Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zlob.DNSChanger


  • This topic is locked This topic is locked
38 replies to this topic

#1 Caliburn

Caliburn

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 28 October 2008 - 11:51 PM

I don't think my case is outside the ordinary one. I've browsed around online for solutions, but none of the simple fixes have worked. I hope I don't seem like too much of a leech for asking here...

Some background information: I'm running 32-bit Vista on a refurbished Gateway GT5662 I purchased last week. I noticed the infection via Spybot, and after trying everything I could (safe mode removal, and a few programs said to remove the trojan), I decided it would be easiest to reformat while I hadn't really settled in yet. Unfortunately...the thought that an infected file would enter the USB key I used to back up my files hadn't occurred to me, and here I am. I use a registered copy of ESET's NOD32 anti-virus, and the most recent scan shows my PC as clean, but I know better.

I have a wireless connection to my home network via a D-Link WDA-2320. The trojan seems to be preventing me from updating Ad-Aware, Windows Defender, and blocks me from download.microsoft.com, thus not letting me update Windows, or even manually download Vista's SP1.

Here's my log, thanks in advance for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:09 PM, on 28/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 4101 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:38 AM

Posted 05 November 2008 - 06:43 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Caliburn

Caliburn
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 05 November 2008 - 11:55 PM

Thank you very much for your help, Sam. Here's the MBAM log:

Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 6.0.6001 Service Pack 1

05/11/2008 11:49:44 PM
mbam-log-2008-11-05 (23-49-44).txt

Scan type: Quick Scan
Objects scanned: 40034
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{997bdb04-5465-482b-b257-63f882599e65}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{997bdb04-5465-482b-b257-63f882599e65}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And here's my new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:10 PM, on 05/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7037 bytes

Some side notes that may be of importance: I found out that my old computer is infected with the same trojan as well. However, I wish to transfer my files from my old computer to my new one via an external hard drive. Is it safe to do so without risking infection of the hard drive? Should I transfer my files now so that when the trojan is removed, my new computer will be safe? I don't particularly care too much about the onfection on my old computer, as it won't be used much anyway.

Thanks again, Sam.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:38 AM

Posted 06 November 2008 - 04:37 PM

I wouldn't move any files around just yet. Let's get this one cleaned up and then we can tackle the other one so that you'll be clean all around.

Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Caliburn

Caliburn
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 November 2008 - 06:31 PM

Here we go.

log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Stevetran at 2008-11-06 18:29:42
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 411 GB (88%) free of 466 GB
Total RAM: 3070 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:53 PM, on 06/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Stevetran\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\Stevetran.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6931 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-02 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-02 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2007-10-25 1410304]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-10-28 5724184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-06 18:29:42 ----D---- C:\rsit
2008-11-06 00:19:58 ----D---- C:\Program Files\PC Sleep 2.1
2008-11-05 23:45:25 ----D---- C:\Users\Stevetran\AppData\Roaming\Malwarebytes
2008-11-05 23:45:18 ----D---- C:\ProgramData\Malwarebytes
2008-11-05 23:45:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-05 03:55:20 ----D---- C:\PerfLogs
2008-11-05 03:27:39 ----A---- C:\Windows\system32\SPReview.exe
2008-11-05 03:27:38 ----A---- C:\Windows\system32\SPWizUI.dll
2008-11-05 03:13:03 ----A---- C:\Windows\system32\recdisc.exe
2008-11-05 03:13:00 ----A---- C:\Windows\system32\sdspres.dll
2008-11-05 03:12:25 ----A---- C:\Windows\system32\vsp1cln.exe
2008-11-05 03:12:15 ----A---- C:\Windows\system32\sxproxy.dll
2008-11-05 03:12:12 ----A---- C:\Windows\system32\spp.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\mstask.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\mssvp.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msstrc.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\mssrch.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msshsq.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\mssha.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msscp.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msscb.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msrepl40.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msrdc.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msrd3x40.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msrating.dll
2008-11-05 03:11:27 ----A---- C:\Windows\system32\msra.exe
2008-11-05 03:11:26 ----A---- C:\Windows\system32\MuiUnattend.exe
2008-11-05 03:11:26 ----A---- C:\Windows\system32\mtxoci.dll
2008-11-05 03:11:26 ----A---- C:\Windows\system32\mtxlegih.dll
2008-11-05 03:11:26 ----A---- C:\Windows\system32\mtxdm.dll
2008-11-05 03:11:26 ----A---- C:\Windows\system32\mtxclu.dll
2008-11-05 03:11:26 ----A---- C:\Windows\system32\mtstocom.exe
2008-11-05 03:11:26 ----A---- C:\Windows\system32\mssph.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\NAPMONTR.DLL
2008-11-05 03:11:25 ----A---- C:\Windows\system32\napipsec.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\NapiNSP.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\NAPHLPR.DLL
2008-11-05 03:11:25 ----A---- C:\Windows\system32\napdsnap.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mydocs.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mycomput.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\msxml3.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\msxbde40.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mswsock.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\msvbvm60.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\msv1_0.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\msutb.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mstscax.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mstsc.exe
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mstlsapi.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mstime.dll
2008-11-05 03:11:25 ----A---- C:\Windows\system32\mstext40.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msxml6.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\mswmdm.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\MSVidCtl.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msvidc32.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msvfw32.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msvcrt.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msftedit.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msfeedssync.exe
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msfeeds.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msexcl40.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msdtcuiu.dll
2008-11-05 03:11:24 ----A---- C:\Windows\system32\msdtctm.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\mshtmled.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\mshtml.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\mshta.exe
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msdtclog.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msdtckrm.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msdtc.exe
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msdt.exe
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msdelta.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msdart.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msdadiag.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\msctfui.dll
2008-11-05 03:11:23 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\mspbde40.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\mspatcha.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\mspaint.exe
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msorcl32.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msoert2.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msoeacct.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2008-11-05 03:11:22 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2008-11-05 03:11:22 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msmmsp.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msltus40.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msls31.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msjtes40.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msdtcprx.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msdt.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msdrm.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msdri.dll
2008-11-05 03:11:22 ----A---- C:\Windows\system32\msdmo.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msobjs.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msnetobj.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msihnd.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msiexec.exe
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msieftp.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msidle.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msident.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msidcrl30.dll
2008-11-05 03:11:21 ----A---- C:\Windows\system32\msi.dll
2008-11-05 03:11:20 ----A---- C:\Windows\system32\msjetoledb40.dll
2008-11-05 03:11:20 ----A---- C:\Windows\system32\msjet40.dll
2008-11-05 03:11:20 ----A---- C:\Windows\system32\msisip.dll
2008-11-05 03:11:20 ----A---- C:\Windows\system32\msimtf.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData004b.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData004a.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData0049.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData0047.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData0046.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData0045.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData003e.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\NlsData0024.dll
2008-11-05 03:11:19 ----A---- C:\Windows\system32\msinfo32.exe
2008-11-05 03:11:18 ----A---- C:\Windows\system32\notepad.exe
2008-11-05 03:11:18 ----A---- C:\Windows\system32\Nlsdl.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData0414.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData004e.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData0039.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData002a.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData0027.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData0026.dll
2008-11-05 03:11:18 ----A---- C:\Windows\system32\NlsData0022.dll
2008-11-05 03:11:18 ----A---- C:\Windows\notepad.exe
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData081a.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0816.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0416.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData004c.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData001b.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData001a.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData000a.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0009.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0007.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0003.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0002.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0001.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\NlsData0000.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\nlsbres.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\nlmgp.dll
2008-11-05 03:11:17 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\odbcconf.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\odbcbcp.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\odbc32.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\ocsetup.exe
2008-11-05 03:11:16 ----A---- C:\Windows\system32\occache.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\objsel.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData0021.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData0020.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData001d.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData0019.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData0018.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData0013.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData0011.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData0010.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData000f.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData000d.dll
2008-11-05 03:11:16 ----A---- C:\Windows\system32\NlsData000c.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\offfilt.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\odbctrac.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\odbcjt32.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\odbccu32.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\odbccr32.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\odbccp32.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\ntdsapi.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\ntdll.dll
2008-11-05 03:11:15 ----A---- C:\Windows\system32\nslookup.exe
2008-11-05 03:11:14 ----A---- C:\Windows\system32\ntvdm.exe
2008-11-05 03:11:14 ----A---- C:\Windows\system32\ntshrui.dll
2008-11-05 03:11:14 ----A---- C:\Windows\system32\ntmarta.dll
2008-11-05 03:11:14 ----A---- C:\Windows\system32\ntlanman.dll
2008-11-05 03:11:14 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-05 03:11:14 ----A---- C:\Windows\system32\nsisvc.dll
2008-11-05 03:11:14 ----A---- C:\Windows\system32\nsi.dll
2008-11-05 03:11:14 ----A---- C:\Windows\system32\nshipsec.dll
2008-11-05 03:11:14 ----A---- C:\Windows\system32\nshhttp.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\ntprint.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netiougc.exe
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netiohlp.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netid.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netevent.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netdiagfx.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netcorehc.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netcfgx.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netcfg.exe
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netcenter.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netbtugc.exe
2008-11-05 03:11:13 ----A---- C:\Windows\system32\netapi32.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\ncobjapi.dll
2008-11-05 03:11:13 ----A---- C:\Windows\system32\nci.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\newdev.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\networkmap.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\net1.exe
2008-11-05 03:11:12 ----A---- C:\Windows\system32\net.exe
2008-11-05 03:11:12 ----A---- C:\Windows\system32\ndfetw.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\ndfapi.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\ncsi.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\ncryptui.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\ncrypt.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\NcdProp.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\nbtstat.exe
2008-11-05 03:11:12 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-05 03:11:12 ----A---- C:\Windows\system32\NAPSTAT.EXE
2008-11-05 03:11:11 ----A---- C:\Windows\system32\nlasvc.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\nlaapi.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\networkitemfactory.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\networkexplorer.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\netshell.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\netprof.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\Netplwiz.exe
2008-11-05 03:11:11 ----A---- C:\Windows\system32\netplwiz.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\netman.dll
2008-11-05 03:11:11 ----A---- C:\Windows\system32\netlogon.dll
2008-11-05 03:11:10 ----A---- C:\Windows\system32\NetProjW.dll
2008-11-05 03:11:10 ----A---- C:\Windows\system32\netprofm.dll
2008-11-05 03:11:10 ----A---- C:\Windows\system32\mblctr.exe
2008-11-05 03:11:10 ----A---- C:\Windows\system32\makecab.exe
2008-11-05 03:11:10 ----A---- C:\Windows\system32\luainstall.dll
2008-11-05 03:11:10 ----A---- C:\Windows\system32\lsmproxy.dll
2008-11-05 03:11:10 ----A---- C:\Windows\system32\lsm.exe
2008-11-05 03:11:10 ----A---- C:\Windows\system32\lsass.exe
2008-11-05 03:11:10 ----A---- C:\Windows\system32\lsasrv.dll
2008-11-05 03:11:09 ----A---- C:\Windows\system32\lpremove.exe
2008-11-05 03:11:09 ----A---- C:\Windows\system32\lpksetup.exe
2008-11-05 03:11:09 ----A---- C:\Windows\system32\lpk.dll
2008-11-05 03:11:09 ----A---- C:\Windows\system32\logman.exe
2008-11-05 03:11:09 ----A---- C:\Windows\system32\loghours.dll
2008-11-05 03:11:09 ----A---- C:\Windows\system32\logagent.exe
2008-11-05 03:11:09 ----A---- C:\Windows\system32\lodctr.exe
2008-11-05 03:11:09 ----A---- C:\Windows\system32\localui.dll
2008-11-05 03:11:09 ----A---- C:\Windows\system32\localspl.dll
2008-11-05 03:11:09 ----A---- C:\Windows\system32\localsec.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mfvdsp.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mfps.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mfpmp.exe
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mfplat.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mfcsubs.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mfc42u.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mfc42.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\mf.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2008-11-05 03:11:08 ----A---- C:\Windows\system32\LogonUI.exe
2008-11-05 03:11:07 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2008-11-05 03:11:07 ----A---- C:\Windows\system32\mcbuilder.exe
2008-11-05 03:11:06 ----A---- C:\Windows\system32\mdminst.dll
2008-11-05 03:11:06 ----A---- C:\Windows\system32\mcmde.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\MdSched.exe
2008-11-05 03:11:05 ----A---- C:\Windows\system32\McxDriv.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\Mcx2Svc.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\itss.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\iscsiwmi.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\iscsium.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\iscsilog.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\iscsiexe.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\iscsied.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\ipsmsnap.dll
2008-11-05 03:11:05 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-11-05 03:11:05 ----A---- C:\Windows\system32\IPBusEnum.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\lltdapi.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\licmgr10.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\L2SecHC.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\l2nacp.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\l2gpstore.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\ktmw32.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\ktmutil.exe
2008-11-05 03:11:04 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\KMSVC.DLL
2008-11-05 03:11:04 ----A---- C:\Windows\system32\keymgr.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\ipsecsnp.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\iprtrmgr.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\iprtprio.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\ipnathlp.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\iphlpsvc.dll
2008-11-05 03:11:04 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2008-11-05 03:11:04 ----A---- C:\Windows\system32\ipconfig.exe
2008-11-05 03:11:04 ----A---- C:\Windows\system32\inseng.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\mprmsg.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\mprdim.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\loadperf.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\lnkstub.exe
2008-11-05 03:11:03 ----A---- C:\Windows\system32\lltdsvc.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\LangCleanupSysprepAction.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\kernel32.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\kerberos.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\kdusb.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\kdcom.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\kd1394.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\KBDKOR.DLL
2008-11-05 03:11:03 ----A---- C:\Windows\system32\KBDJPN.DLL
2008-11-05 03:11:03 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-05 03:11:03 ----A---- C:\Windows\system32\jscript.dll
2008-11-05 03:11:02 ----A---- C:\Windows\system32\MPSSVC.dll
2008-11-05 03:11:02 ----A---- C:\Windows\system32\mprddm.dll
2008-11-05 03:11:02 ----A---- C:\Windows\system32\mprapi.dll
2008-11-05 03:11:02 ----A---- C:\Windows\system32\mpr.dll
2008-11-05 03:11:02 ----A---- C:\Windows\system32\mountvol.exe
2008-11-05 03:11:01 ----A---- C:\Windows\system32\msctf.dll
2008-11-05 03:11:01 ----A---- C:\Windows\system32\mscories.dll
2008-11-05 03:11:01 ----A---- C:\Windows\system32\mscorier.dll
2008-11-05 03:11:01 ----A---- C:\Windows\system32\mscoree.dll
2008-11-05 03:11:01 ----A---- C:\Windows\system32\msconfig.exe
2008-11-05 03:11:01 ----A---- C:\Windows\system32\mscms.dll
2008-11-05 03:11:01 ----A---- C:\Windows\system32\mscandui.dll
2008-11-05 03:11:01 ----A---- C:\Windows\system32\MPG4DECD.DLL
2008-11-05 03:11:01 ----A---- C:\Windows\system32\MP4SDECD.DLL
2008-11-05 03:11:01 ----A---- C:\Windows\system32\MP43DECD.DLL
2008-11-05 03:11:01 ----A---- C:\Windows\system32\MP3DMOD.DLL
2008-11-05 03:11:00 ----A---- C:\Windows\system32\msacm32.dll
2008-11-05 03:11:00 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2008-11-05 03:11:00 ----A---- C:\Windows\system32\msaatext.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\modemui.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mobsync.exe
2008-11-05 03:10:58 ----A---- C:\Windows\system32\MMDevAPI.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mmcss.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mmcshext.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mmcndmgr.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mmcbase.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mmc.exe
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mlang.dll
2008-11-05 03:10:58 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-05 03:10:57 ----A---- C:\Windows\system32\milcore.dll
2008-11-05 03:10:57 ----A---- C:\Windows\system32\migisol.dll
2008-11-05 03:10:57 ----A---- C:\Windows\system32\MigAutoPlay.exe
2008-11-05 03:10:57 ----A---- C:\Windows\system32\midimap.dll
2008-11-05 03:10:55 ----A---- C:\Windows\system32\SecEdit.exe
2008-11-05 03:10:55 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-05 03:10:55 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-05 03:10:54 ----A---- C:\Windows\system32\secur32.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\secproc_ssp.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\secproc_isv.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\secproc.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\seclogon.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-05 03:10:54 ----A---- C:\Windows\system32\sdshext.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\sdrsvc.dll
2008-11-05 03:10:54 ----A---- C:\Windows\system32\sdohlp.dll
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shsvcs.dll
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shsetup.dll
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shrpubw.exe
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shrink.dll
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shlwapi.dll
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shimgvw.dll
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shgina.dll
2008-11-05 03:10:53 ----A---- C:\Windows\system32\shell32.dll
2008-11-05 03:10:52 ----A---- C:\Windows\system32\shwebsvc.dll
2008-11-05 03:10:52 ----A---- C:\Windows\system32\shutdown.exe
2008-11-05 03:10:52 ----A---- C:\Windows\system32\shacct.dll
2008-11-05 03:10:51 ----A---- C:\Windows\system32\softkbd.dll
2008-11-05 03:10:51 ----A---- C:\Windows\system32\SnippingTool.exe
2008-11-05 03:10:51 ----A---- C:\Windows\system32\SndVol.exe
2008-11-05 03:10:51 ----A---- C:\Windows\system32\smss.exe
2008-11-05 03:10:51 ----A---- C:\Windows\system32\SmiInstaller.dll
2008-11-05 03:10:51 ----A---- C:\Windows\system32\shdocvw.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\slwmi.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\slwga.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\SLUINotify.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\SLUI.exe
2008-11-05 03:10:50 ----A---- C:\Windows\system32\SLsvc.exe
2008-11-05 03:10:50 ----A---- C:\Windows\system32\slmgr.vbs
2008-11-05 03:10:50 ----A---- C:\Windows\system32\SLLUA.exe
2008-11-05 03:10:50 ----A---- C:\Windows\system32\SLCommDlg.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\slcinst.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\SLCExt.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\slcc.dll
2008-11-05 03:10:50 ----A---- C:\Windows\system32\SLC.dll
2008-11-05 03:10:49 ----A---- C:\Windows\system32\SmiEngine.dll
2008-11-05 03:10:49 ----A---- C:\Windows\system32\SMBHelperClass.dll
2008-11-05 03:10:49 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2008-11-05 03:10:48 ----A---- C:\Windows\system32\sfc_os.dll
2008-11-05 03:10:48 ----A---- C:\Windows\system32\sfc.exe
2008-11-05 03:10:48 ----A---- C:\Windows\system32\setupugc.exe
2008-11-05 03:10:48 ----A---- C:\Windows\system32\setupSNK.exe
2008-11-05 03:10:48 ----A---- C:\Windows\system32\setupcln.dll
2008-11-05 03:10:48 ----A---- C:\Windows\system32\setupcl.exe
2008-11-05 03:10:48 ----A---- C:\Windows\system32\sethc.exe
2008-11-05 03:10:48 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-11-05 03:10:48 ----A---- C:\Windows\system32\SessEnv.dll
2008-11-05 03:10:48 ----A---- C:\Windows\system32\services.exe
2008-11-05 03:10:48 ----A---- C:\Windows\system32\serialui.dll
2008-11-05 03:10:47 ----A---- C:\Windows\system32\setupapi.dll
2008-11-05 03:10:47 ----A---- C:\Windows\system32\Sens.dll
2008-11-05 03:10:47 ----A---- C:\Windows\system32\sendmail.dll
2008-11-05 03:10:46 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-11-05 03:10:46 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2008-11-05 03:10:46 ----A---- C:\Windows\system32\PresentationHost.exe
2008-11-05 03:10:46 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-11-05 03:10:46 ----A---- C:\Windows\system32\powrprof.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PSHED.DLL
2008-11-05 03:10:45 ----A---- C:\Windows\system32\psbase.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\powercpl.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\pots.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\polstore.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\pnrpnsp.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PNPXAssocPrx.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PNPXAssoc.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PnPutil.exe
2008-11-05 03:10:45 ----A---- C:\Windows\system32\PnPUnattend.exe
2008-11-05 03:10:45 ----A---- C:\Windows\system32\pnpui.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\pnpts.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\pnpsetup.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\pnidui.dll
2008-11-05 03:10:45 ----A---- C:\Windows\system32\pngfilt.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\QAGENT.DLL
2008-11-05 03:10:44 ----A---- C:\Windows\system32\puiobj.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\puiapi.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\provthrd.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\propsys.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\propdefs.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2008-11-05 03:10:44 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\printcom.dll
2008-11-05 03:10:44 ----A---- C:\Windows\system32\prevhost.exe
2008-11-05 03:10:44 ----A---- C:\Windows\system32\PresentationSettings.exe
2008-11-05 03:10:43 ----A---- C:\Windows\system32\profsvc.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\profprov.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\procinst.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\prntvpt.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\prnntfy.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\printui.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\pcaui.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\pcasvc.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\pcadm.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\p2psvc.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\p2pnetsh.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\p2phost.exe
2008-11-05 03:10:43 ----A---- C:\Windows\system32\P2PGraph.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\p2pcollab.dll
2008-11-05 03:10:43 ----A---- C:\Windows\system32\P2P.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\osblprov.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\osbaseln.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\OptionalFeatures.exe
2008-11-05 03:10:42 ----A---- C:\Windows\system32\oobefldr.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\onex.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\olethk32.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\olesvr32.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\olepro32.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\oleprn.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\oledlg.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\olecli32.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\oleaut32.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\oleacc.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\ole32.dll
2008-11-05 03:10:42 ----A---- C:\Windows\system32\ogldrv.dll
2008-11-05 03:10:41 ----A---- C:\Windows\system32\PlaySndSrv.dll
2008-11-05 03:10:41 ----A---- C:\Windows\system32\pla.dll
2008-11-05 03:10:41 ----A---- C:\Windows\system32\PkgMgr.exe
2008-11-05 03:10:41 ----A---- C:\Windows\system32\PING.EXE
2008-11-05 03:10:41 ----A---- C:\Windows\system32\pidgenx.dll
2008-11-05 03:10:41 ----A---- C:\Windows\system32\photowiz.dll
2008-11-05 03:10:41 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-05 03:10:41 ----A---- C:\Windows\system32\pdhui.dll
2008-11-05 03:10:41 ----A---- C:\Windows\system32\pdh.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\samsrv.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\samlib.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\runonce.exe
2008-11-05 03:10:40 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\rstrui.exe
2008-11-05 03:10:40 ----A---- C:\Windows\system32\RstrtMgr.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\rshx32.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\rsaenh.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\rrinstaller.exe
2008-11-05 03:10:40 ----A---- C:\Windows\system32\rpcss.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\perfts.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\perfnet.dll
2008-11-05 03:10:40 ----A---- C:\Windows\system32\perfmon.msc
2008-11-05 03:10:40 ----A---- C:\Windows\system32\perfmon.exe
2008-11-05 03:10:40 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\rtm.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\RpcPing.exe
2008-11-05 03:10:39 ----A---- C:\Windows\system32\rpchttp.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\ROUTE.EXE
2008-11-05 03:10:39 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2008-11-05 03:10:39 ----A---- C:\Windows\system32\RMActivate_isv.exe
2008-11-05 03:10:39 ----A---- C:\Windows\system32\RMActivate.exe
2008-11-05 03:10:39 ----A---- C:\Windows\system32\riched32.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\riched20.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\rgb9rast.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\resutils.dll
2008-11-05 03:10:39 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2008-11-05 03:10:38 ----A---- C:\Windows\system32\sdengin2.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\sdclt.exe
2008-11-05 03:10:38 ----A---- C:\Windows\system32\sdchange.exe
2008-11-05 03:10:38 ----A---- C:\Windows\system32\scrobj.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\scksp.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\schtasks.exe
2008-11-05 03:10:38 ----A---- C:\Windows\system32\schedsvc.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\schannel.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\scesrv.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\scecli.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\SCardSvr.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\scansetting.dll
2008-11-05 03:10:38 ----A---- C:\Windows\system32\sbunattend.exe
2008-11-05 03:10:38 ----A---- C:\Windows\system32\Robocopy.exe
2008-11-05 03:10:38 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2008-11-05 03:10:37 ----A---- C:\Windows\system32\scrrun.dll
2008-11-05 03:10:36 ----A---- C:\Windows\system32\sbeio.dll
2008-11-05 03:10:36 ----A---- C:\Windows\system32\sbe.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\rasdlg.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\rasdiag.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\rasctrs.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\raschap.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\rascfg.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\rasauto.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\rasapi32.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\RacEngn.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\RacAgent.exe
2008-11-05 03:10:35 ----A---- C:\Windows\system32\Query.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\qedit.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\qdvd.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\qdv.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\QCLIPROV.DLL
2008-11-05 03:10:35 ----A---- C:\Windows\system32\qcap.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\qasf.dll
2008-11-05 03:10:35 ----A---- C:\Windows\system32\QAGENTRT.DLL
2008-11-05 03:10:34 ----A---- C:\Windows\system32\rdrleakdiag.exe
2008-11-05 03:10:34 ----A---- C:\Windows\system32\rdpwsx.dll
2008-11-05 03:10:34 ----A---- C:\Windows\system32\qwave.dll
2008-11-05 03:10:34 ----A---- C:\Windows\system32\QUTIL.DLL
2008-11-05 03:10:34 ----A---- C:\Windows\system32\quartz.dll
2008-11-05 03:10:34 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2008-11-05 03:10:34 ----A---- C:\Windows\system32\QSHVHOST.DLL
2008-11-05 03:10:34 ----A---- C:\Windows\system32\qmgr.dll
2008-11-05 03:10:33 ----A---- C:\Windows\system32\RDPENCDD.dll
2008-11-05 03:10:32 ----A---- C:\Windows\system32\remotepg.dll
2008-11-05 03:10:32 ----A---- C:\Windows\system32\RelMon.dll
2008-11-05 03:10:32 ----A---- C:\Windows\system32\rekeywiz.exe
2008-11-05 03:10:32 ----A---- C:\Windows\system32\regsvc.dll
2008-11-05 03:10:32 ----A---- C:\Windows\system32\regini.exe
2008-11-05 03:10:32 ----A---- C:\Windows\system32\RegCtrl.dll
2008-11-05 03:10:32 ----A---- C:\Windows\system32\regapi.dll
2008-11-05 03:10:32 ----A---- C:\Windows\system32\reg.exe
2008-11-05 03:10:32 ----A---- C:\Windows\system32\rdpencom.dll
2008-11-05 03:10:32 ----A---- C:\Windows\regedit.exe
2008-11-05 03:10:31 ----A---- C:\Windows\system32\rasppp.dll
2008-11-05 03:10:31 ----A---- C:\Windows\system32\rasphone.exe
2008-11-05 03:10:31 ----A---- C:\Windows\system32\rasmontr.dll
2008-11-05 03:10:31 ----A---- C:\Windows\system32\RASMM.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rdpdd.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rdpcfgex.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rastls.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rastapi.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rasqec.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rasplap.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rasmans.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rasman.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\rasgcw.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\raserver.exe
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3dim700.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3dim.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3d9.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3d8.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3d10core.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3d10_1core.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3d10_1.dll
2008-11-05 03:10:30 ----A---- C:\Windows\system32\d3d10.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\devenum.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\Defrag.exe
2008-11-05 03:10:29 ----A---- C:\Windows\system32\ddraw.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\dbnetlib.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\dbghelp.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\dbgeng.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\d3dxof.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\csrstub.exe
2008-11-05 03:10:29 ----A---- C:\Windows\system32\csrss.exe
2008-11-05 03:10:29 ----A---- C:\Windows\system32\csrsrv.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\cscript.exe
2008-11-05 03:10:29 ----A---- C:\Windows\system32\cscapi.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\cryptui.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\cryptsvc.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\cryptnet.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\cryptdll.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\crypt32.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\credui.dll
2008-11-05 03:10:29 ----A---- C:\Windows\system32\credssp.dll
2008-11-05 03:10:28 ----A---- C:\Windows\system32\dispdiag.exe
2008-11-05 03:10:28 ----A---- C:\Windows\system32\dispci.dll
2008-11-05 03:10:28 ----A---- C:\Windows\system32\diskpart.exe
2008-11-05 03:10:28 ----A---- C:\Windows\system32\dinput8.dll
2008-11-05 03:10:28 ----A---- C:\Windows\system32\dimsroam.dll
2008-11-05 03:10:28 ----A---- C:\Windows\system32\dimsjob.dll
2008-11-05 03:10:28 ----A---- C:\Windows\system32\diantz.exe
2008-11-05 03:10:28 ----A---- C:\Windows\system32\cscdll.dll
2008-11-05 03:10:27 ----A---- C:\Windows\system32\dispex.dll
2008-11-05 03:10:27 ----A---- C:\Windows\system32\diskraid.exe
2008-11-05 03:10:27 ----A---- C:\Windows\system32\dfsr.exe
2008-11-05 03:10:27 ----A---- C:\Windows\system32\dfshim.dll
2008-11-05 03:10:27 ----A---- C:\Windows\system32\dfrgui.exe
2008-11-05 03:10:27 ----A---- C:\Windows\system32\DfrgNtfs.exe
2008-11-05 03:10:27 ----A---- C:\Windows\system32\dfrgifc.exe
2008-11-05 03:10:27 ----A---- C:\Windows\system32\dfrgfat.exe
2008-11-05 03:10:27 ----A---- C:\Windows\system32\DFDWiz.exe
2008-11-05 03:10:27 ----A---- C:\Windows\system32\dfdts.dll
2008-11-05 03:10:27 ----A---- C:\Windows\system32\devmgr.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\diagperf.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\dhcpsapi.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\DHCPQEC.DLL
2008-11-05 03:10:26 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\dhcpcsvc.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\DfsShlEx.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmmon32.exe
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmlua.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmipnpinstall.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmifw.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmicryptinstall.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmdl32.exe
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmdial32.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmd.exe
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cmcfg32.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\clusapi.dll
2008-11-05 03:10:26 ----A---- C:\Windows\system32\cipher.exe
2008-11-05 03:10:25 ----A---- C:\Windows\system32\comsnap.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\comres.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\comrepl.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\ComputerDefaults.exe
2008-11-05 03:10:25 ----A---- C:\Windows\system32\compstui.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\CompMgmtLauncher.exe
2008-11-05 03:10:25 ----A---- C:\Windows\system32\CompatUI.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\clfsw32.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\clbcatq.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\cic.dll
2008-11-05 03:10:25 ----A---- C:\Windows\system32\ci.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\corpol.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\convert.exe
2008-11-05 03:10:24 ----A---- C:\Windows\system32\consent.exe
2008-11-05 03:10:24 ----A---- C:\Windows\system32\connect.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\conime.exe
2008-11-05 03:10:24 ----A---- C:\Windows\system32\comuid.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\comsvcs.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\comdlg32.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\comctl32.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\colorui.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\COLORCNV.DLL
2008-11-05 03:10:24 ----A---- C:\Windows\system32\colbact.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\cofiredm.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\cmutil.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\cmstplua.dll
2008-11-05 03:10:24 ----A---- C:\Windows\system32\cmstp.exe
2008-11-05 03:10:24 ----A---- C:\Windows\system32\cmpbk32.dll
2008-11-05 03:10:23 ----A---- C:\Windows\system32\esentutl.exe
2008-11-05 03:10:23 ----A---- C:\Windows\system32\esentprf.dll
2008-11-05 03:10:23 ----A---- C:\Windows\system32\esent.dll
2008-11-05 03:10:23 ----A---- C:\Windows\system32\es.dll
2008-11-05 03:10:23 ----A---- C:\Windows\system32\EncDump.dll
2008-11-05 03:10:23 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-05 03:10:23 ----A---- C:\Windows\system32\els.dll
2008-11-05 03:10:22 ----A---- C:\Windows\system32\feclient.dll
2008-11-05 03:10:22 ----A---- C:\Windows\system32\fdWSD.dll
2008-11-05 03:10:22 ----A---- C:\Windows\system32\EncDec.dll
2008-11-05 03:10:22 ----A---- C:\Windows\system32\efsadu.dll
2008-11-05 03:10:22 ----A---- C:\Windows\system32\eapsvc.dll
2008-11-05 03:10:22 ----A---- C:\Windows\system32\EAPQEC.DLL
2008-11-05 03:10:22 ----A---- C:\Windows\system32\eappprxy.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fontsub.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fontext.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fmifs.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2008-11-05 03:10:21 ----A---- C:\Windows\system32\FirewallAPI.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\findstr.exe
2008-11-05 03:10:21 ----A---- C:\Windows\system32\findnetprinters.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\filemgmt.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fdWCN.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fdSSDP.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fdPHost.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fdeploy.dll
2008-11-05 03:10:21 ----A---- C:\Windows\system32\fde.dll
2008-11-05 03:10:20 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-05 03:10:20 ----A---- C:\Windows\system32\f3ahvoas.dll
2008-11-05 03:10:20 ----A---- C:\Windows\system32\extrac32.exe
2008-11-05 03:10:20 ----A---- C:\Windows\system32\extmgr.dll
2008-11-05 03:10:20 ----A---- C:\Windows\system32\ExplorerFrame.dll
2008-11-05 03:10:20 ----A---- C:\Windows\system32\expand.exe
2008-11-05 03:10:20 ----A---- C:\Windows\system32\evr.dll
2008-11-05 03:10:20 ----A---- C:\Windows\system32\eventcls.dll
2008-11-05 03:10:20 ----A---- C:\Windows\explorer.exe
2008-11-05 03:10:19 ----A---- C:\Windows\system32\drmv2clt.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\drmmgrtn.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\driverquery.exe
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dpx.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dps.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dpnet.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\DpiScaling.exe
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dpapimig.exe
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3ui.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3svc.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3msm.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3gpui.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3gpclnt.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3dlg.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3cfg.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dot3api.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dnshc.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmsynth.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmscript.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmocx.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmloader.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmime.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmdskres2.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmdskmgr.dll
2008-11-05 03:10:19 ----A---- C:\Windows\system32\dmdlgs.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\eapphost.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\eappgnui.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\eappcfg.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\eapp3hst.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dxtrans.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dxtmsft.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dxgi.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dxdiagn.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dxdiag.exe
2008-11-05 03:10:18 ----A---- C:\Windows\system32\DWWIN.EXE
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dwmredir.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dwmapi.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dwm.exe
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dnsrslvr.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dnscacheugc.exe
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dnsapi.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dmvdsitf.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dmutil.dll
2008-11-05 03:10:18 ----A---- C:\Windows\system32\dmusic.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dxva2.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dxmasf.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\duser.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dsuiext.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dssenh.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dssec.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dsquery.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dsprop.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dsound.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dskquoui.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dskquota.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dsdmo.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\dsauth.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\drvstore.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\drvinst.exe
2008-11-05 03:10:17 ----A---- C:\Windows\system32\AudioEng.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\audiodg.exe
2008-11-05 03:10:17 ----A---- C:\Windows\system32\audiodev.dll
2008-11-05 03:10:17 ----A---- C:\Windows\system32\atmfd.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\AuthFWGP.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\authfwcfg.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\auditpol.exe
2008-11-05 03:10:16 ----A---- C:\Windows\system32\audiosrv.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\AudioSes.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\AUDIOKSE.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\atl.dll
2008-11-05 03:10:16 ----A---- C:\Windows\system32\AtBroker.exe
2008-11-05 03:10:16 ----A---- C:\Windows\system32\at.exe
2008-11-05 03:10:15 ----A---- C:\Windows\system32\BFE.DLL
2008-11-05 03:10:15 ----A---- C:\Windows\system32\bcdedit.exe
2008-11-05 03:10:15 ----A---- C:\Windows\system32\batt.dll
2008-11-05 03:10:15 ----A---- C:\Windows\system32\basesrv.dll
2008-11-05 03:10:15 ----A---- C:\Windows\system32\basecsp.dll
2008-11-05 03:10:15 ----A---- C:\Windows\bfsvc.exe
2008-11-05 03:10:14 ----A---- C:\Windows\system32\bitsadmin.exe
2008-11-05 03:10:14 ----A---- C:\Windows\system32\bcrypt.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\bcdsrv.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\bcdprov.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\AzSqlExt.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\azroleui.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\azroles.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\avrt.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\avifil32.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\autoplay.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\autofmt.exe
2008-11-05 03:10:14 ----A---- C:\Windows\system32\autoconv.exe
2008-11-05 03:10:14 ----A---- C:\Windows\system32\autochk.exe
2008-11-05 03:10:14 ----A---- C:\Windows\system32\authz.dll
2008-11-05 03:10:14 ----A---- C:\Windows\system32\authui.dll
2008-11-05 03:10:13 ----A---- C:\Windows\system32\admparse.dll
2008-11-05 03:10:13 ----A---- C:\Windows\system32\ACW.exe
2008-11-05 03:10:13 ----A---- C:\Windows\system32\actxprxy.dll
2008-11-05 03:10:13 ----A---- C:\Windows\system32\activeds.dll
2008-11-05 03:10:13 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2008-11-05 03:10:13 ----A---- C:\Windows\system32\ActionQueue.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\apss.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\apircl.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\apilogen.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\apds.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\amxread.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\amstream.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\aclui.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\accessibilitycpl.dll
2008-11-05 03:10:12 ----A---- C:\Windows\system32\aaclient.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\appinfo.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\apphelp.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\alg.exe
2008-11-05 03:10:11 ----A---- C:\Windows\system32\advpack.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\advapi32.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\adtschema.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\adsnt.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\adsmsext.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\adsldpc.dll
2008-11-05 03:10:11 ----A---- C:\Windows\system32\adsldp.dll
2008-11-05 03:10:10 ----A---- C:\Windows\system32\catsrvut.dll
2008-11-05 03:10:10 ----A---- C:\Windows\system32\catsrv.dll
2008-11-05 03:10:10 ----A---- C:\Windows\system32\capisp.dll
2008-11-05 03:10:10 ----A---- C:\Windows\system32\cacls.exe
2008-11-05 03:10:10 ----A---- C:\Windows\system32\cabview.dll
2008-11-05 03:10:10 ----A---- C:\Windows\system32\cabinet.dll
2008-11-05 03:10:10 ----A---- C:\Windows\system32\btpanui.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\certutil.exe
2008-11-05 03:10:09 ----A---- C:\Windows\system32\certreq.exe
2008-11-05 03:10:09 ----A---- C:\Windows\system32\certprop.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\certmgr.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\CertEnrollUI.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2008-11-05 03:10:09 ----A---- C:\Windows\system32\CertEnroll.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\certcli.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\bthci.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\browseui.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\browser.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\bridgeunattend.exe
2008-11-05 03:10:09 ----A---- C:\Windows\system32\brcplsdw.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\brcpl.dll
2008-11-05 03:10:09 ----A---- C:\Windows\system32\BOOTVID.DLL
2008-11-05 03:10:09 ----A---- C:\Windows\system32\bootstr.dll
2008-11-05 03:10:08 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-05 03:10:08 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-05 03:10:08 ----A---- C:\Windows\system32\cfgmgr32.dll
2008-11-05 03:10:08 ----A---- C:\Windows\system32\cfgbkend.dll
2008-11-05 03:10:08 ----A---- C:\Windows\system32\cewmdm.dll
2008-11-05 03:10:08 ----A---- C:\Windows\system32\cdosys.dll
2008-11-05 03:10:08 ----A---- C:\Windows\system32\cdd.dll
2008-11-05 03:10:07 ----A---- C:\Windows\system32\bootcfg.exe
2008-11-05 03:10:07 ----A---- C:\Windows\system32\blackbox.dll
2008-11-05 03:10:07 ----A---- C:\Windows\system32\bitsigd.dll
2008-11-05 03:10:02 ----A---- C:\Windows\system32\IMJP10K.DLL
2008-11-05 03:10:02 ----A---- C:\Windows\system32\imgutil.dll
2008-11-05 03:10:01 ----A---- C:\Windows\system32\imapi2fs.dll
2008-11-05 03:10:01 ----A---- C:\Windows\system32\imapi2.dll
2008-11-05 03:10:01 ----A---- C:\Windows\system32\imapi.dll
2008-11-05 03:10:01 ----A---- C:\Windows\system32\imagesp1.dll
2008-11-05 03:10:01 ----A---- C:\Windows\system32\imagehlp.dll
2008-11-05 03:10:00 ----A---- C:\Windows\system32\inetppui.dll
2008-11-05 03:10:00 ----A---- C:\Windows\system32\inetpp.dll
2008-11-05 03:10:00 ----A---- C:\Windows\system32\inetmib1.dll
2008-11-05 03:10:00 ----A---- C:\Windows\system32\IKEEXT.DLL
2008-11-05 03:09:59 ----A---- C:\Windows\system32\input.dll
2008-11-05 03:09:59 ----A---- C:\Windows\system32\InkEd.dll
2008-11-05 03:09:59 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2008-11-05 03:09:59 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-05 03:09:58 ----A---- C:\Windows\system32\infocardapi.dll
2008-11-05 03:09:58 ----A---- C:\Windows\system32\imm32.dll
2008-11-05 03:09:58 ----A---- C:\Windows\system32\iashost.exe
2008-11-05 03:09:58 ----A---- C:\Windows\system32\iashlpr.dll
2008-11-05 03:09:58 ----A---- C:\Windows\system32\iasdatastore.dll
2008-11-05 03:09:58 ----A---- C:\Windows\system32\iasads.dll
2008-11-05 03:09:58 ----A---- C:\Windows\system32\iasacct.dll
2008-11-05 03:09:58 ----A---- C:\Windows\system32\ias.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\icaapi.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\iassvcs.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\iassdo.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\iassam.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\iasrecst.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\iasrad.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\iaspolcy.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\iasnap.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\IasMigPlugin.dll
2008-11-05 03:09:57 ----A---- C:\Windows\system32\httpapi.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\ifsutil.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\ifmon.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\iexpress.exe
2008-11-05 03:09:56 ----A---- C:\Windows\system32\ieui.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\iesetup.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\iertutil.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\iernonce.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\iepeers.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\ieakeng.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\ie4uinit.exe
2008-11-05 03:09:56 ----A---- C:\Windows\system32\idndl.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\icsunattend.exe
2008-11-05 03:09:56 ----A---- C:\Windows\system32\icsfiltr.dll
2008-11-05 03:09:56 ----A---- C:\Windows\system32\icm32.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\ieframe.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\ieencode.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\iedkcs32.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\ieapfltr.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\ieaksie.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\icfupgd.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\icardres.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\icardie.dll
2008-11-05 03:09:55 ----A---- C:\Windows\system32\icardagt.exe
2008-11-05 03:09:55 ----A---- C:\Windows\system32\icacls.exe
2008-11-05 03:09:54 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2008-11-05 03:09:54 ----A---- C:\Windows\system32\hnetmon.dll
2008-11-05 03:09:54 ----A---- C:\Windows\system32\hnetcfg.dll
2008-11-05 03:09:54 ----A---- C:\Windows\system32\hlink.dll
2008-11-05 03:09:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-11-05 03:09:53 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2008-11-05 03:09:52 ----A---- C:\Windows\system32\hcrstco.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\hbaapi.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\GuidedHelp.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\fwcfg.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\fundisc.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\ftp.exe
2008-11-05 03:09:52 ----A---- C:\Windows\system32\fsutil.exe
2008-11-05 03:09:52 ----A---- C:\Windows\system32\fsmgmt.msc
2008-11-05 03:09:52 ----A---- C:\Windows\system32\framedynos.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\framedyn.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\framebuf.dll
2008-11-05 03:09:52 ----A---- C:\Windows\system32\fphc.dll
2008-11-05 03:09:52 ----A---- C:\Windows\fveupdate.exe
2008-11-05 03:09:51 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2008-11-05 03:09:51 ----A---- C:\Windows\system32\graftabl.com
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gpupdate.exe
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gpsvc.dll
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gpresult.exe
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gpedit.dll
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gpapi.dll
2008-11-05 03:09:51 ----A---- C:\Windows\system32\getmac.exe
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gdi32.dll
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gatherWirelessInfo.vbs
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gatherWiredInfo.vbs
2008-11-05 03:09:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gameux.dll
2008-11-05 03:09:51 ----A---- C:\Windows\system32\gacinstall.dll
2008-11-05 03:09:51 ----A---- C:\Windows\HelpPane.exe
2008-11-05 03:09:47 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2008-11-05 03:09:47 ----A---- C:\Windows\system32\WindowsAnytimeUpgrade.exe
2008-11-05 03:09:46 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\win32spl.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wiadss.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wiadefui.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wiaaut.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wiaacmgr.exe
2008-11-05 03:09:46 ----A---- C:\Windows\system32\whealogr.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wfapigp.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wextract.exe
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wevtutil.exe
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wevtsvc.dll
2008-11-05 03:09:46 ----A---- C:\Windows\system32\wevtfwd.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\WLanConn.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wlancfg.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wlanapi.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wkssvc.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wisptis.exe
2008-11-05 03:09:45 ----A---- C:\Windows\system32\winusb.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wintrust.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\winsta.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\winsrv.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\WINSRPC.DLL
2008-11-05 03:09:45 ----A---- C:\Windows\system32\WinSCard.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\WinSATAPI.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\WinSAT.exe
2008-11-05 03:09:45 ----A---- C:\Windows\system32\winrsmgr.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\winload.exe
2008-11-05 03:09:45 ----A---- C:\Windows\system32\winipsec.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wininit.exe
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wininet.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wiashext.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wiaservc.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wiascanprofiles.dll
2008-11-05 03:09:45 ----A---- C:\Windows\system32\wiarpc.dll
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winrshost.exe
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winrscmd.dll
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winrs.exe
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winrm.vbs
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winresume.exe
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winnsi.dll
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winmm.dll
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winlogon.exe
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winhttp.dll
2008-11-05 03:09:44 ----A---- C:\Windows\system32\WinFXDocObj.exe
2008-11-05 03:09:44 ----A---- C:\Windows\system32\winethc.dll
2008-11-05 03:09:44 ----A---- C:\Windows\system32\w32time.dll
2008-11-05 03:09:43 ----A---- C:\Windows\system32\wbemcomn.dll
2008-11-05 03:09:43 ----A---- C:\Windows\system32\wavemsp.dll
2008-11-05 03:09:43 ----A---- C:\Windows\system32\WavDest.dll
2008-11-05 03:09:43 ----A---- C:\Windows\system32\waitfor.exe
2008-11-05 03:09:43 ----A---- C:\Windows\system32\w32tm.exe
2008-11-05 03:09:43 ----A---- C:\Windows\system32\vsstrace.dll
2008-11-05 03:09:43 ----A---- C:\Windows\system32\vssadmin.exe
2008-11-05 03:09:43 ----A---- C:\Windows\system32\vss_ps.dll
2008-11-05 03:09:42 ----A---- C:\Windows\system32\WebClnt.dll
2008-11-05 03:09:42 ----A---- C:\Windows\system32\webcheck.dll
2008-11-05 03:09:42 ----A---- C:\Windows\system32\VSSVC.exe
2008-11-05 03:09:42 ----A---- C:\Windows\system32\vssapi.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wevtapi.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wersvc.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wermgr.exe
2008-11-05 03:09:41 ----A---- C:\Windows\system32\WerFaultSecure.exe
2008-11-05 03:09:41 ----A---- C:\Windows\system32\WerFault.exe
2008-11-05 03:09:41 ----A---- C:\Windows\system32\werdiagcontroller.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wercplsupport.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wercon.exe
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wer.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wecutil.exe
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wecsvc.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wecapi.dll
2008-11-05 03:09:41 ----A---- C:\Windows\system32\wdscore.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\WSDMon.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\WSDApi.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wscsvc.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wscript.exe
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wscproxystub.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wscntfy.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wdigest.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wdi.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wdc.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wcnwiz.dll
2008-11-05 03:09:40 ----A---- C:\Windows\system32\wcncsvc.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wship6.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wshext.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wshcon.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wsepno.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wsecedit.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wscmisetup.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wscisvif.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wscapi.dll
2008-11-05 03:09:39 ----A---- C:\Windows\system32\wpdbusenum.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\ws2_32.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpnpinst.exe
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpdwcn.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\WPDSp.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpdshext.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpd_ci.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpcsvc.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpclsp.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpccpl.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\wpcao.dll
2008-11-05 03:09:38 ----A---- C:\Windows\system32\Wpc.dll
2008-11-05 03:09:37 ----A---- C:\Windows\system32\xcopy.exe
2008-11-05 03:09:36 ----A---- C:\Windows\system32\XPSSHHDR.dll
2008-11-05 03:09:36 ----A---- C:\Windows\system32\xolehlp.dll
2008-11-05 03:09:36 ----A---- C:\Windows\system32\xmlprovi.dll
2008-11-05 03:09:36 ----A---- C:\Windows\system32\xmllite.dll
2008-11-05 03:09:36 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-05 03:09:36 ----A---- C:\Windows\system32\xactsrv.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\xpssvcs.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wzcdlg.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wvc.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wusa.exe
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wups2.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wups.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wudriver.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WUDFx.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WUDFSvc.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WUDFPlatform.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WUDFHost.exe
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wucltux.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wuapp.exe
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wtsapi32.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wsqmcons.exe
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wsock32.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\wsnmp32.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WsmWmiPl.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WsmSvc.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WsmRes.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WsmProv.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WsmCl.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WsmAuto.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2008-11-05 03:09:35 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2008-11-05 03:09:34 ----A---- C:\Windows\system32\xwizards.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wuapi.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wmidx.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wmicmiplugin.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\Wldap32.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wlanui.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wlansec.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wlanpref.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\wlanmsm.dll
2008-11-05 03:09:34 ----A---- C:\Windows\system32\WlanMmHC.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wmpshell.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wmdrmsdk.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wmdrmnet.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wmdrmdev.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\WMASF.DLL
2008-11-05 03:09:33 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\WMADMOE.DLL
2008-11-05 03:09:33 ----A---- C:\Windows\system32\WMADMOD.DLL
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wlgpclnt.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wlansvc.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\WlanMM.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wlanhlp.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\WLanHC.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wlangpui.dll
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wlanext.exe
2008-11-05 03:09:33 ----A---- C:\Windows\system32\wlandlg.dll
2008-11-05 03:09:32 ----A---- C:\Windows\system32\WMVXENCD.DLL
2008-11-05 03:09:32 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2008-11-05 03:09:32 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2008-11-05 03:09:32 ----A---- C:\Windows\system32\wmpsrcwp.dll
2008-11-05 03:09:32 ----A---- C:\Windows\system32\wmpmde.dll
2008-11-05 03:09:32 ----A---- C:\Windows\system32\wmploc.DLL
2008-11-05 03:09:31 ----A---- C:\Windows\system32\wow32.dll
2008-11-05 03:09:31 ----A---- C:\Windows\system32\WMVSENCD.DLL
2008-11-05 03:09:31 ----A---- C:\Windows\system32\WMVSDECD.DLL
2008-11-05 03:09:31 ----A---- C:\Windows\system32\WMVENCOD.DLL
2008-11-05 03:09:31 ----A---- C:\Windows\system32\wmvdspa.dll
2008-11-05 03:09:31 ----A---- C:\Windows\system32\WMVDECOD.DLL
2008-11-05 03:09:31 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-11-05 03:09:31 ----A---- C:\Windows\system32\wmpdxm.dll
2008-11-05 03:09:31 ----A---- C:\Windows\system32\wmiprop.dll
2008-11-05 03:09:30 ----A---- C:\Windows\system32\WMPhoto.dll
2008-11-05 03:09:30 ----A---- C:\Windows\system32\WMPEncEn.dll
2008-11-05 03:09:30 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-05 03:09:30 ----A---- C:\Windows\system32\wmpcm.dll
2008-11-05 03:09:30 ----A---- C:\Windows\system32\wmp.dll
2008-11-05 03:09:30 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-11-05 03:09:29 ----A---- C:\Windows\system32\Tabbtn.dll
2008-11-05 03:09:29 ----A---- C:\Windows\system32\t2embed.dll
2008-11-05 03:09:29 ----A---- C:\Windows\system32\systeminfo.exe
2008-11-05 03:09:29 ----A---- C:\Windows\system32\systemcpl.dll
2008-11-05 03:09:28 ----A---- C:\Windows\system32\tcpmon.dll
2008-11-05 03:09:28 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-11-05 03:09:28 ----A---- C:\Windows\system32\tbssvc.dll
2008-11-05 03:09:28 ----A---- C:\Windows\system32\tbs.dll
2008-11-05 03:09:28 ----A---- C:\Windows\system32\taskmgr.exe
2008-11-05 03:09:28 ----A---- C:\Windows\system32\tasklist.exe
2008-11-05 03:09:28 ----A---- C:\Windows\system32\taskkill.exe
2008-11-05 03:09:27 ----A---- C:\Windows\system32\tdh.dll
2008-11-05 03:09:27 ----A---- C:\Windows\system32\tcpmon.ini
2008-11-05 03:09:27 ----A---- C:\Windows\system32\taskschd.dll
2008-11-05 03:09:27 ----A---- C:\Windows\system32\tabcal.exe
2008-11-05 03:09:26 ----A---- C:\Windows\system32\taskeng.exe
2008-11-05 03:09:26 ----A---- C:\Windows\system32\taskcomp.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\tapisrv.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\takeown.exe
2008-11-05 03:09:26 ----A---- C:\Windows\system32\TabbtnEx.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\srrstr.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\srdelayed.exe
2008-11-05 03:09:26 ----A---- C:\Windows\system32\srcore.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\srclient.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\srchadmin.dll
2008-11-05 03:09:26 ----A---- C:\Windows\system32\sqmapi.dll
2008-11-05 03:09:25 ----A---- C:\Windows\system32\sstpsvc.dll
2008-11-05 03:09:25 ----A---- C:\Windows\system32\SSShim.dll
2008-11-05 03:09:25 ----A---- C:\Windows\system32\ssdpsrv.dll
2008-11-05 03:09:25 ----A---- C:\Windows\system32\srwmi.dll
2008-11-05 03:09:25 ----A---- C:\Windows\system32\sqlsrv32.dll
2008-11-05 03:09:25 ----A---- C:\Windows\system32\sqlcese30.dll
2008-11-05 03:09:25 ----A---- C:\Windows\system32\sqlceqp30.dll
2008-11-05 03:09:24 ----A---- C:\Windows\system32\srvsvc.dll
2008-11-05 03:09:24 ----A---- C:\Windows\system32\spwmp.dll
2008-11-05 03:09:24 ----A---- C:\Windows\system32\spwizres.dll
2008-11-05 03:09:24 ----A---- C:\Windows\system32\spwizeng.dll
2008-11-05 03:09:24 ----A---- C:\Windows\system32\spoolsv.exe
2008-11-05 03:09:24 ----A---- C:\Windows\system32\spoolss.dll
2008-11-05 03:09:24 ----A---- C:\Windows\system32\spbcd.dll
2008-11-05 03:09:24 ----A---- C:\Windows\system32\SoundRecorder.exe
2008-11-05 03:09:23 ----A---- C:\Windows\system32\syssetup.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\sysmain.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\syskey.exe
2008-11-05 03:09:23 ----A---- C:\Windows\system32\SysFxUI.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\syncui.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\synceng.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\SyncCenter.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\sxstrace.exe
2008-11-05 03:09:23 ----A---- C:\Windows\system32\sxsstore.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\sxs.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\swprv.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\stobject.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\spwizimg.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\sppnp.dll
2008-11-05 03:09:23 ----A---- C:\Windows\system32\spopk.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\usp10.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\userinit.exe
2008-11-05 03:09:22 ----A---- C:\Windows\system32\userenv.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\usercpl.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\user32.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\usbperf.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\usbmon.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\svchost.exe
2008-11-05 03:09:22 ----A---- C:\Windows\system32\sud.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\Storprop.dll
2008-11-05 03:09:22 ----A---- C:\Windows\system32\sti_ci.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\zipfldr.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\xwtpw32.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\vga256.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\usbui.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\urlmon.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\url.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\upnphost.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\upnpcont.exe
2008-11-05 03:09:21 ----A---- C:\Windows\system32\upnp.dll
2008-11-05 03:09:21 ----A---- C:\Windows\system32\untfs.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\VIDRESZR.DLL
2008-11-05 03:09:20 ----A---- C:\Windows\system32\vga64k.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\vga.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\vdmdbg.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\vbscript.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\VAN.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\uxtheme.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\uudf.dll
2008-11-05 03:09:20 ----A---- C:\Windows\system32\Utilman.exe
2008-11-05 03:09:20 ----A---- C:\Windows\system32\utildll.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vfwwdm32.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\version.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\verifier.exe
2008-11-05 03:09:19 ----A---- C:\Windows\system32\verifier.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vdsutil.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vdsldr.exe
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vdsdyn.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vdsbas.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vds_ps.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vds.exe
2008-11-05 03:09:19 ----A---- C:\Windows\system32\vdmredir.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\uxsms.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\TSTheme.exe
2008-11-05 03:09:19 ----A---- C:\Windows\system32\TSpkg.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\trkwks.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\tracerpt.exe
2008-11-05 03:09:19 ----A---- C:\Windows\system32\tquery.dll
2008-11-05 03:09:19 ----A---- C:\Windows\system32\TpmInit.exe
2008-11-05 03:09:19 ----A---- C:\Windows\system32\TMM.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\umb.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\ulib.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\UIHub.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\tsgqec.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\tsddd.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\tscupgrd.exe
2008-11-05 03:09:18 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\thumbcache.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\themeui.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\themecpl.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\termsrv.dll
2008-11-05 03:09:18 ----A---- C:\Windows\system32\termmgr.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\unregmp2.exe
2008-11-05 03:09:17 ----A---- C:\Windows\system32\unlodctr.exe
2008-11-05 03:09:17 ----A---- C:\Windows\system32\unbcl.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\unattendedjoin.exe
2008-11-05 03:09:17 ----A---- C:\Windows\system32\unattend.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\umpnpmgr.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\UIAutomationCore.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\UI0Detect.exe
2008-11-05 03:09:17 ----A---- C:\Windows\system32\ufat.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\uexfat.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\uDWM.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\ucsvc.exe
2008-11-05 03:09:17 ----A---- C:\Windows\system32\txfw32.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\txflog.dll
2008-11-05 03:09:17 ----A---- C:\Windows\system32\TsWpfWrp.exe
2008-11-05 03:05:53 ----A---- C:\Windows\system32\kbd106n.dll
2008-11-05 03:04:36 ----A---- C:\Windows\system32\cbsra.exe
2008-11-02 20:00:02 ----A---- C:\Windows\system32\javaws.exe
2008-11-02 20:00:02 ----A---- C:\Windows\system32\javaw.exe
2008-11-02 20:00:02 ----A---- C:\Windows\system32\java.exe
2008-11-02 20:00:02 ----A---- C:\Windows\system32\deploytk.dll
2008-10-30 20:06:42 ----D---- C:\Program Files\Common Files\Adobe
2008-10-30 20:06:42 ----D---- C:\Program Files\Adobe
2008-10-30 19:56:13 ----D---- C:\Users\Stevetran\AppData\Roaming\vlc
2008-10-30 19:55:39 ----D---- C:\Program Files\VideoLAN
2008-10-30 17:36:58 ----D---- C:\Users\Stevetran\AppData\Roaming\LimeWire
2008-10-30 17:36:49 ----D---- C:\Program Files\LimeWire
2008-10-29 23:10:20 ----D---- C:\Windows\system32\zh_temp
2008-10-29 23:00:41 ----AD---- C:\ProgramData\TEMP
2008-10-29 23:00:26 ----D---- C:\Users\Stevetran\AppData\Roaming\PC Tools
2008-10-29 23:00:26 ----D---- C:\Program Files\Spyware Doctor
2008-10-29 22:39:33 ----D---- C:\Users\Stevetran\AppData\Roaming\Apple Computer
2008-10-29 22:39:21 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-29 22:39:20 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-29 22:38:48 ----D---- C:\Program Files\iPod
2008-10-29 22:38:46 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-29 22:38:46 ----D---- C:\Program Files\iTunes
2008-10-29 22:38:14 ----D---- C:\Program Files\Bonjour
2008-10-29 22:37:11 ----D---- C:\Program Files\QuickTime
2008-10-29 22:37:08 ----D---- C:\ProgramData\Apple Computer
2008-10-29 22:36:37 ----D---- C:\Program Files\Apple Software Update
2008-10-29 22:35:14 ----D---- C:\Program Files\Common Files\Apple
2008-10-29 22:35:12 ----D---- C:\ProgramData\Apple
2008-10-29 13:51:48 ----D---- C:\Windows\system32\URTTEMP
2008-10-29 01:24:43 ----A---- C:\rollback.ini
2008-10-29 01:05:39 ----A---- C:\Windows\ntbtlog.txt
2008-10-29 00:38:41 ----D---- C:\ProgramData\MailFrontier
2008-10-29 00:38:25 ----A---- C:\Windows\zllsputility.exe
2008-10-29 00:38:03 ----A---- C:\Windows\system32\vsregexp.dll
2008-10-29 00:38:00 ----A---- C:\Windows\system32\zlcommdb.dll
2008-10-29 00:37:59 ----A---- C:\Windows\system32\zlcomm.dll
2008-10-29 00:37:54 ----A---- C:\Windows\system32\vswmi.dll
2008-10-29 00:37:49 ----A---- C:\Windows\system32\zpeng25.dll
2008-10-29 00:37:49 ----A---- C:\Windows\system32\vsxml.dll
2008-10-29 00:37:48 ----D---- C:\Program Files\Zone Labs
2008-10-29 00:37:48 ----A---- C:\Windows\system32\vspubapi.dll
2008-10-29 00:37:48 ----A---- C:\Windows\system32\vsmonapi.dll
2008-10-29 00:37:46 ----A---- C:\Windows\system32\vsdata.dll
2008-10-29 00:36:54 ----D---- C:\Windows\system32\ZoneLabs
2008-10-29 00:35:44 ----D---- C:\ProgramData\CheckPoint
2008-10-29 00:35:42 ----A---- C:\Windows\system32\vsutil.dll
2008-10-29 00:35:42 ----A---- C:\Windows\system32\vsinit.dll
2008-10-28 21:12:46 ----D---- C:\Windows\Internet Logs
2008-10-28 20:00:00 ----D---- C:\Program Files\Trend Micro
2008-10-28 19:57:39 ----D---- C:\Users\Stevetran\AppData\Roaming\WinRAR
2008-10-28 19:56:18 ----D---- C:\Program Files\WinRAR
2008-10-28 19:19:51 ----D---- C:\Windows\Sun
2008-10-28 19:17:17 ----D---- C:\Program Files\uTorrent
2008-10-28 19:17:09 ----D---- C:\Users\Stevetran\AppData\Roaming\uTorrent
2008-10-28 19:05:08 ----D---- C:\Users\Stevetran\AppData\Roaming\Adobe
2008-10-28 17:36:51 ----A---- C:\Windows\system32\WMIMPLEX.dll
2008-10-28 17:36:51 ----A---- C:\Windows\system32\maplec.dll
2008-10-28 17:36:04 ----HD---- C:\Program Files\Zero G Registry
2008-10-28 17:36:04 ----D---- C:\Program Files\Maple 11
2008-10-28 17:17:43 ----D---- C:\ProgramData\Messenger Plus!
2008-10-28 16:57:27 ----A---- C:\Windows\system32\hccoin.dll
2008-10-28 16:54:53 ----D---- C:\Users\Stevetran\AppData\Roaming\Macromedia
2008-10-28 16:51:50 ----D---- C:\Program Files\Windows Live Safety Center
2008-10-28 16:49:43 ----D---- C:\Program Files\Java
2008-10-28 16:49:41 ----D---- C:\Program Files\Common Files\Java
2008-10-28 16:47:28 ----D---- C:\ProgramData\Adobe
2008-10-28 16:46:46 ----D---- C:\Windows\system32\Macromed
2008-10-28 16:41:15 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-28 16:21:16 ----D---- C:\Windows\PCHEALTH
2008-10-28 16:21:16 ----D---- C:\Program Files\Windows Live
2008-10-28 16:16:13 ----D---- C:\Users\Stevetran\AppData\Roaming\Mozilla
2008-10-28 16:14:26 ----D---- C:\Program Files\Mozilla Firefox
2008-10-28 15:53:59 ----A---- C:\Windows\system32\WlanApp.dll
2008-10-28 15:53:59 ----A---- C:\Windows\system32\odSupp_M.dll
2008-10-28 15:53:59 ----A---- C:\Windows\system32\JJAKEn.dll
2008-10-28 15:53:59 ----A---- C:\Windows\system32\AQCKGen.dll
2008-10-28 15:53:59 ----A---- C:\Windows\system32\ANIWZCS2.dll
2008-10-28 15:53:59 ----A---- C:\Windows\system32\ANICtl.dll
2008-10-28 15:53:59 ----A---- C:\Windows\system32\aIPH.dll
2008-10-28 15:53:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-28 15:53:49 ----D---- C:\Program Files\ANI
2008-10-28 15:53:49 ----A---- C:\Windows\system32\ANIOApi.dll
2008-10-28 15:53:44 ----D---- C:\Program Files\D-Link
2008-10-28 15:53:03 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-28 15:33:36 ----D---- C:\ProgramData\Lavasoft
2008-10-28 15:33:36 ----D---- C:\Program Files\Lavasoft
2008-10-28 15:33:04 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-28 15:31:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-28 15:31:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-28 15:28:56 ----D---- C:\ProgramData\ESET
2008-10-28 15:28:56 ----D---- C:\Program Files\ESET
2008-10-28 15:10:32 ----D---- C:\Users\Stevetran\AppData\Roaming\ATI
2008-10-28 15:10:32 ----D---- C:\ProgramData\ATI
2008-10-28 15:07:30 ----D---- C:\Program Files\ATI Technologies
2008-10-28 15:06:47 ----D---- C:\Program Files\ATI
2008-10-28 15:06:46 ----SHD---- C:\Windows\Installer
2008-10-28 15:06:37 ----A---- C:\Windows\system32\Oemdspif.dll
2008-10-28 15:06:37 ----A---- C:\Windows\system32\atiumdva.dll
2008-10-28 15:06:37 ----A---- C:\Windows\system32\atiumdag.dll
2008-10-28 15:06:37 ----A---- C:\Windows\system32\atitmmxx.dll
2008-10-28 15:06:37 ----A---- C:\Windows\system32\atipdlxx.dll
2008-10-28 15:06:36 ----A---- C:\Windows\system32\atioglxx.dll
2008-10-28 15:06:36 ----A---- C:\Windows\system32\ATIODE.exe
2008-10-28 15:06:36 ----A---- C:\Windows\system32\ATIODCLI.exe
2008-10-28 15:06:36 ----A---- C:\Windows\system32\atidxx32.dll
2008-10-28 15:06:36 ----A---- C:\Windows\system32\ATIDEMGX.dll
2008-10-28 15:06:36 ----A---- C:\Windows\system32\Ati2evxx.exe
2008-10-28 15:06:36 ----A---- C:\Windows\system32\Ati2evxx.dll
2008-10-28 15:06:36 ----A---- C:\Windows\system32\ati2edxx.dll
2008-10-28 04:44:36 ----D---- C:\Windows\Panther
2008-10-28 04:44:22 ----RAS---- C:\BOOTSECT.BAK
2008-10-28 04:44:20 ----SHD---- C:\Boot
2008-10-28 04:43:32 ----D---- C:\Windows\system32\OEM
2008-10-28 01:53:10 ----D---- C:\Windows\Minidump
2008-10-28 01:47:30 ----D---- C:\Windows\SoftwareDistribution
2008-10-28 01:46:23 ----D---- C:\Windows\Debug
2008-10-28 01:45:23 ----D---- C:\Windows\Prefetch
2008-10-28 01:45:16 ----SHD---- C:\System Volume Information
2008-10-28 00:55:55 ----D---- C:\Users\Stevetran\AppData\Roaming\Identities
2008-10-28 00:55:48 ----SD---- C:\Users\Stevetran\AppData\Roaming\Microsoft
2008-10-28 00:55:48 ----D---- C:\Users\Stevetran\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2008-11-06 18:29:46 ----D---- C:\Windows\Temp
2008-11-06 18:20:44 ----D---- C:\Windows\System32
2008-11-06 18:20:43 ----D---- C:\Windows\inf
2008-11-06 18:20:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-06 18:15:00 ----D---- C:\Windows\system32\drivers
2008-11-06 00:19:58 ----RD---- C:\Program Files
2008-11-05 23:45:18 ----HD---- C:\ProgramData
2008-11-05 23:34:39 ----D---- C:\Windows\Logs
2008-11-05 04:22:51 ----D---- C:\Windows\Microsoft.NET
2008-11-05 04:22:33 ----RSD---- C:\Windows\assembly
2008-11-05 04:16:29 ----D---- C:\Windows\rescache
2008-11-05 04:05:35 ----D---- C:\Windows
2008-11-05 04:05:18 ----D---- C:\Windows\system32\catroot
2008-11-05 04:05:00 ----ASH---- C:\Program Files\desktop.ini
2008-11-05 04:04:59 ----D---- C:\Windows\system32\catroot2
2008-11-05 03:57:21 ----D---- C:\Program Files\Windows Calendar
2008-11-05 03:57:19 ----D---- C:\Program Files\Windows Sidebar
2008-11-05 03:57:19 ----D---- C:\Program Files\Movie Maker
2008-11-05 03:57:18 ----D---- C:\Program Files\Windows Mail
2008-11-05 03:57:17 ----D---- C:\Program Files\Internet Explorer
2008-11-05 03:57:16 ----D---- C:\Program Files\Windows Media Player
2008-11-05 03:57:16 ----D---- C:\Program Files\Windows Collaboration
2008-11-05 03:57:14 ----D---- C:\Program Files\Windows Journal
2008-11-05 03:57:13 ----D---- C:\Program Files\Windows Photo Gallery
2008-11-05 03:57:08 ----D---- C:\Windows\servicing
2008-11-05 03:57:08 ----D---- C:\Windows\ehome
2008-11-05 03:57:08 ----D---- C:\Program Files\Windows Defender
2008-11-05 03:57:08 ----D---- C:\Program Files\Common Files\System
2008-11-05 03:56:56 ----D---- C:\Windows\MSAgent
2008-11-05 03:56:54 ----D---- C:\Windows\IME
2008-11-05 03:56:54 ----D---- C:\Windows\DigitalLocker
2008-11-05 03:56:53 ----D---- C:\Windows\L2Schemas
2008-11-05 03:56:51 ----D---- C:\Windows\system32\XPSViewer
2008-11-05 03:56:51 ----D---- C:\Windows\system32\ko-KR
2008-11-05 03:56:51 ----D---- C:\Windows\system32\da-DK
2008-11-05 03:56:51 ----D---- C:\Windows\system32\com
2008-11-05 03:56:51 ----D---- C:\Windows\PolicyDefinitions
2008-11-05 03:56:49 ----D---- C:\Windows\system32\en-US
2008-11-05 03:56:44 ----D---- C:\Windows\system32\it-IT
2008-11-05 03:56:44 ----D---- C:\Windows\system32\de-DE
2008-11-05 03:56:43 ----D---- C:\Windows\system32\sysprep
2008-11-05 03:56:43 ----D---- C:\Windows\system32\oobe
2008-11-05 03:56:43 ----D---- C:\Windows\system32\migration
2008-11-05 03:56:43 ----D---- C:\Windows\system32\el-GR
2008-11-05 03:56:39 ----D---- C:\Windows\system32\sv-SE
2008-11-05 03:56:39 ----D---- C:\Windows\system32\ru-RU
2008-11-05 03:56:39 ----D---- C:\Windows\system32\ias
2008-11-05 03:56:39 ----D---- C:\Windows\system32\he-IL
2008-11-05 03:56:39 ----D---- C:\Windows\system32\fr-FR
2008-11-05 03:56:39 ----D---- C:\Windows\system32\AdvancedInstallers
2008-11-05 03:56:38 ----D---- C:\Windows\system32\SLUI
2008-11-05 03:56:38 ----D---- C:\Windows\system32\setup
2008-11-05 03:56:38 ----D---- C:\Windows\system32\ras
2008-11-05 03:56:38 ----D---- C:\Windows\system32\pt-PT
2008-11-05 03:56:38 ----D---- C:\Windows\system32\hu-HU
2008-11-05 03:56:38 ----D---- C:\Windows\system32\fi-FI
2008-11-05 03:56:38 ----D---- C:\Windows\system32\cs-CZ
2008-11-05 03:56:35 ----D---- C:\Windows\system32\zh-TW
2008-11-05 03:56:35 ----D---- C:\Windows\system32\zh-CN
2008-11-05 03:56:35 ----D---- C:\Windows\system32\pl-PL
2008-11-05 03:56:35 ----D---- C:\Windows\system32\manifeststore
2008-11-05 03:56:35 ----D---- C:\Windows\system32\ja-JP
2008-11-05 03:56:35 ----D---- C:\Windows\system32\es-ES
2008-11-05 03:56:35 ----D---- C:\Windows\system32\en
2008-11-05 03:56:34 ----D---- C:\Windows\system32\ro-RO
2008-11-05 03:56:34 ----D---- C:\Windows\system32\icsxml
2008-11-05 03:56:31 ----D---- C:\Windows\system32\wbem
2008-11-05 03:56:31 ----D---- C:\Windows\system32\tr-TR
2008-11-05 03:56:28 ----D---- C:\Windows\system32\nl-NL
2008-11-05 03:56:28 ----D---- C:\Windows\system32\nb-NO
2008-11-05 03:56:28 ----D---- C:\Windows\system32\ar-SA
2008-11-05 03:56:26 ----D---- C:\Windows\system32\migwiz
2008-11-05 03:56:24 ----D---- C:\Windows\system32\pt-BR
2008-11-05 03:55:33 ----D---- C:\Windows\AppPatch
2008-11-05 03:55:25 ----D---- C:\Windows\Boot
2008-11-05 03:55:24 ----D---- C:\Windows\winsxs
2008-11-05 03:55:21 ----D---- C:\Windows\system32\Boot
2008-11-05 03:42:54 ----D---- C:\Windows\system32\WDI
2008-11-05 03:38:35 ----A---- C:\Windows\system32\mrt.exe
2008-11-05 03:38:35 ----A---- C:\Windows\system32\ifxcardm.dll
2008-11-05 03:38:29 ----A---- C:\Windows\system32\axaltocm.dll
2008-10-30 23:59:48 ----D---- C:\Windows\system32\NDF
2008-10-30 20:06:42 ----D---- C:\Program Files\Common Files
2008-10-29 22:36:42 ----D---- C:\Windows\system32\Tasks
2008-10-29 13:52:48 ----D---- C:\Windows\Registration
2008-10-28 19:54:36 ----D---- C:\Windows\system32\LogFiles
2008-10-28 17:36:50 ----RSD---- C:\Windows\Fonts
2008-10-28 16:21:16 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-28 15:55:32 ----SD---- C:\ProgramData\Microsoft
2008-10-28 15:07:04 ----D---- C:\Windows\system32\restore
2008-10-28 00:56:06 ----SHD---- C:\$Recycle.Bin
2008-10-28 00:55:48 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2007-10-25 27144]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-10-25 30728]
R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-06-03 147984]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-08-21 294288]
R2 ANIO;ANIO Service; \??\C:\Windows\system32\ANIO.SYS [2005-12-11 28195]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2007-10-25 33800]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\Windows\system32\DRIVERS\A3AB.sys [2006-10-15 472832]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-24 2930176]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-24 610304]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2007-10-25 18176]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.04 2008-11-06 18:29:57

======Uninstall list======

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ESET NOD32 Antivirus-->MsiExec.exe /I{944BFDEB-868F-4943-A37C-2852C7D9824A}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire PRO 4.13.0-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 11-->"C:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PC Sleep 2.1-->MsiExec.exe /I{FBAFC5DB-5511-4150-91EC-995E9BB2D099}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RangeBooster G WDA-2320-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{657EDA98-A8AD-4E9F-8F18-F1BE0E618290}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0
AV: ZoneAlarm Security Suite Antivirus (disabled) (outdated)
FW: ZoneAlarm Security Suite Firewall
AS: ZoneAlarm Security Suite Anti-Spyware (outdated)
AS: ESET NOD32 Antivirus 3.0
AS: Spyware Doctor (disabled)
AS: Windows Defender (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0202
"NUMBER_OF_PROCESSORS"=4
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by Caliburn, 06 November 2008 - 06:33 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:38 AM

Posted 06 November 2008 - 07:44 PM

Your log looks pretty good to me.
How is your computer behaving? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Caliburn

Caliburn
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 November 2008 - 09:35 PM

Nothing new, but a Spybot scan says that the Zlob.DNSchanger trojan is still there. Zonealarm can't access download.zonealarm.com, Ad-Aware and Spyware Doctor can't run their updates, and Windows Defender and Windows update both fail, citing error 80244019, or in Windows Defender's case, 0x80244019. Sorry, though I do appreciate the time you're taking to help me out.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:38 AM

Posted 07 November 2008 - 05:09 AM

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #5 - Search and clean DNS Hijack by typing 5 and press "Enter"; a text file will appear.
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Caliburn

Caliburn
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 07 November 2008 - 10:47 PM

ZoneAlarm's "Spy Site Blocking" option initially prevented me from downloading the file, but I turned the option off and continued the download. However, NOD32 detected Smitfraudfix.exe to be infected with a "Win32/Restarter.NAA" trojan, and was quarantined. How should I proceed?

Edited by Caliburn, 08 November 2008 - 01:59 PM.


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:38 AM

Posted 08 November 2008 - 09:08 AM

It's a false positive. Some antivirus program will incorrectly identify smitfraudfix.exe as malware. Disable Nod32 while you download and run smitfraudfix.

Here's more info to help you disable Nod32.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Caliburn

Caliburn
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 08 November 2008 - 02:21 PM

Here are the contents of the text file.

SmitFraudFix v2.373

Scan done at 14:16:07.73, 08/11/2008
Run from C:\Users\Stevetran\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: D-Link WDA-2320 Desktop Adapter
DNS Server Search Order: 85.255.112.224
DNS Server Search Order: 85.255.112.64

HKLM\SYSTEM\CCS\Services\Tcpip\..\{997BDB04-5465-482B-B257-63F882599E65}: DhcpNameServer=85.255.112.224 85.255.112.64
HKLM\SYSTEM\CS1\Services\Tcpip\..\{997BDB04-5465-482B-B257-63F882599E65}: DhcpNameServer=85.255.112.224 85.255.112.64
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.224 85.255.112.64
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.224 85.255.112.64

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: D-Link WDA-2320 Desktop Adapter
DNS Server Search Order: 85.255.112.224
DNS Server Search Order: 85.255.112.64

HKLM\SYSTEM\CCS\Services\Tcpip\..\{997BDB04-5465-482B-B257-63F882599E65}: DhcpNameServer=85.255.112.224 85.255.112.64
HKLM\SYSTEM\CS1\Services\Tcpip\..\{997BDB04-5465-482B-B257-63F882599E65}: DhcpNameServer=85.255.112.224 85.255.112.64
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.224 85.255.112.64
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.112.224 85.255.112.64

I received a SmitfraudFix that said

"Your computer may be a victim of a DNS Hijack: 85.255.x.x

D-Link WDA-2320 Desktop Adapter

Do you want to set your network to dymanic -DHCP- Server?"

I clicked "No". I have a feeling that "Yes" will bring me closer to fixing my problem, but I'd like to confirm it with you first.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:38 AM

Posted 08 November 2008 - 05:55 PM

Let's hold off on that for now.
Are you using a router with this computer?

Please run a new scan with Malwarebytes and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Caliburn

Caliburn
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 08 November 2008 - 06:59 PM

Yeah, I am. This computer's wirelessly networked to a router connected to my main computer. Does it make a difference?

Here's the new log.

Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 6.0.6001 Service Pack 1

08/11/2008 6:57:41 PM
mbam-log-2008-11-08 (18-57-41).txt

Scan type: Quick Scan
Objects scanned: 40043
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{997bdb04-5465-482b-b257-63f882599e65}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{997bdb04-5465-482b-b257-63f882599e65}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:38 AM

Posted 08 November 2008 - 07:06 PM

It could be that your router itself is infected.

First, reset your router.

Now lets check some settings on your system.
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen and reboot if it asks
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


Then run the quick scan with Malwarebytes again and post that log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Caliburn

Caliburn
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 09 November 2008 - 12:56 PM

Hi. Sorry to be a bother, but I don't know where the corresponding settings are on Windows Vista. I'm familiar with where you're trying to lead me on Windows XP, but I've tried exploring the Control Panel and I can't find a similar panel on Vista.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users