents\MICHELLES INTODUCTORY LETTER.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 8/30/2008 4:29:45 PM | Attr =	]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk ->  [Ver =  | Size = 793 bytes | Modified Date = 9/7/2008 10:05:44 PM | Attr =	]
Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk ->  [Ver =  | Size = 793 bytes | Modified Date = 9/7/2008 10:05:44 PM | Attr =	]
Command & Conquer The First Decade.lnk -> %AllUsersProfile%\Desktop\Command & Conquer The First Decade.lnk ->  [Ver =  | Size = 903 bytes | Modified Date = 8/25/2008 12:05:58 PM | Attr =	]
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk ->  [Ver =  | Size = 1349 bytes | Modified Date = 9/18/2008 12:21:50 AM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 696 bytes | Modified Date = 9/7/2008 10:31:18 PM | Attr =	]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 2846795 bytes | Modified Date = 9/8/2008 3:57:02 PM | Attr = R  ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 9/7/2008 10:00:45 PM | Attr =	]
jre-6u7-windows-i586-p(2).exe -> %UserProfile%\Desktop\jre-6u7-windows-i586-p(2).exe ->  [Ver =  | Size = 15823733 bytes | Modified Date = 9/23/2008 11:10:40 AM | Attr =	]
jre-6u7-windows-i586-p(3).exe -> %UserProfile%\Desktop\jre-6u7-windows-i586-p(3).exe ->  [Ver =  | Size = 15984024 bytes | Modified Date = 9/23/2008 11:17:53 AM | Attr =	]
jre-6u7-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u7-windows-i586-p.exe ->  [Ver =  | Size = 0 bytes | Modified Date = 9/23/2008 11:08:06 AM | Attr =	]
jre-6u7-windows-i586-p.exe.part -> %UserProfile%\Desktop\jre-6u7-windows-i586-p.exe.part ->  [Ver =  | Size = 9734269 bytes | Modified Date = 9/23/2008 11:08:58 AM | Attr =	]
Kaspersky.html -> %UserProfile%\Desktop\Kaspersky.html ->  [Ver =  | Size = 5173 bytes | Modified Date = 9/8/2008 10:14:22 PM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 9/23/2008 5:07:34 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 9/7/2008 10:00:30 PM | Attr =	]

< End of report >


#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:51 PM

Posted 23 September 2008 - 05:25 PM

These files that I had you VirusTotal scan not appearing on OTScanIT:

C:\WINDOWS\system32\gaqnyiwn.exe
C:\WINDOWS\system32\wroidqny.ini
C:\WINDOWS\system32\drfvhkrk.exe
C:\WINDOWS\system32\neminyjc.dll
C:\WINDOWS\system32\gfhdjgjc.ini
C:\WINDOWS\system32\asjnftmo.exe
C:\WINDOWS\system32\nlqjkqot.dll
C:\WINDOWS\system32\iaxelsvt.ini

Have you been removing files on you own? :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Gilthantis

Gilthantis
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 23 September 2008 - 05:34 PM

I have only followed the instruction you have me, I havn't removed any files

#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:51 PM

Posted 23 September 2008 - 05:41 PM

Well, there are about 40 files that either have been removed or are not showing in the OTScanit. :)
They were there in the RSIT log, but missing in the OTScanIT log.


Are you working with another malware forum or person with this? :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Gilthantis

Gilthantis
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 23 September 2008 - 05:43 PM

ATF Cleaner couldn't have removed it?

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:51 PM

Posted 23 September 2008 - 05:48 PM

ATF Cleaner couldn't have removed it?

No. It removes temp files.

Are you working with another malware forum or person with this?

Edited by SifuMike, 23 September 2008 - 05:57 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users