Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Darksma


  • This topic is locked This topic is locked
13 replies to this topic

#1 Postum212

Postum212

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 24 October 2008 - 10:48 AM

My spyware software can find Darksma but it cannot get rid of it. I have been fighting with this for some time. Once I found this web site I went through your recommended plan of action (Spybot, etc) and removed a few viruses the Darksma allowed in. All appears clean except for Darksma. I now have a Hijackthis log and I don't know where to go from here. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:47 PM, on 10/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {84C1883A-EB22-4791-BDF6-D0469AEE8441} - C:\WINDOWS\system32\hgGwTllI.dll (file missing)
O2 - BHO: (no name) - {B0DC1293-D5C2-43FF-9A9F-424972D4F133} - C:\WINDOWS\system32\efcDUnlJ.dll (file missing)
O2 - BHO: {8faeda26-ad28-918a-b1a4-e0a1185dcbbe} - {ebbcd581-1a0e-4a1b-a819-82da62adeaf8} - C:\WINDOWS\system32\ooyqdw.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\test\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\armhelper.ocx
O20 - AppInit_DLLs: ooyqdw.dll
O20 - Winlogon Notify: hgGwTllI - hgGwTllI.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 13549 bytes

BC AdBot (Login to Remove)

 


m

#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 24 October 2008 - 02:48 PM

Hello Postum212 :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you during the cleanup.

I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.







Please perform the following:



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 Postum212

Postum212
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 October 2008 - 05:32 PM

thewall,

Here are the three files that you requested:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 25, 2008 19:01:15
Records in database: 1346206
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 95656
Threat name: 6
Infected objects: 64
Suspicious objects: 0
Duration of the scan: 01:52:06


File name / Threat name / Threats count
C:\WINDOWS\system32\ooyqdw.dll/C:\WINDOWS\system32\ooyqdw.dll Infected: Backdoor.Win32.Delf.moi 52
C:\WINDOWS\System32\ooyqdw.dll/C:\WINDOWS\System32\ooyqdw.dll Infected: Backdoor.Win32.Delf.moi 2
C:\Backup5_28_08.bkf Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\WINDOWS\system32\bwsymyxn.dll Infected: Backdoor.Win32.Delf.moj 1
C:\WINDOWS\system32\fbhyop.dll Infected: Trojan.Win32.Monder.ste 1
C:\WINDOWS\system32\ftgkldaw.dll Infected: Trojan.Win32.Monder.qnk 1
C:\WINDOWS\system32\kwbvjdbm.dll Infected: Trojan.Win32.Monder.stf 1
C:\WINDOWS\system32\ooyqdw.dll Infected: Backdoor.Win32.Delf.moi 1
C:\WINDOWS\system32\pumkuekx.dll Infected: Trojan.Win32.Monder.ste 1
C:\WINDOWS\system32\rhxyeeaa.dll Infected: Backdoor.Win32.Delf.moi 1
C:\WINDOWS\system32\tnhikwgj.dll Infected: Trojan.Win32.Monder.ste 1
C:\WINDOWS\system32\xzprfz.dll Infected: Trojan.Win32.Monder.ste 1

The selected area was scanned.






File number 2

info.txt logfile of random's system information tool 1.04 2008-10-25 17:58:14

======Uninstall list======

-->"C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\setup\ccinstaller.exe" /u /silent /module="fw"
-->C:\Program Files\Installshield Installation Information\{08082021-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082021-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Bubble Bonanza-->"C:\Program Files\NetJet\Games\Bubble Bonanza\Uninstall.exe" "C:\Program Files\NetJet\Games\Bubble Bonanza\install.log"
Buggin Out-->"C:\Program Files\NetJet\Games\Buggin Out\Uninstall.exe" "C:\Program Files\NetJet\Games\Buggin Out\install.log"
CA Anti-Spyware-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"
CA Anti-Virus-->C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\unvet32.exe
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Dino And Aliens-->"C:\Program Files\NetJet\Games\Dino And Aliens\Uninstall.exe" "C:\Program Files\NetJet\Games\Dino And Aliens\install.log"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EAGLE 5.1.0-->cmd.exe /c start "EAGLE Uninstaller" /min "C:\Program Files\EAGLE-5.1.0\bin\uninstall.bat" C:\Program Files\EAGLE-5.1.0\bin
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Exterminate It!-->C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
FATE from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Flip Words from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
Freaky Freezeday-->"C:\Program Files\NetJet\Games\Freaky Freezeday\Uninstall.exe" "C:\Program Files\NetJet\Games\Freaky Freezeday\install.log"
FROG-->C:\WINDOWS\iun506.exe C:\Program Files\FROG\irunin.ini
Gamevance-->C:\Program Files\Gamevance\gvun.exe
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Granny In Paradise-->"C:\Program Files\NetJet\Games\Granny In Paradise\Uninstall.exe" "C:\Program Files\NetJet\Games\Granny In Paradise\install.log"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912436)-->"C:\WINDOWS\$NtUninstallKB912436$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 6500-->msiexec /x{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0032-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E276E05A-FFE8-485B-A005-42E76EA72AC4}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
iConcepts Music Express -->C:\PROGRA~1\ICONCE~1\Setup.exe /remove /q0
iTunes-->MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jigsaw Puzzle Platinum-->C:\Program Files\Jigsaw Puzzle Platinum\uninstall.exe
Kool Kart Racers-->"C:\Program Files\NetJet\Games\Kool Kart Racers\Uninstall.exe" "C:\Program Files\NetJet\Games\Kool Kart Racers\install.log"
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
Littlest Pet Shop My Teeniest Town-->"C:\Program Files\NetJet\Games\Littlest Pet Shop My Teeniest Town\Uninstall.exe" "C:\Program Files\NetJet\Games\Littlest Pet Shop My Teeniest Town\install.log"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Madden NFL 07-->C:\Program Files\EA SPORTS\Madden NFL 07\EAUninstall.exe
Marble Blast XP-->"C:\Program Files\NetJet\Games\Marble Blast XP\Uninstall.exe" "C:\Program Files\NetJet\Games\Marble Blast XP\install.log"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
NetJet 2.0-->C:\Program Files\NetJet\Dashboard\uninst.exe
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oasis from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Peak Performance Snowboarding-->"C:\Program Files\NetJet\Games\Peak Performance Snowboarding\Uninstall.exe" "C:\Program Files\NetJet\Games\Peak Performance Snowboarding\install.log"
Phlinx To Go-->C:\PROGRA~1\POGOGA~1\PHLINX~1\UNWISE.EXE C:\PROGRA~1\POGOGA~1\PHLINX~1\INSTALL.LOG
Picture Package Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 -removeonly
Poppit To Go-->C:\PROGRA~1\POGOGA~1\POPPIT~1\UNWISE.EXE C:\PROGRA~1\POGOGA~1\POPPIT~1\INSTALL.LOG
Puzzle Express from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
QuickBooks Basic Edition 2004-->C:\Program Files\Installshield Installation Information\{2b02f821-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f821-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471}
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Sansa Updater-->C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly
SCRABBLE from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Slingo Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Snowboard SuperJam-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Spongebob Pizza toss-->"C:\Program Files\NetJet\Games\Spongebob Pizza toss\Uninstall.exe" "C:\Program Files\NetJet\Games\Spongebob Pizza toss\install.log"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
Super Soaker Water Fight-->"C:\Program Files\NetJet\Games\Super Soaker Water Fight\Uninstall.exe" "C:\Program Files\NetJet\Games\Super Soaker Water Fight\install.log"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Hold'em 3D XP Championship-->"C:\Program Files\Selectsoft\Texas Hold'em 3D XP Championship\uninstall.exe"
Timmy Roach Rampage-->"C:\Program Files\NetJet\Games\Timmy Roach Rampage\Uninstall.exe" "C:\Program Files\NetJet\Games\Timmy Roach Rampage\install.log"
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Treasures of the Deep-->"C:\Program Files\NetJet\Games\Treasures of the Deep\Uninstall.exe" "C:\Program Files\NetJet\Games\Treasures of the Deep\install.log"
TurboTax Basic 2007-->C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
Tux Paint 0.9.19-->"C:\Program Files\TuxPaint\unins000.exe"
U.B. Funkeys-->C:\Program Files\U.B. Funkeys\uninstall.exe
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911164)-->"C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Vongo-->MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890546-->C:\WINDOWS\$NtUninstallKB890546$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891220-->C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892559-->"C:\WINDOWS\$NtUninstallKB892559$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB915381-->"C:\WINDOWS\$NtUninstallKB915381$\spuninst\spuninst.exe"
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
Word Whomp To Go-->C:\PROGRA~1\POGOGA~1\WORDWH~1\UNWISE.EXE C:\PROGRA~1\POGOGA~1\WORDWH~1\INSTALL.LOG
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: CA Anti-Virus
FW: Norton Internet Worm Protection (disabled)
FW: CA Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4802
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PAVILION
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------




File Number 3Logfile of random's system information tool 1.04 (written by random/random)
Run by test at 2008-10-25 17:57:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 57 GB (70%) free of 83 GB
Total RAM: 1023 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:05 PM, on 10/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\regedit.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\test\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\test.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {84C1883A-EB22-4791-BDF6-D0469AEE8441} - C:\WINDOWS\system32\hgGwTllI.dll (file missing)
O2 - BHO: (no name) - {B0DC1293-D5C2-43FF-9A9F-424972D4F133} - C:\WINDOWS\system32\efcDUnlJ.dll (file missing)
O2 - BHO: {8faeda26-ad28-918a-b1a4-e0a1185dcbbe} - {ebbcd581-1a0e-4a1b-a819-82da62adeaf8} - C:\WINDOWS\system32\ooyqdw.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\test\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\armhelper.ocx
O20 - AppInit_DLLs: ooyqdw.dll
O20 - Winlogon Notify: hgGwTllI - hgGwTllI.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 13603 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as test at 6 08 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-11 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84C1883A-EB22-4791-BDF6-D0469AEE8441}]
C:\WINDOWS\system32\hgGwTllI.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0DC1293-D5C2-43FF-9A9F-424972D4F133}]
C:\WINDOWS\system32\efcDUnlJ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebbcd581-1a0e-4a1b-a819-82da62adeaf8}]
C:\WINDOWS\system32\ooyqdw.dll [2008-10-11 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-11 36975]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-18 7585792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-18 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-01 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-01 761946]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-12 102400]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-05-30 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-11-15 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-10-11 247024]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-09-09 234736]
"cafw"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-09-09 771312]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-09-09 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-09-09 259312]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe [2008-04-15 14088]
"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe []
"Gamevance"=C:\Program Files\Gamevance\gamevance32.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2007-12-04 2494464]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\test\Start Menu\Programs\StartUp
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ooyqdw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgGwTllI]
hgGwTllI.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84C1883A-EB22-4791-BDF6-D0469AEE8441}"=C:\WINDOWS\system32\hgGwTllI.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcDUnlJ
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
""=""
"C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdb7bc2-9ae4-11dc-b6b6-0014a5d6e8ca}]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c13d93a7-a2ac-11dc-b6c4-0014a5d6e8ca}]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5a87c6-9b56-11dc-b6b7-0014a5d6e8ca}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 3 months======

2008-10-25 17:57:47 ----D---- C:\rsit
2008-10-25 15:32:33 ----D---- C:\WINDOWS\LastGood
2008-10-19 20:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 20:20:06 ----D---- C:\Program Files\Trend Micro
2008-10-19 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 19:19:27 ----D---- C:\WINDOWS\Prefetch
2008-10-19 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 18:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 18:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 18:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-19 18:22:23 ----D---- C:\WINDOWS\system32\en-us
2008-10-19 18:22:22 ----D---- C:\WINDOWS\system32\scripting
2008-10-19 18:22:21 ----D---- C:\WINDOWS\l2schemas
2008-10-19 18:22:20 ----D---- C:\WINDOWS\system32\en
2008-10-19 18:22:20 ----D---- C:\WINDOWS\system32\bits
2008-10-19 18:16:41 ----D---- C:\WINDOWS\network diagnostic
2008-10-19 18:16:13 ----A---- C:\WINDOWS\system32\sprecovr.exe
2008-10-19 18:14:39 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-10-19 18:14:39 ----A---- C:\WINDOWS\system32\secedit.exe
2008-10-19 18:14:39 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bthserv.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bthci.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\dsprpres.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\encapi.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\p2p.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\mssap.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\twext.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\sbeio.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xpob2res.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wshbth.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\pidgen.dll
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-10-19 18:14:27 ----A---- C:\WINDOWS\system32\msftedit.dll
2008-10-19 18:14:27 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-19 18:14:27 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-19 18:14:26 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqsnap.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqoa.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\logman.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\gptext.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\gpresult.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\gpedit.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\getmac.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\fdeploy.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\fde.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\eventcreate.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\driverquery.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\cipher.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\appmgr.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\appmgmts.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\adsnw.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\wsecedit.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\systeminfo.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\schtasks.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\openfiles.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\mqtrig.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\nwwks.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\nwapi32.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqutil.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqsec.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqrt.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqqm.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqise.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqdscli.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqad.dll
2008-10-19 18:14:03 ----A---- C:\WINDOWS\winhlp32.exe
2008-10-19 18:14:03 ----A---- C:\WINDOWS\twain_32.dll
2008-10-19 18:14:03 ----A---- C:\WINDOWS\regedit.exe
2008-10-19 18:14:03 ----A---- C:\WINDOWS\hh.exe
2008-10-19 18:14:03 ----A---- C:\WINDOWS\explorer.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\amstream.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\alg.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\ahui.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\admparse.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\activeds.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\aclui.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\6to4svc.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\authz.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\attrib.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atl.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\at.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\certcli.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\camocx.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cabview.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cabinet.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browseui.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browser.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browselc.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cic.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comres.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\compstui.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\compatui.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\credui.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\corpol.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\conime.exe
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\danim.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\csrss.exe
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\cscui.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\cscript.exe
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\digest.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\diantz.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\devenum.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\defrag.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbghelp.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\datime.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmutil.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmime.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmband.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dispex.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dinput.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dsound.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\drprov.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\duser.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dswave.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dssec.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fontview.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fontext.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\findstr.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\feclient.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\exts.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\esent.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\es.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\els.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\icm32.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\htui.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hlink.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hid.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\help.exe
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\glu32.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imm32.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imapi.exe
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\idq.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\icmp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inseng.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\input.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\initpki.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\kbdnec.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jscript.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\itss.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\itircl.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\makecab.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\magnify.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lsass.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lpk.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\logonui.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\localui.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\localsec.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\licdll.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmc.exe
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mlang.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\midimap.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msdart.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msctf.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mscms.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msafd.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mpr.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\moricons.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\more.com
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\modemui.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msgina.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\msi.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshta.exe
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msisip.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msidle.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msident.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msutb.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\narrator.exe
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msxml.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netrap.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netman.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netid.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netdde.exe
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\net1.exe
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\net.exe
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\npptools.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\notepad.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\newdev.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netui1.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netui0.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netstat.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netshell.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netsh.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\notepad.exe
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\objsel.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\oakley.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pjlmon.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\ping.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pid.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfos.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pdh.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\packager.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\osk.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\ole32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\progman.exe
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\profmap.dll
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\polstore.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\qdv.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\qcap.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\psbase.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\psapi.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\proquota.exe
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rastls.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\raschap.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\query.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\quartz.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qedit.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\riched20.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rexec.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\resutils.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regapi.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\reg.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rcp.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\secur32.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scecli.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\runonce.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsh.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sfc.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\setup.exe
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sethc.exe
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sens.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\security.dll
2008-10-19 18:13:26 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shgina.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shell32.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sort.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\skeys.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\syncui.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\synceng.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sxs.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\svchost.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\stobject.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\stimon.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sti.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\upnp.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\txflog.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tree.com
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tracert.exe
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\themeui.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\telnet.exe
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\utilman.exe
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\usp10.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\userenv.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\user32.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\url.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\ups.exe
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\w32time.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\version.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\verifier.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winsta.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winscard.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winntbbu.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winmm.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\webvw.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wship6.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshext.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wscript.exe
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wow32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmi.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\winver.exe
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\format.com
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\services.exe
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-19 18:13:11 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-19 18:13:11 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-19 18:13:07 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-19 18:13:07 ----A---- C:\WINDOWS\system32\hal.dll
2008-10-19 18:13:06 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-11 20:10:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-11 20:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 19:14:20 ----D---- C:\Program Files\Lavasoft
2008-10-11 19:14:19 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-11 19:13:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 18:39:03 ----A---- C:\WINDOWS\system32\ooyqdw.dll
2008-10-11 18:39:01 ----A---- C:\WINDOWS\system32\rhxyeeaa.dll
2008-10-11 18:37:16 ----ASH---- C:\WINDOWS\system32\nxymyswb.ini
2008-10-11 18:37:13 ----A---- C:\WINDOWS\system32\bwsymyxn.dll
2008-10-05 20:41:55 ----ASH---- C:\WINDOWS\system32\becywfjj.ini
2008-10-05 20:03:00 ----D---- C:\WINDOWS\CSC
2008-10-05 18:21:43 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-05 16:35:21 ----D---- C:\VundoFix Backups
2008-10-05 16:35:21 ----A---- C:\VundoFix.txt
2008-10-02 21:10:21 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-10-02 20:23:17 ----ASH---- C:\WINDOWS\system32\jmdjceey.ini
2008-10-02 20:20:21 ----A---- C:\WINDOWS\system32\fbhyop.dll
2008-10-02 20:20:20 ----A---- C:\WINDOWS\system32\tnhikwgj.dll
2008-10-02 20:20:10 ----A---- C:\WINDOWS\system32\kwbvjdbm.dll
2008-10-02 20:12:43 ----D---- C:\Program Files\Exterminate It!
2008-10-02 19:23:38 ----A---- C:\WINDOWS\system32\xzprfz.dll
2008-10-02 19:23:36 ----A---- C:\WINDOWS\system32\pumkuekx.dll
2008-10-01 10:42:53 ----ASH---- C:\WINDOWS\system32\ctpanlyc.ini
2008-09-26 15:03:42 ----D---- C:\qrnt
2008-09-26 15:00:07 ----ASH---- C:\WINDOWS\system32\hfstrsix.ini
2008-09-26 14:53:57 ----A---- C:\WINDOWS\BM0a3d035a.txt
2008-09-26 14:53:53 ----A---- C:\WINDOWS\system32\oijcagjv.dll
2008-09-25 12:10:04 ----ASH---- C:\WINDOWS\system32\wadlkgtf.ini
2008-09-25 12:09:53 ----A---- C:\WINDOWS\system32\ftgkldaw.dll
2008-09-25 10:06:26 ----A---- C:\WINDOWS\system32\022df4b8-.txt
2008-09-25 10:05:45 ----ASH---- C:\WINDOWS\system32\JlnUDcfe.ini2
2008-09-25 10:05:45 ----ASH---- C:\WINDOWS\system32\JlnUDcfe.ini
2008-09-18 13:56:02 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-09-11 00:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-04 14:50:43 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-04 14:48:46 ----A---- C:\WINDOWS\003030_.tmp
2008-09-04 10:28:20 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-03 13:52:55 ----A---- C:\WINDOWS\system32\cdintf.dll
2008-09-03 13:52:50 ----D---- C:\Program Files\Intuit
2008-09-03 13:52:47 ----A---- C:\WINDOWS\system32\vba6.dll
2008-09-03 13:52:47 ----A---- C:\WINDOWS\system32\spr32d30.dll
2008-09-03 13:45:04 ----D---- C:\WINDOWS\Intuit
2008-09-03 07:26:42 ----D---- C:\Program Files\Jigsaw Puzzle Platinum
2008-09-03 07:26:42 ----D---- C:\Documents and Settings\test\Application Data\SpinTop
2008-08-13 20:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 20:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 20:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 20:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 20:51:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 20:51:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 20:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-13 20:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-13 16:06:51 ----D---- C:\Documents and Settings\test\Application Data\Sony Corporation
2008-08-13 15:58:06 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-08-13 15:58:05 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-08-13 15:58:04 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-08-13 15:58:04 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-13 15:58:03 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-08-13 15:58:02 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-08-13 15:58:01 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-08-13 15:58:00 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-08-13 15:57:59 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-08-13 15:57:59 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-08-13 15:57:58 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-08-13 15:57:58 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-08-13 15:57:57 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-08-13 15:57:56 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-08-13 15:54:23 ----A---- C:\WINDOWS\system32\PxInsI64.exe
2008-08-13 15:54:23 ----A---- C:\WINDOWS\system32\PxInsA64.exe
2008-08-13 15:54:23 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-08-13 15:54:23 ----A---- C:\WINDOWS\system32\PxCpyI64.exe
2008-08-13 15:54:23 ----A---- C:\WINDOWS\system32\PxCpyA64.exe
2008-08-13 15:54:14 ----D---- C:\Program Files\Sony

======List of files/folders modified in the last 3 months======

2008-10-25 15:46:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 15:46:48 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-25 15:46:46 ----HD---- C:\WINDOWS\inf
2008-10-25 15:45:32 ----D---- C:\WINDOWS\temp
2008-10-25 15:42:22 ----D---- C:\WINDOWS\system32
2008-10-25 15:42:22 ----D---- C:\WINDOWS
2008-10-25 15:34:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 15:31:48 ----A---- C:\hpqp.ini
2008-10-25 15:31:32 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-10-25 15:30:48 ----A---- C:\XP_TV.ini
2008-10-25 15:30:12 ----D---- C:\WINDOWS\Registration
2008-10-21 21:12:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-20 22:24:07 ----D---- C:\Circuit Cellar
2008-10-19 20:46:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-19 20:46:42 ----D---- C:\WINDOWS\system32\drivers
2008-10-19 20:46:34 ----A---- C:\WINDOWS\imsins.BAK
2008-10-19 20:46:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-19 20:45:42 ----D---- C:\Program Files\Internet Explorer
2008-10-19 20:20:06 ----D---- C:\Program Files
2008-10-19 19:18:39 ----D---- C:\WINDOWS\system32\wbem
2008-10-19 19:18:39 ----D---- C:\WINDOWS\AppPatch
2008-10-19 19:18:37 ----RSD---- C:\WINDOWS\Fonts
2008-10-19 19:15:01 ----RSD---- C:\WINDOWS\assembly
2008-10-19 19:12:15 ----D---- C:\WINDOWS\WinSxS
2008-10-19 19:11:51 ----D---- C:\WINDOWS\system32\usmt
2008-10-19 19:11:49 ----D---- C:\WINDOWS\system32\Setup
2008-10-19 19:11:47 ----D---- C:\WINDOWS\system32\Restore
2008-10-19 19:11:47 ----D---- C:\WINDOWS\system32\oobe
2008-10-19 19:11:45 ----D---- C:\WINDOWS\system32\npp
2008-10-19 19:11:32 ----D---- C:\WINDOWS\system32\Com
2008-10-19 19:09:51 ----D---- C:\WINDOWS\system
2008-10-19 19:09:51 ----D---- C:\WINDOWS\srchasst
2008-10-19 19:09:49 ----D---- C:\WINDOWS\PeerNet
2008-10-19 19:09:47 ----D---- C:\WINDOWS\mui
2008-10-19 19:09:46 ----D---- C:\WINDOWS\msagent
2008-10-19 19:09:36 ----D---- C:\WINDOWS\ime
2008-10-19 19:09:35 ----D---- C:\WINDOWS\Help
2008-10-19 19:09:29 ----D---- C:\Program Files\Windows NT
2008-10-19 19:09:29 ----D---- C:\Program Files\Outlook Express
2008-10-19 19:09:27 ----D---- C:\Program Files\NetMeeting
2008-10-19 19:09:25 ----D---- C:\Program Files\Movie Maker
2008-10-19 19:09:23 ----D---- C:\Program Files\Messenger
2008-10-19 19:09:16 ----D---- C:\Program Files\Common Files\System
2008-10-19 19:04:04 ----SD---- C:\WINDOWS\Tasks
2008-10-19 18:56:57 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-19 18:22:21 ----SHD---- C:\WINDOWS\Installer
2008-10-19 18:15:33 ----D---- C:\WINDOWS\security
2008-10-19 18:15:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-19 18:12:52 ----D---- C:\WINDOWS\ehome
2008-10-11 19:51:31 ----D---- C:\WINDOWS\CAVTemp
2008-10-11 19:14:52 ----HD---- C:\Config.msi
2008-10-11 19:13:32 ----D---- C:\Program Files\Common Files
2008-10-11 19:10:15 ----A---- C:\caisslog.txt
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 18:37:27 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-05 16:17:13 ----D---- C:\Program Files\RGB
2008-09-09 08:30:28 ----A---- C:\WINDOWS\system32\isafprod.dll
2008-09-04 10:28:19 ----D---- C:\WINDOWS\Debug
2008-09-03 13:54:39 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-03 13:53:26 ----D---- C:\Program Files\Common Files\Intuit
2008-09-03 08:27:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 07:26:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-13 15:56:39 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-04 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-09-09 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-09-09 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-09-09 32240]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-09-09 21104]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-04 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-16 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-01 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-19 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-19 208000]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-16 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-18 3687552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-02 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-02 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 11136]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-31 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-31 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-03-16 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-01 193056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-16 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-16 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-04 108368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-19 727296]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362]
S1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-06 61952]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-16 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-13 874240]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-03-16 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-11 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-01-11 144696]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-05 283912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2006-03-16 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2006-03-16 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-18 143426]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-09-09 255216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-16 14336]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-10-11 214256]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2006-03-16 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe [2006-05-09 176128]

-----------------EOF-----------------

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 26 October 2008 - 07:36 AM

1.)

One or more of the identified infections is a backdoor trojan

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

For the time being I will proceed on the assumption you wish to clean up your computer. If you do not and would rather reformat or reinstall let me know in your next reply.



2.)

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



3.)

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 10 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

4.)
Next we will use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

How To Use ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.>>> Do not skip this section. If you cannot perform the Recovery Console install please STOP and let us know.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New RSIT log.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 Postum212

Postum212
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 29 October 2008 - 10:58 AM

For now I will try to fix my laptop with re-formatting my hard drive in the back of my mind.


I made it through the ATF Cleaner and the Java install.

I downloaded the Recovery Console and Combofix.

I'm currently running Windows XP Media Center, Service Pack 2. I downloaded the XP professional console. I dragged it over the icon per instructions. Combo fix did something, but I did not get a confirmation from Combofix that the Recovery Console installed correctly. The Combofix agreement window came up but no confirmation. I've tried a few times with no success.

Any ideas as to what to try next?

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 29 October 2008 - 03:02 PM

I'm going to check and will be back as quickly as I can.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 30 October 2008 - 07:36 AM

Ok, ComboFix should check to see if the RC is installed and if it isn't prompt you to install it. Go ahead and run it and let's see what happens.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 Postum212

Postum212
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 31 October 2008 - 07:12 AM

Ran Combofix last night. A message came up stating the recovery console was not installed. To install it I needed to have a live internet line. Do I wish to continue. I selected no...apparently it meant continue with the recovery console. I must have answered no to the recovery console question only because Combofix continued to run. Luckily, I was able to reboot and create a report.

ComboFix 08-10-28.01 - test 2008-10-30 20:48:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.521 [GMT -4:00]
Running from: C:\Documents and Settings\test\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM0a3d035a.txt
C:\WINDOWS\BM0a3d035a.xml
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\becywfjj.ini
C:\WINDOWS\system32\ctpanlyc.ini
C:\WINDOWS\system32\fbhyop.dll
C:\WINDOWS\system32\ftgkldaw.dll
C:\WINDOWS\system32\hfstrsix.ini
C:\WINDOWS\system32\JlnUDcfe.ini
C:\WINDOWS\system32\JlnUDcfe.ini2
C:\WINDOWS\system32\jmdjceey.ini
C:\WINDOWS\system32\kwbvjdbm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nxymyswb.ini
C:\WINDOWS\system32\oijcagjv.dll
C:\WINDOWS\system32\ooyqdw.dll
C:\WINDOWS\system32\pumkuekx.dll
C:\WINDOWS\system32\rhxyeeaa.dll
C:\WINDOWS\system32\tnhikwgj.dll
C:\WINDOWS\system32\wadlkgtf.ini
C:\WINDOWS\system32\xzprfz.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-28 21:40 . 2008-10-28 21:40 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-28 21:40 . 2008-10-28 21:40 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 17:57 . 2008-10-25 17:59 <DIR> d-------- C:\rsit
2008-10-19 20:20 . 2008-10-19 20:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-19 18:22 . 2008-10-19 18:22 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-19 18:22 . 2008-10-19 18:22 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-19 18:22 . 2008-10-19 18:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-19 18:22 . 2008-10-19 18:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-19 18:16 . 2007-08-10 20:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-10-11 20:10 . 2008-10-11 20:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-11 20:10 . 2008-10-11 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 19:14 . 2008-10-11 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-05 16:35 . 2008-10-05 16:35 <DIR> d-------- C:\VundoFix Backups
2008-09-26 18:06 . 2008-10-30 20:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-26 18:06 . 2008-09-26 18:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-26 15:03 . 2008-10-11 19:08 <DIR> d-------- C:\qrnt
2008-09-04 14:50 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-09-04 14:48 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003030_.tmp
2008-09-04 10:28 . 2008-10-25 19:54 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-03 13:52 . 2008-09-03 13:52 <DIR> d-------- C:\Program Files\Intuit
2008-09-03 13:52 . 1999-05-10 00:00 1,694,992 --a------ C:\WINDOWS\system32\vba6.dll
2008-09-03 13:52 . 1999-05-07 00:00 1,009,136 --a------ C:\WINDOWS\system32\Mschrt20.ocx
2008-09-03 13:52 . 2000-11-15 13:46 999,424 --a------ C:\WINDOWS\system32\SPR32X30.ocx
2008-09-03 13:52 . 2000-11-15 13:46 737,280 --a------ C:\WINDOWS\system32\spr32d30.dll
2008-09-03 13:52 . 2003-07-07 18:30 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-09-03 13:52 . 2002-09-20 08:45 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2008-09-03 13:52 . 1999-05-07 00:00 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-09-03 13:52 . 2000-12-06 13:02 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-09-03 13:52 . 2000-05-22 01:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-09-03 13:52 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\THREED32.OCX
2008-09-03 13:52 . 1999-05-07 00:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-09-03 13:45 . 2008-09-03 13:45 <DIR> d-------- C:\WINDOWS\Intuit
2008-09-03 07:26 . 2008-09-23 11:56 <DIR> d-------- C:\Program Files\Jigsaw Puzzle Platinum
2008-09-03 07:26 . 2008-09-03 07:26 <DIR> d-------- C:\Documents and Settings\test\Application Data\SpinTop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 00:52 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-10-31 00:52 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-10-31 00:52 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-10-31 00:52 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-10-31 00:52 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-10-31 00:52 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-10-31 00:52 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-10-31 00:52 118,776 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-10-29 01:39 --------- d-----w C:\Program Files\Java
2008-10-26 23:57 --------- d-----w C:\Program Files\Pogo Games
2008-10-26 23:54 --------- d-----w C:\Program Files\FROG
2008-10-26 23:51 --------- d-----w C:\Program Files\Encarta Online
2008-10-26 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 18:31 13,790 ----a-w C:\Documents and Settings\test\Application Data\wklnhst.dat
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-05 20:17 --------- d-----w C:\Program Files\RGB
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-09-09 12:30 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-09-09 12:30 32,240 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-09 12:30 26,352 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-09 12:30 21,488 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-09 12:30 21,104 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-03 17:53 --------- d-----w C:\Program Files\Common Files\Intuit
2008-09-03 12:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-19 09:38 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-08-14 09:57 2,185,984 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:18 2,062,976 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-10-11 247024]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-09 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-09 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-09 259312]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-04-15 14088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-28 136600]
"nwiz"="nwiz.exe" [2006-08-18 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2007-07-06 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe [2007-11-23 270336]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-03 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ooyqdw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 152984]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 61952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdb7bc2-9ae4-11dc-b6b6-0014a5d6e8ca}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c13d93a7-a2ac-11dc-b6c4-0014a5d6e8ca}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5a87c6-9b56-11dc-b6b7-0014a5d6e8ca}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as test at 6 08 PM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-09-09 08:30]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B0DC1293-D5C2-43FF-9A9F-424972D4F133} - C:\WINDOWS\system32\efcDUnlJ.dll
BHO-{ebbcd581-1a0e-4a1b-a819-82da62adeaf8} - C:\WINDOWS\system32\ooyqdw.dll
HKLM-Run-SansaDispatch - C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
HKLM-Run-Gamevance - C:\Program Files\Gamevance\gamevance32.exe
Notify-dimsntfy - (no file)
Notify-hgGwTllI - hgGwTllI.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\test\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\test\Start Menu\Programs\IMVU\Run IMVU.lnk -

O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx
C:\WINDOWS\Downloaded Program Files\stg_drm.ocx

O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\armhelper.ocx
C:\WINDOWS\Downloaded Program Files\armhelper.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 20:55:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????P??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
.
**************************************************************************
.
Completion time: 2008-10-30 21:00:36 - machine was rebooted [test]
ComboFix-quarantined-files.txt 2008-10-31 01:00:31

Pre-Run: 66,493,239,296 bytes free
Post-Run: 66,385,453,056 bytes free

273 --- E O F --- 2008-10-25 23:55:33



Let me know what you think.

#9 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 01 November 2008 - 01:44 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\003030_.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Along with the ComboFix log please provide a new RSIT log and let me know how your computer is running
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 Postum212

Postum212
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 02 November 2008 - 02:15 PM

Here are the two files:

ComboFix 08-10-28.01 - test 2008-11-01 20:13:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.527 [GMT -4:00]
Running from: C:\Documents and Settings\test\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\test\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\003030_.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\003030_.tmp

.
((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-10-28 21:40 . 2008-10-28 21:40 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-28 21:40 . 2008-10-28 21:40 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 17:57 . 2008-10-25 17:59 <DIR> d-------- C:\rsit
2008-10-19 20:20 . 2008-10-19 20:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-19 18:22 . 2008-10-19 18:22 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-19 18:22 . 2008-10-19 18:22 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-19 18:22 . 2008-10-19 18:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-19 18:22 . 2008-10-19 18:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-19 18:16 . 2007-08-10 20:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-10-11 20:10 . 2008-10-11 20:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-11 20:10 . 2008-10-11 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 19:14 . 2008-10-11 19:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-05 16:35 . 2008-10-05 16:35 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 01:05 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-10-31 01:05 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-10-31 01:05 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-10-31 01:05 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-10-31 01:05 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-10-31 01:05 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-10-31 01:05 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-10-31 01:05 118,776 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-10-29 01:39 --------- d-----w C:\Program Files\Java
2008-10-26 23:57 --------- d-----w C:\Program Files\Pogo Games
2008-10-26 23:54 --------- d-----w C:\Program Files\FROG
2008-10-26 23:51 --------- d-----w C:\Program Files\Encarta Online
2008-10-26 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 18:31 13,790 ----a-w C:\Documents and Settings\test\Application Data\wklnhst.dat
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-05 20:17 --------- d-----w C:\Program Files\RGB
2008-09-23 15:56 --------- d-----w C:\Program Files\Jigsaw Puzzle Platinum
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-09-09 12:30 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-09-09 12:30 32,240 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-09 12:30 26,352 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2008-09-09 12:30 21,488 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-09 12:30 21,104 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2008-09-03 17:53 --------- d-----w C:\Program Files\Common Files\Intuit
2008-09-03 17:52 --------- d-----w C:\Program Files\Intuit
2008-09-03 12:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 11:26 --------- d-----w C:\Documents and Settings\test\Application Data\SpinTop
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-19 09:38 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-08-14 09:57 2,185,984 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:55 2,142,720 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:18 2,062,976 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:18 2,020,864 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-30_20.59.04.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-31 00:43:34 66,888 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-11-02 00:04:55 66,888 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-31 00:43:34 417,616 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-11-02 00:04:55 417,616 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-11-02 00:00:40 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_3e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-10-11 247024]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"cafw"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-09 771312]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-09 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-09 259312]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-04-15 14088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-28 136600]
"nwiz"="nwiz.exe" [2006-08-18 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2007-07-06 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe [2007-11-23 270336]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-03 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 152984]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 61952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdb7bc2-9ae4-11dc-b6b6-0014a5d6e8ca}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c13d93a7-a2ac-11dc-b6c4-0014a5d6e8ca}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5a87c6-9b56-11dc-b6b7-0014a5d6e8ca}]
\Shell\AutoRun\command - F:\autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as test at 6 08 PM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2008-09-09 08:30]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 20:19:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????P??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-01 20:22:39
ComboFix-quarantined-files.txt 2008-11-02 00:22:18
ComboFix2.txt 2008-10-31 01:00:37

Pre-Run: 66,094,256,128 bytes free
Post-Run: 65,680,605,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

190 --- E O F --- 2008-10-25 23:55:33


Logfile of random's system information tool 1.04 (written by random/random)
Run by test at 2008-11-01 20:24:26
Microsoft Windows XP Professional Service Pack 2
System drive C: has 63 GB (77%) free of 83 GB
Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:34 PM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\test\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\test\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Jigsaw Puzzle Platinum\Images\armhelper.ocx
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 12863 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as test at 6 08 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-18 7585792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-18 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-01 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-04-01 761946]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-12 102400]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-05-30 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-11-15 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-11-15 267048]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-10-11 247024]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-09-09 234736]
"cafw"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-09-09 771312]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-09-09 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-09-09 259312]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe [2008-04-15 14088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-28 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Auto Detect.lnk - C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\test\Start Menu\Programs\StartUp
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
""=""
"C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdb7bc2-9ae4-11dc-b6b6-0014a5d6e8ca}]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c13d93a7-a2ac-11dc-b6c4-0014a5d6e8ca}]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5a87c6-9b56-11dc-b6b7-0014a5d6e8ca}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2008-11-01 20:22:42 ----A---- C:\ComboFix.txt
2008-11-01 20:11:17 ----A---- C:\Boot.bak
2008-11-01 20:11:07 ----RASHD---- C:\cmdcons
2008-10-30 20:47:08 ----A---- C:\WINDOWS\zip.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\VFIND.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\SWSC.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\SWREG.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\sed.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\grep.exe
2008-10-30 20:47:08 ----A---- C:\WINDOWS\fdsv.exe
2008-10-28 22:02:43 ----D---- C:\WINDOWS\ERDNT
2008-10-28 22:02:43 ----D---- C:\Qoobox
2008-10-28 21:40:19 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-28 21:40:19 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-28 21:40:19 ----A---- C:\WINDOWS\system32\java.exe
2008-10-28 21:40:19 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-25 18:34:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 17:57:47 ----D---- C:\rsit
2008-10-19 20:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 20:20:06 ----D---- C:\Program Files\Trend Micro
2008-10-19 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 19:19:27 ----D---- C:\WINDOWS\Prefetch
2008-10-19 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 18:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 18:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 18:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-19 18:22:23 ----D---- C:\WINDOWS\system32\en-us
2008-10-19 18:22:22 ----D---- C:\WINDOWS\system32\scripting
2008-10-19 18:22:21 ----D---- C:\WINDOWS\l2schemas
2008-10-19 18:22:20 ----D---- C:\WINDOWS\system32\en
2008-10-19 18:22:20 ----D---- C:\WINDOWS\system32\bits
2008-10-19 18:16:41 ----D---- C:\WINDOWS\network diagnostic
2008-10-19 18:16:13 ----A---- C:\WINDOWS\system32\sprecovr.exe
2008-10-19 18:14:39 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-10-19 18:14:39 ----A---- C:\WINDOWS\system32\secedit.exe
2008-10-19 18:14:39 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bthserv.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bthci.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-19 18:14:38 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\dsprpres.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-10-19 18:14:37 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\fsquirt.exe
2008-10-19 18:14:36 ----A---- C:\WINDOWS\system32\encapi.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\p2p.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\mssap.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-10-19 18:14:35 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\twext.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\sdhcinst.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\sbeio.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-10-19 18:14:34 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xpob2res.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wshbth.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-10-19 18:14:33 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\pidgen.dll
2008-10-19 18:14:29 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-10-19 18:14:27 ----A---- C:\WINDOWS\system32\msftedit.dll
2008-10-19 18:14:27 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-19 18:14:27 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-19 18:14:26 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqsnap.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqoa.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\logman.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\gptext.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\gpresult.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\gpedit.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\getmac.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\fdeploy.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\fde.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\eventcreate.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\driverquery.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\cipher.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\appmgr.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\appmgmts.dll
2008-10-19 18:14:25 ----A---- C:\WINDOWS\system32\adsnw.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\wsecedit.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\systeminfo.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\schtasks.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\openfiles.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\mqtrig.dll
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-10-19 18:14:24 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\nwwks.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\nwapi32.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqutil.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqsec.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqrt.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqqm.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqise.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqdscli.dll
2008-10-19 18:14:23 ----A---- C:\WINDOWS\system32\mqad.dll
2008-10-19 18:14:03 ----A---- C:\WINDOWS\winhlp32.exe
2008-10-19 18:14:03 ----A---- C:\WINDOWS\twain_32.dll
2008-10-19 18:14:03 ----A---- C:\WINDOWS\regedit.exe
2008-10-19 18:14:03 ----A---- C:\WINDOWS\hh.exe
2008-10-19 18:14:03 ----A---- C:\WINDOWS\explorer.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\amstream.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\alg.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\ahui.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\admparse.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\activeds.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\aclui.dll
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-19 18:14:01 ----A---- C:\WINDOWS\system32\6to4svc.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\authz.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\attrib.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\atl.dll
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\at.exe
2008-10-19 18:14:00 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\certcli.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\camocx.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cabview.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\cabinet.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browseui.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browser.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\browselc.dll
2008-10-19 18:13:59 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cic.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-19 18:13:58 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comres.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\compstui.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\compatui.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-10-19 18:13:57 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\credui.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\corpol.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\conime.exe
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-10-19 18:13:56 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\danim.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\csrss.exe
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\cscui.dll
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\cscript.exe
2008-10-19 18:13:55 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\digest.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\diantz.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\devenum.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\defrag.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\dbghelp.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-10-19 18:13:54 ----A---- C:\WINDOWS\system32\datime.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmutil.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmime.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmband.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dispex.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-10-19 18:13:53 ----A---- C:\WINDOWS\system32\dinput.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dsound.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\drprov.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-10-19 18:13:52 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\duser.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dswave.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dssec.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-10-19 18:13:51 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-10-19 18:13:50 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fontview.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fontext.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\findstr.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\feclient.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\exts.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\esent.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\es.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-10-19 18:13:49 ----A---- C:\WINDOWS\system32\els.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\icm32.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\htui.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hlink.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hid.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\help.exe
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\glu32.dll
2008-10-19 18:13:48 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imm32.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\imapi.exe
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\idq.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-19 18:13:47 ----A---- C:\WINDOWS\system32\icmp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inseng.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\input.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\initpki.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-10-19 18:13:46 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\kbdnec.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jscript.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\itss.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\itircl.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-10-19 18:13:45 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\makecab.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\magnify.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lsass.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lpk.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\logonui.exe
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\localui.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\localsec.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\licdll.dll
2008-10-19 18:13:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mmc.exe
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mlang.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\midimap.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-10-19 18:13:43 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msdart.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msctf.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mscms.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msafd.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mpr.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\moricons.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\more.com
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\modemui.dll
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-10-19 18:13:42 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msgina.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-19 18:13:41 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\msi.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-19 18:13:40 ----A---- C:\WINDOWS\system32\mshta.exe
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msisip.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msidle.dll
2008-10-19 18:13:39 ----A---- C:\WINDOWS\system32\msident.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msutb.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-19 18:13:38 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\narrator.exe
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msxml.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-10-19 18:13:37 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netrap.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netman.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netid.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netdde.exe
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\net1.exe
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\net.exe
2008-10-19 18:13:36 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\npptools.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\notepad.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\newdev.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netui1.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netui0.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netstat.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netshell.dll
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netsh.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-10-19 18:13:35 ----A---- C:\WINDOWS\notepad.exe
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\objsel.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\oakley.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-10-19 18:13:34 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pjlmon.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\ping.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pid.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfos.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pdh.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\packager.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\osk.exe
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\ole32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-10-19 18:13:33 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\progman.exe
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\profmap.dll
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-10-19 18:13:32 ----A---- C:\WINDOWS\system32\polstore.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\qdv.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\qcap.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\psbase.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\psapi.dll
2008-10-19 18:13:31 ----A---- C:\WINDOWS\system32\proquota.exe
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rastls.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\raschap.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\query.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\quartz.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qedit.dll
2008-10-19 18:13:30 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\riched20.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rexec.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\resutils.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\regapi.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\reg.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rcp.exe
2008-10-19 18:13:29 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\secur32.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scecli.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\runonce.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsh.exe
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-10-19 18:13:28 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sfc.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\setup.exe
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sethc.exe
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sens.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-10-19 18:13:27 ----A---- C:\WINDOWS\system32\security.dll
2008-10-19 18:13:26 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shgina.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shell32.dll
2008-10-19 18:13:25 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sort.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\skeys.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-10-19 18:13:24 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-19 18:13:23 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\syncui.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\synceng.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sxs.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\svchost.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\stobject.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\stimon.exe
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-10-19 18:13:22 ----A---- C:\WINDOWS\system32\sti.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\upnp.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\txflog.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tree.com
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tracert.exe
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\themeui.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\telnet.exe
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-10-19 18:13:21 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\utilman.exe
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\usp10.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\userenv.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\user32.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\url.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\ups.exe
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-10-19 18:13:20 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\w32time.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\version.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\verifier.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-10-19 18:13:19 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winsta.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winscard.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winntbbu.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winmm.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\webvw.dll
2008-10-19 18:13:18 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wship6.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshext.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wscript.exe
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wow32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wmi.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-10-19 18:13:17 ----A---- C:\WINDOWS\system32\winver.exe
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-10-19 18:13:16 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-19 18:13:15 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\format.com
2008-10-19 18:13:14 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\services.exe
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-19 18:13:13 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-19 18:13:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-19 18:13:11 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-19 18:13:11 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-19 18:13:07 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-19 18:13:07 ----A---- C:\WINDOWS\system32\hal.dll
2008-10-19 18:13:06 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-11 20:10:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-11 20:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-11 19:14:19 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-05 20:03:00 ----D---- C:\WINDOWS\CSC
2008-10-05 18:21:43 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-05 16:35:21 ----D---- C:\VundoFix Backups
2008-10-05 16:35:21 ----A---- C:\VundoFix.txt

======List of files/folders modified in the last 1 months======

2008-11-01 20:23:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 20:23:42 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 20:23:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 20:23:39 ----HD---- C:\WINDOWS\inf
2008-11-01 20:22:56 ----D---- C:\WINDOWS\temp
2008-11-01 20:22:47 ----D---- C:\WINDOWS\system32
2008-11-01 20:22:44 ----D---- C:\WINDOWS
2008-11-01 20:19:46 ----A---- C:\WINDOWS\system.ini
2008-11-01 20:16:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 20:16:39 ----D---- C:\Program Files\Common Files
2008-11-01 20:16:38 ----D---- C:\WINDOWS\AppPatch
2008-11-01 20:11:17 ----RASH---- C:\boot.ini
2008-11-01 20:09:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 20:04:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 20:02:21 ----A---- C:\hpqp.ini
2008-11-01 20:02:05 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-11-01 20:01:32 ----A---- C:\XP_TV.ini
2008-11-01 20:01:06 ----D---- C:\WINDOWS\CAVTemp
2008-11-01 20:01:02 ----D---- C:\WINDOWS\Registration
2008-10-30 20:51:32 ----D---- C:\WINDOWS\system32\config
2008-10-28 22:03:12 ----SHD---- C:\System Volume Information
2008-10-28 22:03:12 ----D---- C:\WINDOWS\system32\Restore
2008-10-28 21:40:24 ----SHD---- C:\WINDOWS\Installer
2008-10-28 21:40:23 ----HD---- C:\Config.msi
2008-10-28 21:39:58 ----D---- C:\Program Files\Java
2008-10-28 21:27:32 ----D---- C:\Program Files
2008-10-26 22:10:13 ----D---- C:\ProgramData
2008-10-26 19:57:29 ----D---- C:\Program Files\Pogo Games
2008-10-26 19:54:33 ----D---- C:\Program Files\FROG
2008-10-26 19:54:02 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-26 19:51:09 ----D---- C:\Program Files\Encarta Online
2008-10-26 19:45:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-26 19:41:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-25 18:34:42 ----D---- C:\Program Files\Messenger
2008-10-25 18:34:24 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-25 18:34:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-19 20:46:45 ----A---- C:\WINDOWS\imsins.BAK
2008-10-19 20:45:42 ----D---- C:\Program Files\Internet Explorer
2008-10-19 19:18:39 ----D---- C:\WINDOWS\system32\wbem
2008-10-19 19:18:37 ----RSD---- C:\WINDOWS\Fonts
2008-10-19 19:15:01 ----RSD---- C:\WINDOWS\assembly
2008-10-19 19:12:15 ----D---- C:\WINDOWS\WinSxS
2008-10-19 19:11:51 ----D---- C:\WINDOWS\system32\usmt
2008-10-19 19:11:49 ----D---- C:\WINDOWS\system32\Setup
2008-10-19 19:11:47 ----D---- C:\WINDOWS\system32\oobe
2008-10-19 19:11:45 ----D---- C:\WINDOWS\system32\npp
2008-10-19 19:11:32 ----D---- C:\WINDOWS\system32\Com
2008-10-19 19:09:51 ----D---- C:\WINDOWS\system
2008-10-19 19:09:51 ----D---- C:\WINDOWS\srchasst
2008-10-19 19:09:49 ----D---- C:\WINDOWS\PeerNet
2008-10-19 19:09:47 ----D---- C:\WINDOWS\mui
2008-10-19 19:09:46 ----D---- C:\WINDOWS\msagent
2008-10-19 19:09:36 ----D---- C:\WINDOWS\ime
2008-10-19 19:09:35 ----D---- C:\WINDOWS\Help
2008-10-19 19:09:29 ----D---- C:\Program Files\Windows NT
2008-10-19 19:09:29 ----D---- C:\Program Files\Outlook Express
2008-10-19 19:09:27 ----D---- C:\Program Files\NetMeeting
2008-10-19 19:09:25 ----D---- C:\Program Files\Movie Maker
2008-10-19 19:09:16 ----D---- C:\Program Files\Common Files\System
2008-10-19 19:04:04 ----SD---- C:\WINDOWS\Tasks
2008-10-19 18:56:57 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-19 18:15:33 ----D---- C:\WINDOWS\security
2008-10-19 18:15:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-19 18:12:52 ----D---- C:\WINDOWS\ehome
2008-10-11 19:10:15 ----A---- C:\caisslog.txt
2008-10-11 19:08:15 ----D---- C:\qrnt
2008-10-11 18:36:39 ----A---- C:\WINDOWS\system32\022df4b8-.txt
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 18:37:27 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-05 16:17:13 ----D---- C:\Program Files\RGB

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-04 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-09-09 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-09-09 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-09-09 32240]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-09-09 21104]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-04 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-16 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-01 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-19 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-19 208000]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-16 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-18 3687552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-02 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-02 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 11136]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-31 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-31 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-03-16 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-01 193056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-16 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-16 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-04 108368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-19 727296]
S1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ; C:\WINDOWS\System32\Drivers\5U870CAP.sys [2006-06-06 61952]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-16 20480]
S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-13 874240]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-01-11 144696]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-05 283912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-28 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2006-03-16 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2006-03-16 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-18 143426]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-09-09 255216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-16 14336]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-10-11 214256]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2006-03-16 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe [2006-05-09 176128]

-----------------EOF-----------------




The system is running very stable now. After doing Spyware scans and virus scans it looks clean. I think we made it!! :thumbsup:

#11 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 03 November 2008 - 04:28 PM

That's good news :thumbsup:

I'm running a little behind but should be caught up by tomorrow. At first glance everything looked good however I want to go over it more thoroughly and if everything is OK I'll have some last bits of info to help you in staying clean.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 05 November 2008 - 10:47 AM

You now appear to be clean. Congratulations! :) If there is nothing else we can do for you I will leave you with
these suggestions on how to keep from getting reinfected.

Best of luck in the future. :thumbsup:



Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.
The infections you had were

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 Postum212

Postum212
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 08 November 2008 - 06:16 PM

Thank you for all your help and quick responses. You did a great job and I'm up and running again!!

#14 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:56 AM

Posted 09 November 2008 - 10:02 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users