Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wu23.virut infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 ko48

ko48

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 29 November 2008 - 02:54 PM

Hello,

My PC was infected with w23.virut.u. It wiped out, among other things, my Norton Internet Protection. So, I downloaded the free version of AVG, which I believe made my system unstable by deleting some program files. Eventually I ended up reinstalling windows XP. I then reinstalled Norton, which found another instance of w23.virut and says it resolved it.

At this point I think my system is ok (!) but I would just like to make sure that I don't have any more unresolved threats. I don't want to use AVG for fear it will crash my system again, so I ran Hijack This but I don't know how to interpret it. If someone could please review my attached log & let me know if I should delete anything I would greatly appreciate it. I have also pasted the log below if that makes it easier.

Thank you!!!!
-Kelly


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:14 AM, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SilkQuit Meter.lnk = C:\Program Files\valecam\SilkQuit\SilkQuit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227952653706
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: karna.dat
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 6838 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:10:50 AM

Posted 30 November 2008 - 05:02 PM

Hi Kelly,

My names Dark Messenger, but DM or Brett is fine.

I need some time to look over your log, so please dont make any changes to your computer unless instructed to do so.

If you havent already, please click the Options Button at the top of your first Post and click Track This Topic and choose an appropriate option for you, so you are notified when I reply.

Thanks

DM

#3 ko48

ko48
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 30 November 2008 - 07:54 PM

Hi DM

Thanks so much for your help. I am tracking the topic & will not mess with anything until I hear back from you. :thumbsup:

Thanks again,
Kelly

#4 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:10:50 AM

Posted 02 December 2008 - 01:36 PM

Hi Kelly, sorry for such the long delay, we are very busy here.

Since you had a very bad virus on your computer, please run RSIT so we can look deeper into your computer for infections.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks,

DM

#5 ko48

ko48
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 04 December 2008 - 01:29 AM

Hi DM,

Apologies for the delay. I'd set up "track this topic" & was expecting to be notified that you had replied, but I wasn't! At any rate, here are the log files from RSIT.

Thank you
Kelly

-----------
Logfile of random's system information tool 1.04 (written by random/random)
Run by KO at 2008-12-03 22:24:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (73%) free of 76 GB
Total RAM: 1014 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:11 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KO\Desktop\RSIT.exe
C:\Program Files\hijackthis\KO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SilkQuit Meter.lnk = C:\Program Files\valecam\SilkQuit\SilkQuit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227952653706
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: karna.dat
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7222 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - KO.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll [2008-11-29 340848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL [2008-11-29 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll [2008-11-29 340848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
""= []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2008-11-25 303104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-07-16 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
SilkQuit Meter.lnk - C:\Program Files\valecam\SilkQuit\SilkQuit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-18 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoFolderOptions"=0
"NoFind"=0
"NoRun"=0
"DisallowRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{868b958f-9141-11dc-a270-00188bd7fc81}]
shell\AutoRun\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
shell\open\command - E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe


======File associations======

.reg - open -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2008-12-03 22:24:51 ----D---- C:\rsit
2008-12-03 10:13:57 ----D---- C:\bin
2008-12-03 10:11:45 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-03 10:11:45 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-03 10:03:07 ----D---- C:\Program Files\Hewlett-Packard
2008-12-03 10:00:55 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2008-12-03 09:59:27 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-03 09:50:43 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2008-11-29 11:14:20 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-11-29 11:13:38 ----D---- C:\Program Files\DellTPad
2008-11-29 11:13:28 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-11-29 10:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-29 10:15:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-29 10:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-29 10:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-29 10:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-29 10:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-29 10:14:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-29 10:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-29 10:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-29 10:13:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-29 10:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-29 10:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-29 10:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-29 10:12:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-29 10:11:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-29 10:02:56 ----D---- C:\WINDOWS\Prefetch
2008-11-29 09:59:42 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-29 09:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-29 09:33:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-29 03:33:43 ----A---- C:\WINDOWS\003513_.tmp
2008-11-29 03:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-29 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-29 03:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-29 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-29 01:26:40 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-11-29 01:26:05 ----D---- C:\Program Files\Windows Sidebar
2008-11-29 01:26:05 ----D---- C:\Program Files\Norton Internet Security
2008-11-29 01:26:04 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-11-29 01:25:47 ----D---- C:\Program Files\NortonInstaller
2008-11-29 01:25:47 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-29 00:11:22 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-11-29 00:10:57 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-28 23:51:44 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-28 23:51:21 ----D---- C:\Program Files\Online Services
2008-11-28 23:51:10 ----D---- C:\Program Files\Common Files\Services
2008-11-28 23:49:20 ----D---- C:\Program Files\ComPlus Applications
2008-11-28 23:43:53 ----A---- C:\WINDOWS\system32\stacsv.exe
2008-11-28 23:43:53 ----A---- C:\WINDOWS\stsystra.exe
2008-11-28 23:19:00 ----RA---- C:\WINDOWS\SET92.tmp
2008-11-28 23:19:00 ----RA---- C:\WINDOWS\SET91.tmp
2008-11-28 23:18:57 ----RA---- C:\WINDOWS\SET56.tmp
2008-11-28 23:18:54 ----RA---- C:\WINDOWS\SET4A.tmp
2008-11-28 23:18:52 ----RA---- C:\WINDOWS\SET47.tmp
2008-11-28 22:23:04 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-28 22:23:04 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-28 22:22:46 ----RA---- C:\WINDOWS\SETB5.tmp
2008-11-28 22:22:46 ----RA---- C:\WINDOWS\SETB4.tmp
2008-11-28 22:22:42 ----RA---- C:\WINDOWS\SET79.tmp
2008-11-28 22:22:39 ----RA---- C:\WINDOWS\SET6D.tmp
2008-11-28 22:22:37 ----RA---- C:\WINDOWS\SET6A.tmp
2008-11-28 22:06:17 ----A---- C:\WINDOWS\system32\winshfhc.dll
2008-11-28 22:06:16 ----A---- C:\WINDOWS\system32\blastcln.exe
2008-11-28 22:06:15 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll
2008-11-28 22:06:15 ----A---- C:\WINDOWS\system32\wmvdmod.dll
2008-11-28 22:06:15 ----A---- C:\WINDOWS\system32\wmvcore.dll
2008-11-28 22:06:15 ----A---- C:\WINDOWS\system32\wmstream.dll
2008-11-28 22:06:15 ----A---- C:\WINDOWS\system32\wmspdmoe.dll
2008-11-28 22:06:15 ----A---- C:\WINDOWS\system32\wmspdmod.dll
2008-11-28 22:06:14 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll
2008-11-28 22:06:14 ----A---- C:\WINDOWS\system32\wmsdmoe.dll
2008-11-28 22:06:14 ----A---- C:\WINDOWS\system32\wmsdmod.dll
2008-11-28 22:06:14 ----A---- C:\WINDOWS\system32\wmpui.dll
2008-11-28 22:06:14 ----A---- C:\WINDOWS\system32\wmpshell.dll
2008-11-28 22:06:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2008-11-28 22:06:14 ----A---- C:\WINDOWS\system32\wmpasf.dll
2008-11-28 22:06:13 ----A---- C:\WINDOWS\system32\wmploc.dll
2008-11-28 22:06:13 ----A---- C:\WINDOWS\system32\wmp.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmpcore.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmpcd.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmnetmgr.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmidx.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmerror.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmdmps.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmdmlog.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmasf.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmadmoe.dll
2008-11-28 22:06:12 ----A---- C:\WINDOWS\system32\wmadmod.dll
2008-11-28 22:06:11 ----A---- C:\WINDOWS\system32\strmdll.dll
2008-11-28 22:06:11 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-11-28 22:06:10 ----A---- C:\WINDOWS\system32\mswmdm.dll
2008-11-28 22:06:10 ----A---- C:\WINDOWS\system32\msscp.dll
2008-11-28 22:06:10 ----A---- C:\WINDOWS\system32\mspmsp.dll
2008-11-28 22:06:10 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2008-11-28 22:06:10 ----A---- C:\WINDOWS\system32\msnetobj.dll
2008-11-28 22:06:10 ----A---- C:\WINDOWS\system32\msdxmlc.dll
2008-11-28 22:06:09 ----A---- C:\WINDOWS\system32\mpg4dmod.dll
2008-11-28 22:06:09 ----A---- C:\WINDOWS\system32\mp4sdmod.dll
2008-11-28 22:06:09 ----A---- C:\WINDOWS\system32\mp43dmod.dll
2008-11-28 22:06:08 ----A---- C:\WINDOWS\system32\logagent.exe
2008-11-28 22:06:08 ----A---- C:\WINDOWS\system32\laprxy.dll
2008-11-28 22:06:08 ----A---- C:\WINDOWS\system32\dxmasf.dll
2008-11-28 22:06:08 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2008-11-28 22:06:08 ----A---- C:\WINDOWS\system32\drmstor.dll
2008-11-28 22:06:08 ----A---- C:\WINDOWS\system32\drmclien.dll
2008-11-28 22:06:07 ----A---- C:\WINDOWS\system32\cewmdm.dll
2008-11-28 22:06:07 ----A---- C:\WINDOWS\system32\blackbox.dll
2008-11-28 22:06:07 ----A---- C:\WINDOWS\system32\asferror.dll
2008-11-28 22:05:52 ----A---- C:\WINDOWS\system32\osuninst.exe
2008-11-28 22:05:50 ----A---- C:\WINDOWS\vmmreg32.dll
2008-11-28 22:05:50 ----A---- C:\WINDOWS\system32\vga64k.dll
2008-11-28 22:05:50 ----A---- C:\WINDOWS\system32\vga256.dll
2008-11-28 22:05:48 ----A---- C:\WINDOWS\system32\tourstart.exe
2008-11-28 22:05:47 ----A---- C:\WINDOWS\system32\spnpinst.exe
2008-11-28 22:05:41 ----A---- C:\WINDOWS\system32\pentnt.exe
2008-11-28 22:05:40 ----A---- C:\WINDOWS\system32\odtext32.dll
2008-11-28 22:05:40 ----A---- C:\WINDOWS\system32\odpdx32.dll
2008-11-28 22:05:40 ----A---- C:\WINDOWS\system32\odfox32.dll
2008-11-28 22:05:40 ----A---- C:\WINDOWS\system32\odexl32.dll
2008-11-28 22:05:40 ----A---- C:\WINDOWS\system32\oddbse32.dll
2008-11-28 22:05:38 ----A---- C:\WINDOWS\system32\msxbde40.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msvcrt20.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\mstext40.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msrepl40.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msrecr40.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msrclr40.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msr2cenu.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msr2c.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\mspbde40.dll
2008-11-28 22:05:37 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-11-28 22:05:36 ----A---- C:\WINDOWS\system32\msexcl40.dll
2008-11-28 22:05:36 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-11-28 22:05:35 ----A---- C:\WINDOWS\system32\migpwd.exe
2008-11-28 22:05:35 ----A---- C:\WINDOWS\system32\lnkstub.exe
2008-11-28 22:05:33 ----A---- C:\WINDOWS\system32\krnl386.exe
2008-11-28 22:05:33 ----A---- C:\WINDOWS\system32\ir50_qcx.dll
2008-11-28 22:05:33 ----A---- C:\WINDOWS\system32\ir50_qc.dll
2008-11-28 22:05:33 ----A---- C:\WINDOWS\system32\ir50_32.dll
2008-11-28 22:05:33 ----A---- C:\WINDOWS\system32\ir41_qcx.dll
2008-11-28 22:05:33 ----A---- C:\WINDOWS\system32\ir41_qc.dll
2008-11-28 22:05:31 ----A---- C:\WINDOWS\system32\d3dramp.dll
2008-11-28 22:05:31 ----A---- C:\WINDOWS\system32\ctl3d32.dll
2008-11-28 22:05:27 ----A---- C:\WINDOWS\system32\wmerrenu.dll
2008-11-28 22:05:21 ----A---- C:\WINDOWS\system32\xpob2res.dll
2008-11-28 22:05:19 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-11-28 22:05:17 ----A---- C:\WINDOWS\system32\xpsp1res.dll
2008-11-28 22:05:16 ----A---- C:\WINDOWS\system32\kbdtuq.dll
2008-11-28 22:05:16 ----A---- C:\WINDOWS\system32\kbdtuf.dll
2008-11-28 22:05:16 ----A---- C:\WINDOWS\system32\edit.com
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdycl.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdycc.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbduzb.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdtat.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdsl.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdru1.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdru.dll
2008-11-28 22:05:15 ----A---- C:\WINDOWS\system32\kbdro.dll
2008-11-28 22:05:12 ----A---- C:\WINDOWS\system32\mslbui.dll
2008-11-28 22:05:12 ----A---- C:\WINDOWS\system32\msimtf.dll
2008-11-28 22:05:11 ----A---- C:\WINDOWS\system32\msutb.dll
2008-11-28 22:05:11 ----A---- C:\WINDOWS\system32\msctfp.dll
2008-11-28 22:05:11 ----A---- C:\WINDOWS\system32\msctf.dll
2008-11-28 22:05:11 ----A---- C:\WINDOWS\system32\ctfmon.exe
2008-11-28 22:05:09 ----A---- C:\WINDOWS\system32\kbdinmal.dll
2008-11-28 22:05:09 ----A---- C:\WINDOWS\system32\kbdinben.dll
2008-11-28 22:05:09 ----A---- C:\WINDOWS\system32\kbdinbe1.dll
2008-11-28 22:04:59 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-11-28 22:04:58 ----A---- C:\WINDOWS\system32\xmlprovi.dll
2008-11-28 22:04:58 ----A---- C:\WINDOWS\system32\xmlprov.dll
2008-11-28 22:04:58 ----A---- C:\WINDOWS\system32\xenroll.dll
2008-11-28 22:04:58 ----A---- C:\WINDOWS\system32\xcopy.exe
2008-11-28 22:04:58 ----A---- C:\WINDOWS\system32\xactsrv.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wzcdlg.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wupdmgr.exe
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wsock32.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wsnmp32.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wshrm.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wshnetbs.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wshisn.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wship6.dll
2008-11-28 22:04:57 ----A---- C:\WINDOWS\system32\wshext.dll
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wshcon.dll
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wshatm.dll
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wsecedit.dll
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wscsvc.dll
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wscript.exe
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wscntfy.exe
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\ws2help.dll
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\ws2_32.dll
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wpabaln.exe
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wowexec.exe
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wowdeb.exe
2008-11-28 22:04:56 ----A---- C:\WINDOWS\system32\wow32.dll
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\wmiscmgr.dll
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\wmiprop.dll
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\wmi.dll
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\wlnotify.dll
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\wldap32.dll
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\winver.exe
2008-11-28 22:04:55 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winstrm.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winsta.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winsrv.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winspool.exe
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winsock.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winscard.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winrnr.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winntbbu.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winnls.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winmsd.exe
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winmm.dll
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-11-28 22:04:54 ----A---- C:\WINDOWS\system32\winipsec.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\winhlp32.exe
2008-11-28 22:04:53 ----A---- C:\WINDOWS\winhelp.exe
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\wininet.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\winhlp32.exe
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\winfax.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\winbrand.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\win87em.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\win.com
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\wifeman.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\wiavusd.dll
2008-11-28 22:04:53 ----A---- C:\WINDOWS\system32\wiavideo.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\wiashext.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\wiaservc.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\wiascr.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\wiadss.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\wiadefui.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\wextract.exe
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\webvw.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\webhits.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\webclnt.dll
2008-11-28 22:04:52 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-11-28 22:04:51 ----A---- C:\WINDOWS\system32\wdigest.dll
2008-11-28 22:04:49 ----A---- C:\WINDOWS\system32\wavemsp.dll
2008-11-28 22:04:49 ----A---- C:\WINDOWS\system32\w32topl.dll
2008-11-28 22:04:49 ----A---- C:\WINDOWS\system32\w32tm.exe
2008-11-28 22:04:49 ----A---- C:\WINDOWS\system32\w32time.dll
2008-11-28 22:04:49 ----A---- C:\WINDOWS\system32\vwipxspx.exe
2008-11-28 22:04:49 ----A---- C:\WINDOWS\system32\vwipxspx.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vssvc.exe
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vssapi.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vssadmin.exe
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vss_ps.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vjoy.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vga.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\version.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\verifier.exe
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\verifier.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\ver.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vdmredir.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vdmdbg.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vcdex.dll
2008-11-28 22:04:48 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\utilman.exe
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\utildll.dll
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\usp10.dll
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\userinit.exe
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\userenv.dll
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\user32.dll
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\user.exe
2008-11-28 22:04:47 ----A---- C:\WINDOWS\system32\usbmon.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\url.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\ureg.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\ups.exe
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\upnpui.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\upnphost.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\upnpcont.exe
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\upnp.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\untfs.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\unlodctr.exe
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\uniplat.dll
2008-11-28 22:04:46 ----A---- C:\WINDOWS\system32\unimdmat.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\twunk_32.exe
2008-11-28 22:04:45 ----A---- C:\WINDOWS\twunk_16.exe
2008-11-28 22:04:45 ----A---- C:\WINDOWS\twain_32.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\twain.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\umdmxfrm.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\umandlg.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\ulib.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\ufat.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\udhisapi.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\typeperf.exe
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\typelib.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\txflog.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\twext.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\tsddd.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\tsd32.dll
2008-11-28 22:04:45 ----A---- C:\WINDOWS\system32\osuninst.dll
2008-11-28 22:04:44 ----A---- C:\WINDOWS\system32\w3ssl.dll
2008-11-28 22:04:44 ----A---- C:\WINDOWS\system32\tsappcmp.dll
2008-11-28 22:04:44 ----A---- C:\WINDOWS\system32\trkwks.dll
2008-11-28 22:04:44 ----A---- C:\WINDOWS\system32\tree.com
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\traffic.dll
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tracert6.exe
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tracert.exe
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tracerpt.exe
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\toolhelp.dll
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tlntsvrp.dll
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tlntsess.exe
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\themeui.dll
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\tftp.exe
2008-11-28 22:04:43 ----A---- C:\WINDOWS\system32\termmgr.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\taskman.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\telnet.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tcpsvcs.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tcpmon.ini
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tcpmon.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tcpmib.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tcmsetup.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\taskmgr.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\taskman.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tasklist.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\taskkill.exe
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tapiui.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tapisrv.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tapiperf.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tapi32.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tapi3.dll
2008-11-28 22:04:42 ----A---- C:\WINDOWS\system32\tapi.dll
2008-11-28 22:04:41 ----A---- C:\WINDOWS\system32\t2embed.dll
2008-11-28 22:04:41 ----A---- C:\WINDOWS\system32\systray.exe
2008-11-28 22:04:41 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-11-28 22:04:41 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2008-11-28 22:04:41 ----A---- C:\WINDOWS\system32\syskey.exe
2008-11-28 22:04:41 ----A---- C:\WINDOWS\system32\sysinv.dll
2008-11-28 22:04:40 ----A---- C:\WINDOWS\system32\systeminfo.exe
2008-11-28 22:04:40 ----A---- C:\WINDOWS\system32\sysedit.exe
2008-11-28 22:04:40 ----A---- C:\WINDOWS\system32\syncui.dll
2008-11-28 22:04:40 ----A---- C:\WINDOWS\system32\synceng.dll
2008-11-28 22:04:40 ----A---- C:\WINDOWS\system32\syncapp.exe
2008-11-28 22:04:40 ----A---- C:\WINDOWS\system32\sxs.dll
2008-11-28 22:04:40 ----A---- C:\WINDOWS\system32\swprv.dll
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\svcpack.dll
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\svchost.exe
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\subst.exe
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\strmfilt.dll
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\storage.dll
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\stobject.dll
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\stimon.exe
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\sti_ci.dll
2008-11-28 22:04:39 ----A---- C:\WINDOWS\system32\sti.dll
2008-11-28 22:04:38 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2008-11-28 22:04:38 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2008-11-28 22:04:38 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\sqlwoa.dll
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\sqlwid.dll
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\sqlunirl.dll
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\sqlsrv32.dll
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\sprestrt.exe
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\spoolsv.exe
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\spoolss.dll
2008-11-28 22:04:37 ----A---- C:\WINDOWS\system32\spiisupd.exe
2008-11-28 22:04:28 ----A---- C:\WINDOWS\system32\sort.exe
2008-11-28 22:04:28 ----A---- C:\WINDOWS\system32\softpub.dll
2008-11-28 22:04:28 ----A---- C:\WINDOWS\system32\snmpsnap.dll
2008-11-28 22:04:28 ----A---- C:\WINDOWS\system32\snmpapi.dll
2008-11-28 22:04:28 ----A---- C:\WINDOWS\system32\smss.exe
2008-11-28 22:04:28 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2008-11-28 22:04:28 ----A---- C:\WINDOWS\system32\smlogcfg.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\smbinst.exe
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\slbrccsp.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\slbiop.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\slbcsp.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\slayerxp.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\skeys.exe
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\skdll.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\sisbkup.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\sigverif.exe
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\sigtab.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\shutdown.exe
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\shsvcs.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\shscrap.dll
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\shrpubw.exe
2008-11-28 22:04:27 ----A---- C:\WINDOWS\system32\shmgrate.exe
2008-11-28 22:04:26 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-11-28 22:04:26 ----A---- C:\WINDOWS\system32\shimgvw.dll
2008-11-28 22:04:26 ----A---- C:\WINDOWS\system32\shimeng.dll
2008-11-28 22:04:26 ----A---- C:\WINDOWS\system32\shgina.dll
2008-11-28 22:04:26 ----A---- C:\WINDOWS\system32\shfolder.dll
2008-11-28 22:04:25 ----A---- C:\WINDOWS\system32\shell32.dll
2008-11-28 22:04:25 ----A---- C:\WINDOWS\system32\shell.dll
2008-11-28 22:04:25 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-11-28 22:04:25 ----A---- C:\WINDOWS\system32\shdoclc.dll
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\share.exe
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\sfmapi.dll
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\sfc_os.dll
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\sfc.exe
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\sfc.dll
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\setver.exe
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\setupdll.dll
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\setup.exe
2008-11-28 22:04:24 ----A---- C:\WINDOWS\system32\sethc.exe
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\serwvdrv.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\services.msc
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\services.exe
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\serialui.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\senscfg.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\sensapi.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\sens.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\sendmail.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\sendcmsg.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\security.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\secur32.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\secpol.msc
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\seclogon.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\secedit.exe
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\sdpblb.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\sdbinst.exe
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\scrrun.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\scrobj.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\scriptpw.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\scredir.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\sclgntfy.dll
2008-11-28 22:04:23 ----A---- C:\WINDOWS\system32\schtasks.exe
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\schannel.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\scesrv.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\scecli.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\sccsccp.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\sccbase.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\scardssp.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\scarddlg.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\sc.exe
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\sbeio.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\sbe.dll
2008-11-28 22:04:22 ----A---- C:\WINDOWS\system32\savedump.exe
2008-11-28 22:04:21 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-11-28 22:04:21 ----A---- C:\WINDOWS\system32\samlib.dll
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\runonce.exe
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rundll32.exe
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\runas.exe
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rtutils.dll
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rtm.dll
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rtipxmib.dll
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rtcshare.exe
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rsvpsp.dll
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rsvpperf.dll
2008-11-28 22:04:20 ----A---- C:\WINDOWS\system32\rsvpmsg.dll
2008-11-28 22:04:19 ----R---- C:\WINDOWS\system32\rsop.msc
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsvp.ini
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsvp.exe
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsopprov.exe
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsnotify.exe
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsmui.exe
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsmsink.exe
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsmps.dll
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsm.exe
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsh.exe
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsfsaps.dll
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rsaenh.dll
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-11-28 22:04:19 ----A---- C:\WINDOWS\system32\rpcns4.dll
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\routetab.dll
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\routemon.exe
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\route.exe
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\rnr20.dll
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\riched32.dll
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\riched20.dll
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\rexec.exe
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\resutils.dll
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\replace.exe
2008-11-28 22:04:18 ----A---- C:\WINDOWS\system32\msftedit.dll
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\rend.dll
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\relog.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\regwizc.dll
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\regwiz.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\regsvr32.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\regsvc.dll
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\regedt32.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\regapi.dll
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\reg.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\redir.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\recover.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\system32\gpupdate.exe
2008-11-28 22:04:17 ----A---- C:\WINDOWS\regedit.exe
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rdpdd.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rcp.exe
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rcimlby.exe
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rcbdyctl.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rastls.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasser.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rassapi.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasrad.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasppp.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasphone.exe
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasmxs.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasmontr.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasmans.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasman.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasdial.exe
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasctrs.ini
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasctrs.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\raschap.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasautou.exe
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2008-11-28 22:04:16 ----A---- C:\WINDOWS\system32\drprov.dll
2008-11-28 22:04:15 ----A---- C:\WINDOWS\system32\query.dll
2008-11-28 22:04:15 ----A---- C:\WINDOWS\system32\quartz.dll
2008-11-28 22:04:15 ----A---- C:\WINDOWS\system32\qosname.dll
2008-11-28 22:04:15 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-11-28 22:04:15 ----A---- C:\WINDOWS\system32\qedit.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\qdv.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\qcap.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\qasf.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\pubprn.vbs
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\pstorec.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\psnppagn.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\pschdprf.ini
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\pschdprf.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\psbase.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\psapi.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\proxycfg.exe
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\proquota.exe
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\progman.exe
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\profmap.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prodspec.ini
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prnqctl.vbs
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prnport.vbs
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prnmngr.vbs
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prnjobs.vbs
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prndrvr.vbs
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prncnfg.vbs
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\printui.dll
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\print.exe
2008-11-28 22:04:14 ----A---- C:\WINDOWS\system32\prflbmsg.dll
2008-11-28 22:04:13 ----R---- C:\WINDOWS\system32\perfmon.msc
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\powrprof.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\powercfg.exe
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\polstore.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\pnrpnsp.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\pmspl.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\plustab.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\ping6.exe
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\ping.exe
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\pifmgr.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\pidgen.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\photowiz.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfwci.ini
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfts.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfproc.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfos.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfnw.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfnet.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfmon.exe
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perffilt.ini
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfdisk.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-11-28 22:04:13 ----A---- C:\WINDOWS\system32\perfci.ini
2008-11-28 22:04:12 ----A---- C:\WINDOWS\system32\pdh.dll
2008-11-28 22:04:11 ----A---- C:\WINDOWS\system32\pautoenr.dll
2008-11-28 22:04:11 ----A---- C:\WINDOWS\system32\pathping.exe
2008-11-28 22:04:11 ----A---- C:\WINDOWS\system32\panmap.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\pagefileconfig.vbs
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\packager.exe
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\p2psvc.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\p2pnetsh.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\p2pgraph.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\p2pgasvc.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\p2p.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\osk.exe
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\opengl32.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\openfiles.exe
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\olethk32.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\olesvr32.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\olesvr.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\olepro32.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\oleprn.dll
2008-11-28 22:04:10 ----A---- C:\WINDOWS\system32\oledlg.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\olecli32.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\olecli.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\oleacc.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\ole32.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\ole2nls.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\ole2disp.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\ole2.dll
2008-11-28 22:04:09 ----A---- C:\WINDOWS\system32\offfilt.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbctrac.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcp32r.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcjt32.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcji32.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcint.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbccu32.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbccr32.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbccp32.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcconf.exe
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcconf.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbcad32.exe
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbc32gt.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbc32.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\odbc16gt.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\ocmanage.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\occache.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\objsel.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\oakley.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nwwks.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nwscript.exe
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nwevent.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nwcfg.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nwapi32.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nwapi16.dll
2008-11-28 22:04:03 ----A---- C:\WINDOWS\system32\nw16.exe
2008-11-28 22:04:02 ----A---- C:\WINDOWS\system32\ntvdmd.dll
2008-11-28 22:04:02 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-11-28 22:04:02 ----A---- C:\WINDOWS\system32\ntshrui.dll
2008-11-28 22:04:02 ----A---- C:\WINDOWS\system32\ntsdexts.dll
2008-11-28 22:04:02 ----A---- C:\WINDOWS\system32\ntsd.exe
2008-11-28 22:04:01 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-11-28 22:04:01 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2008-11-28 22:04:01 ----A---- C:\WINDOWS\system32\ntmsoprq.msc
2008-11-28 22:04:01 ----A---- C:\WINDOWS\system32\ntmsmgr.msc
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntmsmgr.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntmsevt.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntmsdba.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntmsapi.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntmarta.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntlanui2.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntlanui.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntlanman.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntdsbcli.dll
2008-11-28 22:04:00 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2008-11-28 22:03:59 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-11-28 22:03:59 ----A---- C:\WINDOWS\system32\ntbackup.exe
2008-11-28 22:03:58 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-11-28 22:03:58 ----A---- C:\WINDOWS\system32\npptools.dll
2008-11-28 22:03:58 ----A---- C:\WINDOWS\notepad.exe
2008-11-28 22:03:57 ----A---- C:\WINDOWS\system32\nlsfunc.exe
2008-11-28 22:03:57 ----A---- C:\WINDOWS\system32\nlhtml.dll
2008-11-28 22:03:56 ----A---- C:\WINDOWS\system32\newdev.dll
2008-11-28 22:03:56 ----A---- C:\WINDOWS\system32\netui2.dll
2008-11-28 22:03:56 ----A---- C:\WINDOWS\system32\netui1.dll
2008-11-28 22:03:56 ----A---- C:\WINDOWS\system32\netui0.dll
2008-11-28 22:03:56 ----A---- C:\WINDOWS\system32\netstat.exe
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netshell.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netsh.exe
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netrap.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netplwiz.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netmsg.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netman.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netlogon.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netid.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\neth.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netevent.dll
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netdde.exe
2008-11-28 22:03:55 ----A---- C:\WINDOWS\system32\netcfgx.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\netapi.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\net1.exe
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\net.exe
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\nddenb32.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\nddeapir.exe
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\nddeapi.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\ncxpnt.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\nbtstat.exe
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\narrhook.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\narrator.exe
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\mydocs.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\mycomput.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\mtxclu.dll
2008-11-28 22:03:54 ----A---- C:\WINDOWS\system32\msxml3r.dll
2008-11-28 22:03:53 ----A---- C:\WINDOWS\system32\msxmlr.dll
2008-11-28 22:03:53 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-11-28 22:03:53 ----A---- C:\WINDOWS\system32\msxml2r.dll
2008-11-28 22:03:53 ----A---- C:\WINDOWS\system32\msxml2.dll
2008-11-28 22:03:53 ----A---- C:\WINDOWS\system32\msxml.dll
2008-11-28 22:03:53 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-11-28 22:03:53 ----A---- C:\WINDOWS\system32\mswsock.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvideo.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvidctl.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvidc32.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvfw32.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvcrt40.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvcrt.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvcp60.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvcp50.dll
2008-11-28 22:03:52 ----A---- C:\WINDOWS\system32\msvcirt.dll
2008-11-28 22:03:51 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2008-11-28 22:03:51 ----A---- C:\WINDOWS\system32\msvbvm50.dll
2008-11-28 22:03:51 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-11-28 22:03:51 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\mstime.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\msswchx.exe
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\msswch.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\mssip32.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\mssign32.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\mssap.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\msrle32.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\msrating.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\msratelc.dll
2008-11-28 22:03:50 ----A---- C:\WINDOWS\system32\msprivs.dll
2008-11-28 22:03:49 ----A---- C:\WINDOWS\system32\msports.dll
2008-11-28 22:03:49 ----A---- C:\WINDOWS\system32\mspatcha.dll
2008-11-28 22:03:49 ----A---- C:\WINDOWS\system32\msorcl32.dll
2008-11-28 22:03:49 ----A---- C:\WINDOWS\system32\msorc32r.dll
2008-11-28 22:03:48 ----A---- C:\WINDOWS\system32\msobjs.dll
2008-11-28 22:03:48 ----A---- C:\WINDOWS\system32\msnsspc.dll
2008-11-28 22:03:48 ----A---- C:\WINDOWS\system32\msls31.dll
2008-11-28 22:03:48 ----A---- C:\WINDOWS\system32\msjtes40.dll
2008-11-28 22:03:48 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msjetoledb40.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msjet40.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msisip.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msiregmv.exe
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msimsg.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msimg32.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msihnd.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msiexec.exe
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msieftp.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msidntld.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msidle.dll
2008-11-28 22:03:47 ----A---- C:\WINDOWS\system32\msident.dll
2008-11-28 22:03:46 ----A---- C:\WINDOWS\system32\msi.dll
2008-11-28 22:03:46 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-11-28 22:03:46 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-11-28 22:03:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-28 22:03:44 ----A---- C:\WINDOWS\system32\mshta.exe
2008-11-28 22:03:44 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-11-28 22:03:44 ----A---- C:\WINDOWS\system32\msgina.dll
2008-11-28 22:03:44 ----A---- C:\WINDOWS\system32\msencode.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\msdart.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\msdadiag.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\mscpxl32.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\mscpx32r.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\mscms.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\mscdexnt.exe
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\mscat32.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\msaudite.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\msasn1.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\msapsspc.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\system32\msafd.dll
2008-11-28 22:03:43 ----A---- C:\WINDOWS\msdfmap.ini
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\msacm32.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\msacm.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\msaatext.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mrinfo.exe
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqutil.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqtrig.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqsvc.exe
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqsnap.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqsec.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqrt.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqqm.dll
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqperf.ini
2008-11-28 22:03:42 ----A---- C:\WINDOWS\system32\mqperf.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqoa.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqlogmgr.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqise.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqgentr.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqdscli.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqcertui.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqbkup.exe
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mqad.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mprui.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mprmsg.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mprdim.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mprddm.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mprapi.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mpr.dll
2008-11-28 22:03:41 ----A---- C:\WINDOWS\system32\mpnotify.exe
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\mountvol.exe
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\moricons.dll
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\more.com
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\modex.dll
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\modemui.dll
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\mode.com
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\mobsync.exe
2008-11-28 22:03:40 ----A---- C:\WINDOWS\system32\mobsync.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mmutilse.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mmsystem.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mmdrv.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mmcshext.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mmcbase.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mmc.exe
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mll_qic.dll
2008-11-28 22:03:39 ----A---- C:\WINDOWS\system32\mll_mtf.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\mll_hp.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\mlang.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\mimefilt.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\miglibnt.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\midimap.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2008-11-28 22:03:38 ----A---- C:\WINDOWS\system32\mfc42u.dll
2008-11-28 22:03:37 ----A---- C:\WINDOWS\system32\mfc42.dll
2008-11-28 22:03:37 ----A---- C:\WINDOWS\system32\mfc40u.dll
2008-11-28 22:03:37 ----A---- C:\WINDOWS\system32\mfc40.dll
2008-11-28 22:03:37 ----A---- C:\WINDOWS\system32\mf3216.dll
2008-11-28 22:03:36 ----A---- C:\WINDOWS\system32\mem.exe
2008-11-28 22:03:35 ----A---- C:\WINDOWS\system32\mdminst.dll
2008-11-28 22:03:35 ----A---- C:\WINDOWS\system32\mdhcp.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mciwave.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mciseq.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mciole32.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mciole16.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mcicda.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mciavi32.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mchgrcoi.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mcdsrv32.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mcd32.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mcastmib.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mapistub.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\makecab.exe
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\magnify.exe
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\mag_hook.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\lzexpand.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\lz32.dll
2008-11-28 22:03:34 ----A---- C:\WINDOWS\system32\lusrmgr.msc
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lsass.exe
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lprmonui.dll
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lprhelp.dll
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lpr.exe
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lpq.exe
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lpk.dll
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\logonui.exe
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\logman.exe
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\login.cmd
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\loghours.dll
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\lodctr.exe
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\locator.exe
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\localui.dll
2008-11-28 22:03:33 ----A---- C:\WINDOWS\system32\keymgr.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\localspl.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\localsec.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\loadperf.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\loadfix.com
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\lmrt.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\linkinfo.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\lights.exe
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\licdll.dll
2008-11-28 22:03:32 ----A---- C:\WINDOWS\system32\langwrbk.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\label.exe
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kerberos.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kdcom.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kd1394.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdusx.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdusr.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdusl.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdus.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdur.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdukx.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbduk.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdsw.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdsp.dll
2008-11-28 22:03:31 ----A---- C:\WINDOWS\system32\kbdsmsno.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdsmsfi.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdsg.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdsf.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdpo.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdpl1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdpl.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdno1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdno.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdnec.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdne.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdmon.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdmlt48.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdmlt47.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdmaori.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdmac.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdlv1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdlv.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdlt1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdlt.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdla.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdkyr.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdkaz.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdit142.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdit.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdir.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdic.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhu.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhept.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhela3.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhela2.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhe319.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhe220.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdhe.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdgr1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdgr.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdgkl.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdgae.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdfr.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdfo.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdfi1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdfi.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdfc.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdest.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdes.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbddv.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdda.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdcz2.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdcz1.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdcz.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdcr.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdcan.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdca.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdbu.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdbr.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdblr.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdbene.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdbe.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdazel.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdaze.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kbdal.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\kb16.com
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jscript.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jobexec.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jgsh400.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jgsd400.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jgpl400.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jgmd400.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jgdw400.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jgaw400.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\jet500.dll
2008-11-28 22:03:30 ----A---- C:\WINDOWS\system32\ixsso.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\itss.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\itircl.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ir32_32.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipxwan.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipxsap.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipxrtmgr.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipxroute.exe
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipxrip.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipxpromn.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipxmontr.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipv6mon.dll
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipv6.exe
2008-11-28 22:03:29 ----A---- C:\WINDOWS\system32\ipsmsnap.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\ipsecsnp.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\ipsec6.exe
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\iprtrmgr.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\iprtprio.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\iprop.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\ippromon.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\ipmontr.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\ipconfig.exe
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\iologmsg.dll
2008-11-28 22:03:28 ----A---- C:\WINDOWS\system32\inseng.dll
2008-11-28 22:03:27 ----A---- C:\WINDOWS\system32\input.dll
2008-11-28 22:03:27 ----A---- C:\WINDOWS\system32\initpki.dll
2008-11-28 22:03:27 ----A---- C:\WINDOWS\system32\infosoft.dll
2008-11-28 22:03:27 ----A---- C:\WINDOWS\system32\inetppui.dll
2008-11-28 22:03:27 ----A---- C:\WINDOWS\system32\inetpp.dll
2008-11-28 22:03:27 ----A---- C:\WINDOWS\system32\inetmib1.dll
2008-11-28 22:03:27 ----A---- C:\WINDOWS\system32\inetcplc.dll
2008-11-28 22:03:26 ----A---- C:\WINDOWS\system32\imm32.dll
2008-11-28 22:03:26 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-11-28 22:03:26 ----A---- C:\WINDOWS\system32\imeshare.dll
2008-11-28 22:03:26 ----A---- C:\WINDOWS\system32\imapi.exe
2008-11-28 22:03:26 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-11-28 22:03:26 ----A---- C:\WINDOWS\system32\iissuba.dll
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\igmpagnt.dll
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\ifsutil.dll
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\ifmon.dll
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\iexpress.exe
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-11-28 22:03:24 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\idq.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\icmui.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\icmp.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\icm32.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iccvid.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iassvcs.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iassdo.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iassam.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iasrecst.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iasrad.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iaspolcy.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iasnap.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iashlpr.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iasads.dll
2008-11-28 22:03:23 ----A---- C:\WINDOWS\system32\iasacct.dll
2008-11-28 22:03:22 ----A---- C:\WINDOWS\system32\htui.dll
2008-11-28 22:03:22 ----A---- C:\WINDOWS\system32\httpapi.dll
2008-11-28 22:03:21 ----A---- C:\WINDOWS\system32\netsetup.exe
2008-11-28 22:03:21 ----A---- C:\WINDOWS\system32\hotplug.dll
2008-11-28 22:03:21 ----A---- C:\WINDOWS\system32\hostname.exe
2008-11-28 22:03:21 ----A---- C:\WINDOWS\system32\hnetwiz.dll
2008-11-28 22:03:21 ----A---- C:\WINDOWS\system32\hnetmon.dll
2008-11-28 22:03:21 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2008-11-28 22:03:21 ----A---- C:\WINDOWS\system32\hlink.dll
2008-11-28 22:03:19 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-11-28 22:03:19 ----A---- C:\WINDOWS\system32\help.exe
2008-11-28 22:03:19 ----A---- C:\WINDOWS\hh.exe
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\h323msp.dll
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\grpconv.exe
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\graphics.com
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\graftabl.com
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\gptext.dll
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\gpresult.exe
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\gpkrsrc.dll
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\gpkcsp.dll
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\gpedit.msc
2008-11-28 22:03:18 ----A---- C:\WINDOWS\system32\gpedit.dll
2008-11-28 22:03:16 ----A---- C:\WINDOWS\system32\glu32.dll
2008-11-28 22:03:16 ----A---- C:\WINDOWS\system32\glmf32.dll
2008-11-28 22:03:16 ----A---- C:\WINDOWS\system32\getmac.exe
2008-11-28 22:03:15 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-11-28 22:03:15 ----A---- C:\WINDOWS\system32\gdi.exe
2008-11-28 22:03:15 ----A---- C:\WINDOWS\system32\gcdef.dll
2008-11-28 22:03:14 ----A---- C:\WINDOWS\system32\fwcfg.dll
2008-11-28 22:03:14 ----A---- C:\WINDOWS\system32\ftsrch.dll
2008-11-28 22:03:14 ----A---- C:\WINDOWS\system32\ftp.exe
2008-11-28 22:03:14 ----A---- C:\WINDOWS\system32\fsutil.exe
2008-11-28 22:03:14 ----A---- C:\WINDOWS\system32\fsusd.dll
2008-11-28 22:03:14 ----A---- C:\WINDOWS\system32\fsmgmt.msc
2008-11-28 22:03:14 ----A---- C:\WINDOWS\system32\framebuf.dll
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\format.com
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\forcedos.exe
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\fontview.exe
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\fontsub.dll
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\fontext.dll
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\fmifs.dll
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\fixmapi.exe
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\finger.exe
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\findstr.exe
2008-11-28 22:03:13 ----A---- C:\WINDOWS\system32\find.exe
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\filemgmt.dll
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\feclient.dll
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\fdeploy.dll
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\fde.dll
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\fc.exe
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\faultrep.dll
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\fastopen.exe
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\exts.dll
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\extrac32.exe
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-11-28 22:03:12 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-11-28 22:03:11 ----A---- C:\WINDOWS\system32\expand.exe
2008-11-28 22:03:11 ----A---- C:\WINDOWS\system32\exe2bin.exe
2008-11-28 22:03:11 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2008-11-28 22:03:11 ----A---- C:\WINDOWS\explorer.exe
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eventvwr.msc
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eventvwr.exe
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eventquery.vbs
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eventlog.dll
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eventcreate.exe
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eventcls.dll
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eula.txt
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\eudcedit.exe
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\esentutl.exe
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\esentprf.ini
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\esentprf.dll
2008-11-28 22:03:10 ----A---- C:\WINDOWS\system32\esent97.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\esent.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\es.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\ersvc.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\encdec.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\encapi.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\els.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\edlin.exe
2008-11-28 22:03:09 ----A---- C:\WINDOWS\system32\edb500.dll
2008-11-28 22:03:08 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-11-28 22:03:08 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-11-28 22:03:08 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\duser.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dumprep.exe
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dswave.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dsuiext.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dssenh.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dssec.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dsquery.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dsprpres.dll
2008-11-28 22:03:07 ----A---- C:\WINDOWS\system32\dsprop.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\dsound.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\dskquoui.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\dskquota.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\dsauth.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\ds32gt.dll
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\ds16gt.dLL
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\drwtsn32.exe
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\drwatson.exe
2008-11-28 22:03:06 ----A---- C:\WINDOWS\system32\driverquery.exe
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpwsock.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpserial.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnwsock.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnmodem.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dplay.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dpcdll.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dosx.exe
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\doskey.exe
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\docprop2.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\docprop.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dnsapi.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-11-28 22:02:33 ----A---- C:\WINDOWS\system32\dmserver.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmremote.exe
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmocx.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmintf.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmime.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmdskres.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmdskmgr.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmdlgs.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmconfig.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmband.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dmadmin.exe
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dllhst3g.exe
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dllhost.exe
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\dispex.dll
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\diskperf.exe
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\diskpart.exe
2008-11-28 22:02:32 ----A---- C:\WINDOWS\system32\diskmgmt.msc
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\diskcopy.dll
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\diskcopy.com
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\diskcomp.com
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\dinput8.dll
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\dinput.dll
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\dimap.dll
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\digest.dll
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\diantz.exe
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\diactfrm.dll
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\dhcpsapi.dll
2008-11-28 22:02:31 ----A---- C:\WINDOWS\system32\dhcpmon.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dgnet.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dfrgui.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dfrgsnap.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dfrgres.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dfrg.msc
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\devmgr.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\devmgmt.msc
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\devenum.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\deskperf.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\deskmon.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\deskadp.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\defrag.exe
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\debug.exe
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\ddeshare.exe
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\ddeml.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dciman32.dll
2008-11-28 22:02:30 ----A---- C:\WINDOWS\system32\dbnmpntw.dll
2008-11-28 22:02:29 ----A---- C:\WINDOWS\system32\dbnetlib.dll
2008-11-28 22:02:29 ----A---- C:\WINDOWS\system32\dbmsrpcn.dll
2008-11-28 22:02:29 ----A---- C:\WINDOWS\system32\dbghelp.dll
2008-11-28 22:02:28 ----A---- C:\WINDOWS\system32\dbgeng.dll
2008-11-28 22:02:28 ----A---- C:\WINDOWS\system32\davclnt.dll
2008-11-28 22:02:28 ----A---- C:\WINDOWS\system32\datime.dll
2008-11-28 22:02:28 ----A---- C:\WINDOWS\system32\dataclen.dll
2008-11-28 22:02:28 ----A---- C:\WINDOWS\system32\danim.dll
2008-11-28 22:02:27 ----A---- C:\WINDOWS\system32\d3dxof.dll
2008-11-28 22:02:27 ----A---- C:\WINDOWS\system32\d3drm.dll
2008-11-28 22:02:27 ----A---- C:\WINDOWS\system32\d3dpmesh.dll
2008-11-28 22:02:27 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-11-28 22:02:27 ----A---- C:\WINDOWS\system32\d3dim.dll
2008-11-28 22:02:27 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-11-28 22:02:27 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\ctl3dv2.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\csseqchk.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\csrss.exe
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cscui.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cscript.exe
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cscdll.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cryptui.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cryptnet.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cryptext.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cryptdll.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\cryptdlg.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\crtdll.dll
2008-11-28 22:02:26 ----A---- C:\WINDOWS\system32\credui.dll
2008-11-28 22:02:25 ----A---- C:\WINDOWS\system32\corpol.dll
2008-11-28 22:02:25 ----A---- C:\WINDOWS\system32\convert.exe
2008-11-28 22:02:25 ----A---- C:\WINDOWS\system32\control.exe
2008-11-28 22:02:25 ----A---- C:\WINDOWS\system32\console.dll
2008-11-28 22:02:25 ----A---- C:\WINDOWS\system32\conime.exe
2008-11-28 22:02:25 ----A---- C:\WINDOWS\system32\confmsp.dll
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\comres.dll
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\compstui.dll
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\compobj.dll
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\compmgmt.msc
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\compatui.dll
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\compact.exe
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\comp.exe
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\commdlg.dll
2008-11-28 22:02:24 ----A---- C:\WINDOWS\system32\command.com
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\comcat.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\cnvfat.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\cnetcfg.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\cmutil.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\cmstp.exe
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\cmsetacl.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\cmpbk32.dll
2008-11-28 22:02:23 ----A---- C:\WINDOWS\system32\cmmon32.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\shellstyle.dll
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cmdl32.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cmdial32.dll
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cmd.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cmcfg32.dll
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\clusapi.dll
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\clipsrv.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cliconfg.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cliconfg.dll
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\clb.dll
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\ckcnv.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cisvc.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\cipher.exe
2008-11-28 22:02:22 ----A---- C:\WINDOWS\system32\ciodm.dll
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\cidaemon.exe
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\cic.dll
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\ciadv.msc
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\ciadmin.dll
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\chkntfs.exe
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\chkdsk.exe
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\chcp.com
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\certmgr.msc
2008-11-28 22:02:21 ----A---- C:\WINDOWS\system32\certmgr.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\certcli.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\cdosys.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\cdm.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\ccfgnt.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\cards.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\capesnpn.dll
2008-11-28 22:02:20 ----A---- C:\WINDOWS\system32\camocx.dll
2008-11-28 22:02:19 ----A---- C:\WINDOWS\system32\cacls.exe
2008-11-28 22:02:19 ----A---- C:\WINDOWS\system32\cabview.dll
2008-11-28 22:02:19 ----A---- C:\WINDOWS\system32\cabinet.dll
2008-11-28 22:02:18 ----A---- C:\WINDOWS\system32\btpanui.dll
2008-11-28 22:02:18 ----A---- C:\WINDOWS\system32\browsewm.dll
2008-11-28 22:02:17 ----A---- C:\WINDOWS\system32\browseui.dll
2008-11-28 22:02:17 ----A---- C:\WINDOWS\system32\browser.dll
2008-11-28 22:02:17 ----A---- C:\WINDOWS\system32\browselc.dll
2008-11-28 22:02:16 ----A---- C:\WINDOWS\system32\bootvrfy.exe
2008-11-28 22:02:16 ----A---- C:\WINDOWS\system32\bootvid.dll
2008-11-28 22:02:16 ----A---- C:\WINDOWS\system32\bootok.exe
2008-11-28 22:02:16 ----A---- C:\WINDOWS\system32\bootcfg.exe
2008-11-28 22:02:16 ----A---- C:\WINDOWS\system32\bidispl.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\batmeter.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\basesrv.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\avifile.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\avifil32.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\avicap32.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\avicap.dll
2008-11-28 22:02:15 ----A---- C:\WINDOWS\system32\autolfn.exe
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\autofmt.exe
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\autodisc.dll
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\autochk.exe
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\authz.dll
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\auditusr.exe
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\audiosrv.dll
2008-11-28 22:02:14 ----A---- C:\WINDOWS\system32\attrib.exe
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\atmpvcno.dll
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\atmlib.dll
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\atmfd.dll
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\atmadm.exe
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\atl.dll
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\atkctrs.dll
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\at.exe
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\asycfilt.dll
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\asr_ldm.exe
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2008-11-28 22:02:13 ----A---- C:\WINDOWS\system32\arp.exe
2008-11-28 22:02:12 ----A---- C:\WINDOWS\system32\appmgr.dll
2008-11-28 22:02:12 ----A---- C:\WINDOWS\system32\appmgmts.dll
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\apphelp.dll
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\append.exe
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\apcups.dll
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\amstream.dll
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\alrsvc.dll
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\alg.exe
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\ahui.exe
2008-11-28 22:02:11 ----A---- C:\WINDOWS\system32\advpack.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\adsnw.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\adsnt.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\adsnds.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\adsmsext.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\adsldpc.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\adsldp.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\adptif.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\admparse.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\actxprxy.dll
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\actmovie.exe
2008-11-28 22:02:10 ----A---- C:\WINDOWS\system32\activeds.dll
2008-11-28 22:02:09 ----A---- C:\WINDOWS\system32\aclui.dll
2008-11-28 22:02:09 ----A---- C:\WINDOWS\system32\acledit.dll
2008-11-28 22:02:09 ----A---- C:\WINDOWS\system32\aaaamon.dll
2008-11-28 22:02:09 ----A---- C:\WINDOWS\system32\6to4svc.dll
2008-11-28 22:02:00 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-11-28 22:01:54 ----D---- C:\WINDOWS\setup.pss
2008-11-28 14:13:08 ----D---- C:\WINDOWS\dell
2008-11-25 18:20:00 ----D---- C:\Program Files\hijackthis
2008-11-25 09:45:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-25 08:07:11 ----HD---- C:\$AVG8.VAULT$
2008-11-25 08:03:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-24 22:07:09 ----A---- C:\WINDOWS\system32\TDSSlxwp.dll
2008-11-24 22:07:06 ----A---- C:\WINDOWS\system32\407.tmp
2008-11-24 22:06:59 ----A---- C:\WINDOWS\system32\403.tmp
2008-11-23 18:19:59 ----D---- C:\Documents and Settings\KO\Application Data\Malwarebytes
2008-11-23 17:20:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-23 17:16:14 ----D---- C:\Program Files\Symantec
2008-11-23 17:03:17 ----A---- C:\WINDOWS\system32\1DC.tmp
2008-11-23 17:03:16 ----A---- C:\WINDOWS\system32\1DA.tmp
2008-11-23 17:00:18 ----A---- C:\WINDOWS\system32\1D9.tmp
2008-11-23 17:00:16 ----A---- C:\WINDOWS\system32\1D7.tmp
2008-11-23 16:41:20 ----A---- C:\WINDOWS\system32\2AF.tmp
2008-11-23 16:41:19 ----A---- C:\WINDOWS\system32\2AC.tmp
2008-11-23 13:18:22 ----A---- C:\WINDOWS\system32\msln.exe
2008-11-23 12:48:43 ----A---- C:\Program Files\Common Files\lysa.vbs
2008-11-23 12:48:43 ----A---- C:\Documents and Settings\All Users\Application Data\kybapypeb.bat
2008-11-23 12:45:03 ----A---- C:\WINDOWS\system32\delself.bat
2008-11-23 12:45:03 ----A---- C:\WINDOWS\system32\84F.tmp
2008-11-23 12:45:00 ----A---- C:\WINDOWS\system32\84D.tmp
2008-11-09 07:58:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-09 07:58:03 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-09 07:58:03 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2008-12-03 22:24:53 ----D---- C:\WINDOWS\Temp
2008-12-03 20:39:58 ----D---- C:\Program Files\Mozilla Firefox
2008-12-03 13:07:37 ----D---- C:\Documents and Settings\KO\Application Data\U3
2008-12-03 12:59:33 ----HD---- C:\WINDOWS\inf
2008-12-03 12:59:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 12:51:19 ----D---- C:\WINDOWS\system32
2008-12-03 12:51:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 12:49:21 ----D---- C:\WINDOWS
2008-12-03 12:47:18 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-12-03 11:17:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 10:31:55 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-03 10:17:07 ----SHD---- C:\WINDOWS\Installer
2008-12-03 10:17:07 ----HD---- C:\Config.Msi
2008-12-03 10:16:23 ----A---- C:\WINDOWS\win.ini
2008-12-03 10:14:22 ----RSD---- C:\WINDOWS\assembly
2008-12-03 10:11:45 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 10:11:45 ----D---- C:\Program Files\Common Files
2008-12-03 10:11:41 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 10:10:07 ----D---- C:\Program Files\Common Files\HP
2008-12-03 10:03:39 ----D---- C:\WINDOWS\WinSxS
2008-12-03 10:03:18 ----D---- C:\WINDOWS\twain_32
2008-12-03 10:03:07 ----RD---- C:\Program Files
2008-12-03 09:03:08 ----D---- C:\Documents and Settings\KO\Application Data\Image Zone Express
2008-12-03 08:28:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 08:28:40 ----D---- C:\WINDOWS\Help
2008-11-29 11:13:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-29 11:13:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-29 11:11:19 ----D---- C:\dell
2008-11-29 10:48:12 ----D---- C:\Program Files\Apple Software Update
2008-11-29 10:48:07 ----SD---- C:\WINDOWS\Tasks
2008-11-29 10:46:10 ----D---- C:\Program Files\Real
2008-11-29 10:46:09 ----D---- C:\Program Files\Common Files\Real
2008-11-29 10:45:46 ----D---- C:\Documents and Settings\KO\Application Data\Real
2008-11-29 10:16:40 ----A---- C:\WINDOWS\imsins.BAK
2008-11-29 10:16:15 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-29 10:03:11 ----A---- C:\WINDOWS\setuplog.txt
2008-11-29 10:02:14 ----D---- C:\WINDOWS\system32\wbem
2008-11-29 10:02:14 ----D---- C:\WINDOWS\system32\Setup
2008-11-29 10:02:14 ----D---- C:\WINDOWS\AppPatch
2008-11-29 10:02:14 ----D---- C:\Program Files\Internet Explorer
2008-11-29 10:01:17 ----D---- C:\WINDOWS\security
2008-11-29 09:59:45 ----D---- C:\Program Files\Messenger
2008-11-29 09:55:24 ----D---- C:\Program Files\Windows Media Player
2008-11-29 09:54:37 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-29 09:54:36 ----D---- C:\WINDOWS\network diagnostic
2008-11-29 09:54:36 ----D---- C:\WINDOWS\ime
2008-11-29 09:54:13 ----D---- C:\WINDOWS\system32\usmt
2008-11-29 09:54:12 ----D---- C:\WINDOWS\PeerNet
2008-11-29 09:54:11 ----D---- C:\Program Files\Movie Maker
2008-11-29 09:47:20 ----D---- C:\WINDOWS\system32\Restore
2008-11-29 09:47:19 ----D---- C:\WINDOWS\system32\npp
2008-11-29 09:47:19 ----D---- C:\WINDOWS\mui
2008-11-29 09:47:17 ----D---- C:\WINDOWS\msagent
2008-11-29 09:47:14 ----D---- C:\WINDOWS\srchasst
2008-11-29 09:47:12 ----D---- C:\Program Files\NetMeeting
2008-11-29 09:47:09 ----D---- C:\WINDOWS\system32\Com
2008-11-29 09:47:03 ----D---- C:\Program Files\Windows NT
2008-11-29 09:47:03 ----D---- C:\Program Files\Outlook Express
2008-11-29 09:46:57 ----D---- C:\Program Files\Common Files\System
2008-11-29 09:46:18 ----D---- C:\WINDOWS\system32\oobe
2008-11-29 09:46:15 ----D---- C:\WINDOWS\system
2008-11-29 09:33:43 ----D---- C:\WINDOWS\ehome
2008-11-29 09:08:51 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-29 03:17:25 ----A---- C:\WINDOWS\Setup1.exe
2008-11-29 03:05:31 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-29 01:57:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-29 01:27:00 ----SHD---- C:\System Volume Information
2008-11-29 01:26:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-29 00:04:14 ----D---- C:\WINDOWS\Registration
2008-11-28 23:59:47 ----D---- C:\WINDOWS\system32\config
2008-11-28 23:52:58 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-28 23:52:50 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-28 23:52:22 ----D---- C:\WINDOWS\system32\ias
2008-11-28 23:51:47 ----RD---- C:\WINDOWS\Web
2008-11-28 23:51:35 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-28 23:47:34 ----SH---- C:\boot.ini
2008-11-28 23:43:36 ----D---- C:\Program Files\Apoint
2008-11-28 23:21:09 ----D---- C:\drivers
2008-11-28 23:19:19 ----A---- C:\WINDOWS\system.ini
2008-11-28 23:19:03 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-28 21:43:23 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-28 21:04:54 ----SD---- C:\Documents and Settings\KO\Application Data\Microsoft
2008-11-28 14:19:19 ----D---- C:\WINDOWS\Media
2008-11-28 14:14:45 ----D---- C:\WINDOWS\system32\icsxml
2008-11-28 14:13:59 ----D---- C:\WINDOWS\system32\1033
2008-11-28 14:13:08 ----D---- C:\WINDOWS\Driver Cache
2008-11-26 01:11:40 ----RSHD---- C:\RECYCLER
2008-11-25 08:24:26 ----D---- C:\i386
2008-11-23 17:15:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-23 16:48:15 ----D---- C:\Program Files\Yahoo!
2008-11-12 23:48:08 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-09 07:58:03 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081203.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSP;Symantec Real Time Storage Protection; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SRTSP.SYS []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SRTSPX.SYS []
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2008-04-07 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-01-31 12672]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-12 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-22 56576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-01-31 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-01-31 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-18 5707744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081203.036\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081203.036\NAVEX15.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-18 1228296]
R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SYMFW.SYS []
R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-11-29 35888]
R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NIS\1001000.021\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-01-31 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-11-29 35888]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2008-11-29 115560]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2008-11-25 90112]
S2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe []
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-01 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-01-23 1251720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-08-01 238968]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-12-03 22:25:17

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
biolsp patch-->MsiExec.exe /I{E6095BEA-8C97-4342-B771-13BB72AC1D88}
Broadcom ASF Management Applications-->MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Document Manager Lite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
EMBASSY Security Center-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}
EMBASSY Trust Suite by Wave Systems-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
ETS Launch Pad-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3} /l1033
ETS Upgrade-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{72FECEA1-E87F-4192-89FA-D0FBF92885BB}
Flash Card Manager-->MsiExec.exe /I{27756DE8-C0F8-4BFD-AF13-7C985912B6D0}
FreeAgent Pro Tools-->C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Great Craps-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\accgames\craps\ST6UNST.LOG"
HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B0-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyFonts Order M612699-->MsiExec.exe /I{33D13284-87B2-3304-3043-64800807F0C4}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.1.0.33\InstStub.exe /X
NTRU Hybrid TSS v2.0.25-->MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Preboot Manager-->MsiExec.exe /I{EE2EE62C-E27D-486A-AF6D-FA4A06E67476}
Private Information Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809} /l1033
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Secure Update-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50} /l1033
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Wizards-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1033
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
upekmsi-->MsiExec.exe /I{BE40EC9E-9466-4288-916D-C1D6C13F4A40}
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Wave Infrastructure Installer-->MsiExec.exe /I{CDD4761A-3D3F-4487-9AAF-7855A36E0D31}
Wave Support Software-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{07D618CD-B016-438A-ADC9-A75BD23F85CE} /l1033
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:10:50 AM

Posted 07 December 2008 - 07:17 PM

Sorry for the delay again.

Please download ComboFix, visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review, along with a fresh HijackThis long

#7 ko48

ko48
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 10 December 2008 - 11:52 AM

Thanks again; here is my ComboFix log file:
---------------------------------------------------------

ComboFix 08-12-09.03 - KO 2008-12-10 8:37:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.394 [GMT -8:00]
Running from: c:\documents and settings\KO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KO\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KO\Local Settings\Temporary Internet Files\caxasamege.vbs
c:\documents and settings\KO\Local Settings\Temporary Internet Files\fozavytu.dat
c:\documents and settings\KO\Local Settings\Temporary Internet Files\iqomu.dl
c:\documents and settings\KO\Local Settings\Temporary Internet Files\kucicod.dat
c:\documents and settings\KO\Local Settings\Temporary Internet Files\qepapi.scr
c:\windows\system32\DelSelf.bat
c:\windows\system32\hpowiax2.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSmtyh.dat
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-05 22:54 . 2008-12-05 23:07 <DIR> d-------- c:\windows\system32\Adobe
2008-12-03 22:24 . 2008-12-03 22:25 <DIR> d-------- C:\rsit
2008-12-03 10:13 . 2008-12-03 10:13 <DIR> d-------- C:\bin
2008-12-03 10:11 . 2008-12-03 10:11 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-03 10:11 . 2008-12-03 10:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-03 10:03 . 2008-12-03 10:05 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-03 10:00 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-12-03 09:59 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-03 09:53 . 2008-12-03 10:20 117,102 --a------ c:\windows\hpoins11.dat
2008-12-03 09:49 . 2006-05-05 13:18 11,634 --a------ c:\windows\hpomdl11.dat
2008-11-29 11:14 . 2008-11-29 11:14 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-29 11:14 . 2008-11-29 11:14 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-11-29 11:13 . 2008-11-29 11:13 <DIR> d-------- c:\program files\DellTPad
2008-11-29 11:13 . 2006-11-02 08:09 1,419,232 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-11-29 03:39 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-29 03:39 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-29 03:39 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-29 03:36 . 2004-08-04 02:00 572,557 -----c--- c:\windows\system32\dllcache\rtuner.wmv
2008-11-29 03:35 . 2008-04-13 16:12 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll
2008-11-29 03:35 . 2004-08-04 02:00 457,607 -----c--- c:\windows\system32\dllcache\mdlib.wmv
2008-11-29 03:35 . 2008-04-13 16:10 294,912 -----c--- c:\windows\system32\dllcache\msaud32.acm
2008-11-29 03:35 . 2004-08-04 02:00 97,117 -----c--- c:\windows\system32\dllcache\mplayer2.hlp
2008-11-29 03:35 . 2008-04-13 09:27 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2008-11-29 03:35 . 2004-08-04 02:00 22,060 -----c--- c:\windows\system32\dllcache\npds.zip
2008-11-29 03:35 . 2004-08-04 02:00 18,286 -----c--- c:\windows\system32\dllcache\mplayer2.inf
2008-11-29 03:35 . 2004-08-04 02:00 2,778 -----c--- c:\windows\system32\dllcache\mplogoh.gif
2008-11-29 03:35 . 2004-08-04 02:00 2,545 -----c--- c:\windows\system32\dllcache\mplogo.gif
2008-11-29 03:35 . 2004-08-04 02:00 1,885 -----c--- c:\windows\system32\dllcache\mplayer2.cnt
2008-11-29 03:35 . 2004-08-04 02:00 403 -----c--- c:\windows\system32\dllcache\npdrmv2.zip
2008-11-29 03:34 . 2008-04-13 16:09 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm
2008-11-29 03:32 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-29 03:32 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-29 03:32 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-29 03:32 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-29 03:32 . 2008-05-01 06:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-29 03:32 . 2004-08-04 02:00 999 -----c--- c:\windows\system32\dllcache\bktrh.gif
2008-11-29 03:12 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-29 03:11 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-29 03:11 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-29 02:42 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-29 02:42 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\windows\system32\drivers\NIS
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-29 01:26 . 2008-11-29 01:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-29 01:26 . 2008-11-29 01:26 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-29 01:26 . 2008-11-29 01:26 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-29 01:26 . 2008-11-29 01:26 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-11-29 01:25 . 2008-11-29 01:25 <DIR> d-------- c:\program files\NortonInstaller
2008-11-29 01:25 . 2008-11-29 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-29 00:11 . 2007-05-18 08:45 172,032 --a------ c:\windows\system32\igfxres.dll
2008-11-29 00:10 . 2008-11-29 00:10 2,422 --a------ c:\windows\system32\wpa.bak
2008-11-28 23:56 . 2004-08-04 02:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-11-28 23:55 . 2008-04-13 16:09 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-28 23:54 . 2004-08-04 02:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2008-11-28 23:53 . 2004-08-04 02:00 169,984 --a--c--- c:\windows\system32\dllcache\iisui.dll
2008-11-28 23:53 . 2004-08-04 02:00 94,720 --a--c--- c:\windows\system32\dllcache\certmap.ocx
2008-11-28 23:53 . 2004-08-04 02:00 49,664 --a--c--- c:\windows\system32\dllcache\adrot.dll
2008-11-28 23:53 . 2004-08-04 02:00 19,968 --a--c--- c:\windows\system32\dllcache\inetsloc.dll
2008-11-28 23:53 . 2004-08-04 02:00 14,336 --a--c--- c:\windows\system32\dllcache\iisreset.exe
2008-11-28 23:53 . 2004-08-04 02:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe
2008-11-28 23:53 . 2004-08-04 02:00 7,168 --a--c--- c:\windows\system32\dllcache\wamregps.dll
2008-11-28 23:53 . 2004-08-04 02:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpsapi2.dll
2008-11-28 23:53 . 2004-08-04 02:00 6,144 --a--c--- c:\windows\system32\dllcache\admxprox.dll
2008-11-28 23:53 . 2004-08-04 02:00 5,632 --a--c--- c:\windows\system32\dllcache\iisrstap.dll
2008-11-28 23:53 . 2001-08-17 22:36 5,632 --a--c--- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2008-11-28 23:51 . 2004-08-04 02:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-28 23:43 . 2008-11-25 08:35 303,104 --a------ c:\windows\stsystra.exe
2008-11-28 23:43 . 2008-11-25 08:35 90,112 --a------ c:\windows\system32\stacsv.exe
2008-11-28 23:19 . 2006-03-30 02:03 22,339 -ra------ c:\windows\SET91.tmp
2008-11-28 23:19 . 2005-03-30 09:54 10,559 -ra------ c:\windows\SET92.tmp
2008-11-28 23:18 . 2004-08-04 02:00 1,086,058 -ra------ c:\windows\SET4A.tmp
2008-11-28 23:18 . 2004-08-04 02:00 1,042,903 -ra------ c:\windows\SET47.tmp
2008-11-28 23:18 . 2004-08-04 02:00 13,753 -ra------ c:\windows\SET56.tmp
2008-11-28 22:23 . 2004-08-04 02:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2008-11-28 22:23 . 2004-08-04 02:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2008-11-28 22:23 . 2004-08-04 02:00 13,312 --a------ c:\windows\system32\irclass.dll
2008-11-28 22:23 . 2004-08-04 02:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2008-11-28 22:05 . 2004-08-04 02:00 3,374,640 --a--c--- c:\windows\system32\dllcache\tourW.exe
2008-11-28 22:04 . 2005-03-21 15:48 13,107,200 --a------ c:\windows\system32\oembios.bin
2008-11-28 22:03 . 2004-08-04 02:00 3,440,660 --a------ c:\windows\system32\drivers\gm.dls
2008-11-28 22:02 . 2008-04-13 16:11 2,091,520 --a------ c:\windows\system32\cdosys.dll
2008-11-28 14:13 . 2008-11-28 14:13 <DIR> d-------- c:\windows\dell
2008-11-25 21:12 . 2008-11-25 21:12 <DIR> d-------- c:\documents and settings\KO\DoctorWeb
2008-11-25 18:07 . 2008-11-25 18:07 145 --a------ C:\Shortcut to CD Drive.lnk
2008-11-25 08:07 . 2008-11-25 08:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-25 08:03 . 2008-11-26 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-24 22:07 . 2008-11-25 07:44 2,274 --a------ c:\windows\system32\TDSSlxwp.dll
2008-11-24 22:07 . 2008-11-24 22:07 64 --a------ c:\windows\system32\edl.dat
2008-11-24 22:07 . 2008-11-24 22:07 0 --a------ c:\windows\system32\407.tmp
2008-11-24 22:06 . 2008-11-24 22:07 132 --a------ c:\windows\system32\403.tmp
2008-11-23 18:19 . 2008-11-23 18:19 <DIR> d-------- c:\documents and settings\KO\Application Data\Malwarebytes
2008-11-23 17:20 . 2008-11-23 17:20 <DIR> d-------- c:\documents and settings\John\Application Data\Malwarebytes
2008-11-23 17:20 . 2008-11-23 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 17:16 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Symantec
2008-11-23 17:03 . 2008-11-23 17:03 48 --a------ c:\windows\system32\1DA.tmp
2008-11-23 17:03 . 2008-11-23 17:03 0 --a------ c:\windows\system32\1DC.tmp
2008-11-23 17:00 . 2008-11-23 17:00 48 --a------ c:\windows\system32\1D7.tmp
2008-11-23 17:00 . 2008-11-23 17:00 0 --a------ c:\windows\system32\1D9.tmp
2008-11-23 16:41 . 2008-11-23 16:41 48 --a------ c:\windows\system32\2AC.tmp
2008-11-23 16:41 . 2008-11-23 16:41 0 --a------ c:\windows\system32\2AF.tmp
2008-11-23 12:48 . 2008-11-23 12:48 19,638 --a------ c:\windows\oqecara.dl
2008-11-23 12:48 . 2008-11-23 12:48 19,556 --a------ c:\windows\guwuk.reg
2008-11-23 12:48 . 2008-11-23 12:48 17,734 --a------ c:\windows\fire.scr
2008-11-23 12:48 . 2008-11-23 12:48 17,335 --a------ c:\documents and settings\KO\Application Data\iduza.sys
2008-11-23 12:48 . 2008-11-23 12:48 17,129 --a------ c:\windows\ivamylelub.db
2008-11-23 12:48 . 2008-11-23 12:48 16,628 --a------ c:\windows\system32\tuberagan.pif
2008-11-23 12:48 . 2008-11-23 12:48 16,130 --a------ c:\windows\novahi._sy
2008-11-23 12:48 . 2008-11-23 12:48 15,846 --a------ c:\documents and settings\KO\Application Data\navixysyv.sys
2008-11-23 12:48 . 2008-11-23 12:48 15,679 --a------ c:\windows\qerisyrodu._dl
2008-11-23 12:48 . 2008-11-23 12:48 14,705 --a------ c:\program files\Common Files\sorifadoha.reg
2008-11-23 12:48 . 2008-11-23 12:48 14,080 --a------ c:\documents and settings\All Users\Application Data\zigyvo.sys
2008-11-23 12:48 . 2008-11-23 12:48 13,899 --a------ c:\windows\byfifit.lib
2008-11-23 12:48 . 2008-11-23 12:48 13,820 --a------ c:\windows\gedum.inf
2008-11-23 12:48 . 2008-11-23 12:48 11,897 --a------ c:\program files\Common Files\lysa.vbs
2008-11-23 12:48 . 2008-11-23 12:48 10,668 --a------ c:\documents and settings\All Users\Application Data\kybapypeb.bat
2008-11-23 12:45 . 2008-11-23 12:45 48 --a------ c:\windows\system32\84D.tmp
2008-11-23 12:45 . 2008-11-23 12:45 0 --a------ c:\windows\system32\84F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 21:07 --------- d-----w c:\documents and settings\KO\Application Data\U3
2008-12-03 18:10 --------- d-----w c:\program files\Common Files\HP
2008-12-03 17:03 --------- d-----w c:\documents and settings\KO\Application Data\Image Zone Express
2008-11-29 18:48 --------- d-----w c:\program files\Apple Software Update
2008-11-29 18:46 --------- d-----w c:\program files\Real
2008-11-29 18:46 --------- d-----w c:\program files\Common Files\Real
2008-11-29 11:17 253,952 ----a-w c:\windows\Setup1.exe
2008-11-29 09:26 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-29 09:26 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-29 09:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-29 07:43 --------- d-----w c:\program files\Apoint
2008-11-24 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-24 00:48 --------- d-----w c:\program files\Yahoo!
2008-11-13 07:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-09 15:58 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
1998-10-24 07:00 700 --sha-w c:\windows\system32\d7vmxdrv409586.sys
1998-10-24 07:00 700 --sha-w c:\windows\system32\jmvx2drv298756.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="stsystra.exe" [2008-11-25 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-06-12 50688]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SYMEFA.SYS [2008-11-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-29 255536]
R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys [2008-11-29 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081210.001\IDSxpx86.sys [2008-12-10 274808]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe" -service [2006-12-19 79432]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-29 99376]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCG-11CF-AAX5-81CX5C625612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - KO.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\KO\Application Data\Mozilla\Firefox\Profiles\55zkc9qf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPinfotl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 08:41:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\windows\System32\BCMLogon.dll
c:\windows\System32\MSVCP71.dll

- - - - - - - > 'lsass.exe'(1316)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\stacsv.exe
c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-12-10 8:47:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 16:46:22

Pre-Run: 59,068,493,824 bytes free
Post-Run: 60,819,075,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

325 --- E O F --- 2008-11-29 11:06:43

#8 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:10:50 AM

Posted 12 December 2008 - 06:43 PM

I still need that HijackThis log, please post with one in the next reply.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\oqecara.dl
c:\windows\guwuk.reg
c:\windows\fire.scr
c:\windows\ivamylelub.db
c:\windows\system32\tuberagan.pif
c:\windows\novahi._sy
c:\windows\qerisyrodu._dl
c:\program files\Common Files\sorifadoha.reg
c:\windows\byfifit.lib
c:\windows\gedum.inf
c:\program files\Common Files\lysa.vbs
c:\documents and settings\All Users\Application Data\kybapypeb.bat
c:\windows\system32\TDSSlxwp.dll
c:\documents and settings\KO\Application Data\iduza.sys
c:\windows\system32\d7vmxdrv409586.sys
c:\windows\system32\jmvx2drv298756.sys
c:\documents and settings\KO\Application Data\navixysyv.sys
c:\documents and settings\All Users\Application Data\zigyvo.sys



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply, along with that HijackThis Log

Thanks.

#9 ko48

ko48
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 13 December 2008 - 01:45 PM

Sorry about that. Here is the HijackThis file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:59 AM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SilkQuit Meter.lnk = C:\Program Files\valecam\SilkQuit\SilkQuit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227952653706
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7580 bytes

#10 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:10:50 AM

Posted 15 December 2008 - 07:21 AM

Hi, can I have to Combofix.txt log which was produced after saving and running the script I produced earlier please.

#11 ko48

ko48
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 18 December 2008 - 02:27 AM

D'oh. So sorry about that. Below is the ComboFix log, and, in case it is helpful, a new HijackThis log. Thank you!

-----------------------------------------------------------------------------------

ComboFix 08-12-09.03 - KO 2008-12-17 23:10:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.595 [GMT -8:00]
Running from: c:\documents and settings\KO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KO\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\kybapypeb.bat
c:\documents and settings\All Users\Application Data\zigyvo.sys
c:\documents and settings\KO\Application Data\iduza.sys
c:\documents and settings\KO\Application Data\navixysyv.sys
c:\program files\Common Files\lysa.vbs
c:\program files\Common Files\sorifadoha.reg
c:\windows\byfifit.lib
c:\windows\fire.scr
c:\windows\gedum.inf
c:\windows\guwuk.reg
c:\windows\ivamylelub.db
c:\windows\novahi._sy
c:\windows\oqecara.dl
c:\windows\qerisyrodu._dl
c:\windows\system32\d7vmxdrv409586.sys
c:\windows\system32\jmvx2drv298756.sys
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\tuberagan.pif
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\kybapypeb.bat
c:\documents and settings\All Users\Application Data\zigyvo.sys
c:\documents and settings\KO\Application Data\iduza.sys
c:\documents and settings\KO\Application Data\navixysyv.sys
c:\program files\Common Files\lysa.vbs
c:\program files\Common Files\sorifadoha.reg
c:\windows\byfifit.lib
c:\windows\fire.scr
c:\windows\gedum.inf
c:\windows\guwuk.reg
c:\windows\ivamylelub.db
c:\windows\novahi._sy
c:\windows\oqecara.dl
c:\windows\qerisyrodu._dl
c:\windows\system32\d7vmxdrv409586.sys
c:\windows\system32\jmvx2drv298756.sys
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\tuberagan.pif

.
((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-12 13:10 . 2008-12-12 13:10 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-11 08:01 . 2008-12-11 08:04 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-10 10:03 . 2008-12-10 10:03 <DIR> d-------- c:\windows\Cache
2008-12-10 10:03 . 2008-12-10 10:03 <DIR> d-------- c:\program files\Coupons
2008-12-10 10:03 . 2008-12-10 10:03 197,976 -ra------ c:\windows\system32\cpnprt2.cid
2008-12-05 22:54 . 2008-12-05 23:07 <DIR> d-------- c:\windows\system32\Adobe
2008-12-03 22:24 . 2008-12-03 22:25 <DIR> d-------- C:\rsit
2008-12-03 10:13 . 2008-12-03 10:13 <DIR> d-------- C:\bin
2008-12-03 10:11 . 2008-12-03 10:11 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-03 10:11 . 2008-12-03 10:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-03 10:03 . 2008-12-03 10:05 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-03 10:00 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-12-03 09:59 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-03 09:53 . 2008-12-03 10:20 117,102 --a------ c:\windows\hpoins11.dat
2008-12-03 09:49 . 2006-05-05 13:18 11,634 --a------ c:\windows\hpomdl11.dat
2008-11-29 11:14 . 2008-11-29 11:14 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-29 11:14 . 2008-11-29 11:14 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-11-29 11:13 . 2008-11-29 11:13 <DIR> d-------- c:\program files\DellTPad
2008-11-29 11:13 . 2006-11-02 08:09 1,419,232 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-11-29 03:39 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-29 03:39 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-29 03:39 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-29 03:36 . 2004-08-04 02:00 572,557 -----c--- c:\windows\system32\dllcache\rtuner.wmv
2008-11-29 03:35 . 2008-04-13 16:12 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll
2008-11-29 03:35 . 2004-08-04 02:00 457,607 -----c--- c:\windows\system32\dllcache\mdlib.wmv
2008-11-29 03:35 . 2008-04-13 16:10 294,912 -----c--- c:\windows\system32\dllcache\msaud32.acm
2008-11-29 03:35 . 2004-08-04 02:00 97,117 -----c--- c:\windows\system32\dllcache\mplayer2.hlp
2008-11-29 03:35 . 2008-04-13 09:27 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2008-11-29 03:35 . 2004-08-04 02:00 22,060 -----c--- c:\windows\system32\dllcache\npds.zip
2008-11-29 03:35 . 2004-08-04 02:00 18,286 -----c--- c:\windows\system32\dllcache\mplayer2.inf
2008-11-29 03:35 . 2004-08-04 02:00 2,778 -----c--- c:\windows\system32\dllcache\mplogoh.gif
2008-11-29 03:35 . 2004-08-04 02:00 2,545 -----c--- c:\windows\system32\dllcache\mplogo.gif
2008-11-29 03:35 . 2004-08-04 02:00 1,885 -----c--- c:\windows\system32\dllcache\mplayer2.cnt
2008-11-29 03:35 . 2004-08-04 02:00 403 -----c--- c:\windows\system32\dllcache\npdrmv2.zip
2008-11-29 03:34 . 2008-04-13 16:09 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm
2008-11-29 03:32 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-29 03:32 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-29 03:32 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-29 03:32 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-29 03:32 . 2008-05-01 06:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-29 03:32 . 2004-08-04 02:00 999 -----c--- c:\windows\system32\dllcache\bktrh.gif
2008-11-29 03:12 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-29 03:11 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-29 03:11 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-29 02:42 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-29 02:42 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\windows\system32\drivers\NIS
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-29 01:26 . 2008-11-29 01:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-29 01:26 . 2008-11-29 01:26 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-29 01:26 . 2008-11-29 01:26 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-29 01:26 . 2008-11-29 01:26 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-11-29 01:25 . 2008-11-29 01:25 <DIR> d-------- c:\program files\NortonInstaller
2008-11-29 01:25 . 2008-11-29 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-29 00:11 . 2007-05-18 08:45 172,032 --a------ c:\windows\system32\igfxres.dll
2008-11-29 00:10 . 2008-11-29 00:10 2,422 --a------ c:\windows\system32\wpa.bak
2008-11-28 23:56 . 2004-08-04 02:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-11-28 23:55 . 2008-04-13 16:09 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-28 23:54 . 2004-08-04 02:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2008-11-28 23:53 . 2004-08-04 02:00 169,984 --a--c--- c:\windows\system32\dllcache\iisui.dll
2008-11-28 23:53 . 2004-08-04 02:00 94,720 --a--c--- c:\windows\system32\dllcache\certmap.ocx
2008-11-28 23:53 . 2004-08-04 02:00 49,664 --a--c--- c:\windows\system32\dllcache\adrot.dll
2008-11-28 23:53 . 2004-08-04 02:00 19,968 --a--c--- c:\windows\system32\dllcache\inetsloc.dll
2008-11-28 23:53 . 2004-08-04 02:00 14,336 --a--c--- c:\windows\system32\dllcache\iisreset.exe
2008-11-28 23:53 . 2004-08-04 02:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe
2008-11-28 23:53 . 2004-08-04 02:00 7,168 --a--c--- c:\windows\system32\dllcache\wamregps.dll
2008-11-28 23:53 . 2004-08-04 02:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpsapi2.dll
2008-11-28 23:53 . 2004-08-04 02:00 6,144 --a--c--- c:\windows\system32\dllcache\admxprox.dll
2008-11-28 23:53 . 2004-08-04 02:00 5,632 --a--c--- c:\windows\system32\dllcache\iisrstap.dll
2008-11-28 23:53 . 2001-08-17 22:36 5,632 --a--c--- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2008-11-28 23:51 . 2004-08-04 02:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-28 23:43 . 2008-11-25 08:35 303,104 --a------ c:\windows\stsystra.exe
2008-11-28 23:43 . 2008-11-25 08:35 90,112 --a------ c:\windows\system32\stacsv.exe
2008-11-28 23:19 . 2006-03-30 02:03 22,339 -ra------ c:\windows\SET91.tmp
2008-11-28 23:19 . 2005-03-30 09:54 10,559 -ra------ c:\windows\SET92.tmp
2008-11-28 23:18 . 2004-08-04 02:00 1,086,058 -ra------ c:\windows\SET4A.tmp
2008-11-28 23:18 . 2004-08-04 02:00 1,042,903 -ra------ c:\windows\SET47.tmp
2008-11-28 23:18 . 2004-08-04 02:00 13,753 -ra------ c:\windows\SET56.tmp
2008-11-28 22:23 . 2004-08-04 02:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2008-11-28 22:23 . 2004-08-04 02:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2008-11-28 22:23 . 2004-08-04 02:00 13,312 --a------ c:\windows\system32\irclass.dll
2008-11-28 22:23 . 2004-08-04 02:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2008-11-28 22:05 . 2004-08-04 02:00 3,374,640 --a--c--- c:\windows\system32\dllcache\tourW.exe
2008-11-28 22:04 . 2005-03-21 15:48 13,107,200 --a------ c:\windows\system32\oembios.bin
2008-11-28 22:03 . 2004-08-04 02:00 3,440,660 --a------ c:\windows\system32\drivers\gm.dls
2008-11-28 22:02 . 2008-04-13 16:11 2,091,520 --a------ c:\windows\system32\cdosys.dll
2008-11-28 14:13 . 2008-11-28 14:13 <DIR> d-------- c:\windows\dell
2008-11-25 21:12 . 2008-11-25 21:12 <DIR> d-------- c:\documents and settings\KO\DoctorWeb
2008-11-25 18:07 . 2008-11-25 18:07 145 --a------ C:\Shortcut to CD Drive.lnk
2008-11-25 08:07 . 2008-11-25 08:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-25 08:03 . 2008-11-26 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-24 22:07 . 2008-11-24 22:07 64 --a------ c:\windows\system32\edl.dat
2008-11-24 22:07 . 2008-11-24 22:07 0 --a------ c:\windows\system32\407.tmp
2008-11-24 22:06 . 2008-11-24 22:07 132 --a------ c:\windows\system32\403.tmp
2008-11-23 18:19 . 2008-11-23 18:19 <DIR> d-------- c:\documents and settings\KO\Application Data\Malwarebytes
2008-11-23 17:20 . 2008-11-23 17:20 <DIR> d-------- c:\documents and settings\John\Application Data\Malwarebytes
2008-11-23 17:20 . 2008-11-23 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 17:16 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Symantec
2008-11-23 17:03 . 2008-11-23 17:03 48 --a------ c:\windows\system32\1DA.tmp
2008-11-23 17:03 . 2008-11-23 17:03 0 --a------ c:\windows\system32\1DC.tmp
2008-11-23 17:00 . 2008-11-23 17:00 48 --a------ c:\windows\system32\1D7.tmp
2008-11-23 17:00 . 2008-11-23 17:00 0 --a------ c:\windows\system32\1D9.tmp
2008-11-23 16:41 . 2008-11-23 16:41 48 --a------ c:\windows\system32\2AC.tmp
2008-11-23 16:41 . 2008-11-23 16:41 0 --a------ c:\windows\system32\2AF.tmp
2008-11-23 12:45 . 2008-11-23 12:45 48 --a------ c:\windows\system32\84D.tmp
2008-11-23 12:45 . 2008-11-23 12:45 0 --a------ c:\windows\system32\84F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 21:07 --------- d-----w c:\documents and settings\KO\Application Data\U3
2008-12-03 18:10 --------- d-----w c:\program files\Common Files\HP
2008-12-03 17:03 --------- d-----w c:\documents and settings\KO\Application Data\Image Zone Express
2008-11-29 18:48 --------- d-----w c:\program files\Apple Software Update
2008-11-29 18:46 --------- d-----w c:\program files\Real
2008-11-29 18:46 --------- d-----w c:\program files\Common Files\Real
2008-11-29 11:17 253,952 ----a-w c:\windows\Setup1.exe
2008-11-29 09:26 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-29 09:26 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-29 09:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-29 07:43 --------- d-----w c:\program files\Apoint
2008-11-24 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-24 00:48 --------- d-----w c:\program files\Yahoo!
2008-11-09 15:58 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_ 8.45.23.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-29 00:25:00 453,512 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
- 2008-11-13 07:48:09 1,165,584 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-11 15:33:06 1,165,584 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-13 07:48:10 20,240 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-11 15:33:07 20,240 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-13 07:48:10 159,504 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-11 15:33:06 159,504 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-13 07:48:10 217,864 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-11 15:33:07 217,864 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-13 07:48:10 18,704 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-11 15:33:07 18,704 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-13 07:48:10 35,088 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-11 15:33:07 35,088 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-13 07:48:10 845,584 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-11 15:33:07 845,584 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-13 07:48:10 922,384 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-11 15:33:07 922,384 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-13 07:48:10 272,648 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-11 15:33:07 272,648 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-13 07:48:10 888,080 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-11 15:33:07 888,080 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-13 07:48:09 1,172,240 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-11 15:33:06 1,172,240 ----a-r c:\windows\Installer\{91120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-04-14 00:12:24 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 11:11:20 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 05:30:53 3,067,904 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:30:51 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 -c----w c:\windows\system32\dllcache\shdocvw.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:30:52 619,520 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 01:00:11 619,520 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-20 05:30:51 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 01:00:11 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 00:12:09 1,053,184 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 14:11:46 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2008-04-14 00:12:58 2,109,440 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-11-08 00:45:32 2,174,976 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-04-14 00:11:54 285,184 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\system32\gdi32.dll
- 2008-04-14 00:12:24 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 11:11:20 103,936 ----a-w c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:30:51 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:00:10 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:07 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:02:42 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-20 05:30:52 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-20 05:30:51 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
- 2008-04-14 00:12:09 1,053,184 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 14:11:46 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2008-04-14 00:12:58 2,109,440 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-08 00:45:32 2,174,976 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-18 07:14:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="stsystra.exe" [2008-11-25 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-06-12 50688]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SYMEFA.SYS [2008-11-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;\??\c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-29 255536]
R1 ccHP;Symantec Hash Provider;\??\c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys [2008-11-29 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081212.001\IDSxpx86.sys [2008-12-15 274808]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe" -service [2006-12-19 79432]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-29 99376]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCG-11CF-AAX5-81CX5C625612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - KO.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\KO\Application Data\Mozilla\Firefox\Profiles\55zkc9qf.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPinfotl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 23:14:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\stacsv.exe
c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-12-17 23:17:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-18 07:16:47
ComboFix2.txt 2008-12-10 16:47:19

Pre-Run: 60,166,762,496 bytes free
Post-Run: 60,198,645,760 bytes free

400 --- E O F --- 2008-12-13 11:02:05


-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:05 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SilkQuit Meter.lnk = C:\Program Files\valecam\SilkQuit\SilkQuit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227952653706
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7583 bytes

#12 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:10:50 AM

Posted 19 December 2008 - 07:52 AM

We need to run combofix again.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\SET91.tmp
c:\windows\SET92.tmp
c:\windows\SET4A.tmp
c:\windows\SET47.tmp
c:\windows\SET56.tmp
c:\windows\system32\407.tmp
c:\windows\system32\403.tmp
c:\windows\system32\1DA.tmp
c:\windows\system32\1DC.tmp
c:\windows\system32\1D7.tmp
c:\windows\system32\1D9.tmp
c:\windows\system32\2AC.tmp
c:\windows\system32\2AF.tmp
c:\windows\system32\84D.tmp
c:\windows\system32\84F.tmp

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply, along with another HijackThis Log

Thanks.

#13 ko48

ko48
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 19 December 2008 - 07:34 PM

OK, here we go....updated ComboFix & HijackThis logs below. Thanks!

---------------------------------------------------------------------------------------------------------

ComboFix 08-12-18.03 - KO 2008-12-19 8:30:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.504 [GMT -8:00]
Running from: c:\documents and settings\KO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KO\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\SET47.tmp
c:\windows\SET4A.tmp
c:\windows\SET56.tmp
c:\windows\SET91.tmp
c:\windows\SET92.tmp
c:\windows\system32\1D7.tmp
c:\windows\system32\1D9.tmp
c:\windows\system32\1DA.tmp
c:\windows\system32\1DC.tmp
c:\windows\system32\2AC.tmp
c:\windows\system32\2AF.tmp
c:\windows\system32\403.tmp
c:\windows\system32\407.tmp
c:\windows\system32\84D.tmp
c:\windows\system32\84F.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SET47.tmp
c:\windows\SET4A.tmp
c:\windows\SET56.tmp
c:\windows\SET91.tmp
c:\windows\SET92.tmp
c:\windows\system32\1D7.tmp
c:\windows\system32\1D9.tmp
c:\windows\system32\1DA.tmp
c:\windows\system32\1DC.tmp
c:\windows\system32\2AC.tmp
c:\windows\system32\2AF.tmp
c:\windows\system32\403.tmp
c:\windows\system32\407.tmp
c:\windows\system32\84D.tmp
c:\windows\system32\84F.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-12 13:10 . 2008-12-12 13:10 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-11 08:01 . 2008-12-11 08:04 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-10 10:03 . 2008-12-10 10:03 <DIR> d-------- c:\windows\Cache
2008-12-10 10:03 . 2008-12-10 10:03 <DIR> d-------- c:\program files\Coupons
2008-12-10 10:03 . 2008-12-10 10:03 197,976 -ra------ c:\windows\system32\cpnprt2.cid
2008-12-05 22:54 . 2008-12-05 23:07 <DIR> d-------- c:\windows\system32\Adobe
2008-12-03 22:24 . 2008-12-03 22:25 <DIR> d-------- C:\rsit
2008-12-03 10:13 . 2008-12-03 10:13 <DIR> d-------- C:\bin
2008-12-03 10:11 . 2008-12-03 10:11 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-03 10:11 . 2008-12-03 10:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-03 10:03 . 2008-12-03 10:05 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-03 10:00 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll
2008-12-03 09:59 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-03 09:53 . 2008-12-03 10:20 117,102 --a------ c:\windows\hpoins11.dat
2008-12-03 09:49 . 2006-05-05 13:18 11,634 --a------ c:\windows\hpomdl11.dat
2008-11-29 11:14 . 2008-11-29 11:14 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-29 11:14 . 2008-11-29 11:14 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-11-29 11:13 . 2008-11-29 11:13 <DIR> d-------- c:\program files\DellTPad
2008-11-29 11:13 . 2006-11-02 08:09 1,419,232 --a------ c:\windows\system32\WdfCoInstaller01005.dll
2008-11-29 03:39 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-29 03:39 . 2008-06-13 03:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-29 03:39 . 2008-08-14 02:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-29 03:36 . 2004-08-04 02:00 572,557 -----c--- c:\windows\system32\dllcache\rtuner.wmv
2008-11-29 03:35 . 2008-04-13 16:12 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll
2008-11-29 03:35 . 2004-08-04 02:00 457,607 -----c--- c:\windows\system32\dllcache\mdlib.wmv
2008-11-29 03:35 . 2008-04-13 16:10 294,912 -----c--- c:\windows\system32\dllcache\msaud32.acm
2008-11-29 03:35 . 2004-08-04 02:00 97,117 -----c--- c:\windows\system32\dllcache\mplayer2.hlp
2008-11-29 03:35 . 2008-04-13 09:27 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2008-11-29 03:35 . 2004-08-04 02:00 22,060 -----c--- c:\windows\system32\dllcache\npds.zip
2008-11-29 03:35 . 2004-08-04 02:00 18,286 -----c--- c:\windows\system32\dllcache\mplayer2.inf
2008-11-29 03:35 . 2004-08-04 02:00 2,778 -----c--- c:\windows\system32\dllcache\mplogoh.gif
2008-11-29 03:35 . 2004-08-04 02:00 2,545 -----c--- c:\windows\system32\dllcache\mplogo.gif
2008-11-29 03:35 . 2004-08-04 02:00 1,885 -----c--- c:\windows\system32\dllcache\mplayer2.cnt
2008-11-29 03:35 . 2004-08-04 02:00 403 -----c--- c:\windows\system32\dllcache\npdrmv2.zip
2008-11-29 03:34 . 2008-04-13 16:09 290,816 -----c--- c:\windows\system32\dllcache\l3codeca.acm
2008-11-29 03:32 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-29 03:32 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-29 03:32 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-29 03:32 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-29 03:32 . 2008-05-01 06:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-29 03:32 . 2004-08-04 02:00 999 -----c--- c:\windows\system32\dllcache\bktrh.gif
2008-11-29 03:12 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-29 03:11 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-29 03:11 . 2008-05-08 06:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-29 02:42 . 2008-04-11 11:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-29 02:42 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-29 01:26 . 2008-12-18 19:45 <DIR> d-------- c:\windows\system32\drivers\NIS
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-29 01:26 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-29 01:26 . 2008-11-29 01:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-29 01:26 . 2008-11-29 01:26 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-29 01:26 . 2008-11-29 01:26 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-29 01:26 . 35,888 c:\windows\system32\drivers\SymIM.sys
2008-11-29 01:25 . 2008-11-29 01:25 <DIR> d-------- c:\program files\NortonInstaller
2008-11-29 01:25 . 2008-11-29 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-29 00:11 . 2007-05-18 08:45 172,032 --a------ c:\windows\system32\igfxres.dll
2008-11-29 00:10 . 2008-11-29 00:10 2,422 --a------ c:\windows\system32\wpa.bak
2008-11-28 23:56 . 2004-08-04 02:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex
2008-11-28 23:55 . 2008-04-13 16:09 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-28 23:54 . 2004-08-04 02:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll
2008-11-28 23:53 . 2004-08-04 02:00 169,984 --a--c--- c:\windows\system32\dllcache\iisui.dll
2008-11-28 23:53 . 2004-08-04 02:00 94,720 --a--c--- c:\windows\system32\dllcache\certmap.ocx
2008-11-28 23:53 . 2004-08-04 02:00 49,664 --a--c--- c:\windows\system32\dllcache\adrot.dll
2008-11-28 23:53 . 2004-08-04 02:00 19,968 --a--c--- c:\windows\system32\dllcache\inetsloc.dll
2008-11-28 23:53 . 2004-08-04 02:00 14,336 --a--c--- c:\windows\system32\dllcache\iisreset.exe
2008-11-28 23:53 . 2004-08-04 02:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe
2008-11-28 23:53 . 2004-08-04 02:00 7,168 --a--c--- c:\windows\system32\dllcache\wamregps.dll
2008-11-28 23:53 . 2004-08-04 02:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpsapi2.dll
2008-11-28 23:53 . 2004-08-04 02:00 6,144 --a--c--- c:\windows\system32\dllcache\admxprox.dll
2008-11-28 23:53 . 2004-08-04 02:00 5,632 --a--c--- c:\windows\system32\dllcache\iisrstap.dll
2008-11-28 23:53 . 2001-08-17 22:36 5,632 --a--c--- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2008-11-28 23:51 . 2004-08-04 02:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-28 23:51 . 2008-11-28 23:51 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-28 23:43 . 2008-11-25 08:35 303,104 --a------ c:\windows\stsystra.exe
2008-11-28 23:43 . 2008-11-25 08:35 90,112 --a------ c:\windows\system32\stacsv.exe
2008-11-28 22:23 . 2004-08-04 02:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2008-11-28 22:23 . 2004-08-04 02:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2008-11-28 22:23 . 2004-08-04 02:00 13,312 --a------ c:\windows\system32\irclass.dll
2008-11-28 22:23 . 2004-08-04 02:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2008-11-28 22:05 . 2004-08-04 02:00 3,374,640 --a--c--- c:\windows\system32\dllcache\tourW.exe
2008-11-28 22:04 . 2005-03-21 15:48 13,107,200 --a------ c:\windows\system32\oembios.bin
2008-11-28 22:03 . 2004-08-04 02:00 3,440,660 --a------ c:\windows\system32\drivers\gm.dls
2008-11-28 22:02 . 2008-04-13 16:11 2,091,520 --a------ c:\windows\system32\cdosys.dll
2008-11-28 14:13 . 2008-11-28 14:13 <DIR> d-------- c:\windows\dell
2008-11-25 21:12 . 2008-11-25 21:12 <DIR> d-------- c:\documents and settings\KO\DoctorWeb
2008-11-25 18:07 . 2008-11-25 18:07 145 --a------ C:\Shortcut to CD Drive.lnk
2008-11-25 08:07 . 2008-11-25 08:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-25 08:03 . 2008-11-26 00:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-24 22:07 . 2008-11-24 22:07 64 --a------ c:\windows\system32\edl.dat
2008-11-23 18:19 . 2008-11-23 18:19 <DIR> d-------- c:\documents and settings\KO\Application Data\Malwarebytes
2008-11-23 17:20 . 2008-11-23 17:20 <DIR> d-------- c:\documents and settings\John\Application Data\Malwarebytes
2008-11-23 17:20 . 2008-11-23 17:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-23 17:16 . 2008-11-29 01:26 <DIR> d-------- c:\program files\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 21:07 --------- d-----w c:\documents and settings\KO\Application Data\U3
2008-12-03 18:10 --------- d-----w c:\program files\Common Files\HP
2008-12-03 17:03 --------- d-----w c:\documents and settings\KO\Application Data\Image Zone Express
2008-11-29 18:48 --------- d-----w c:\program files\Apple Software Update
2008-11-29 18:46 --------- d-----w c:\program files\Real
2008-11-29 18:46 --------- d-----w c:\program files\Common Files\Real
2008-11-29 11:17 253,952 ----a-w c:\windows\Setup1.exe
2008-11-29 09:26 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-29 09:26 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-29 09:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-29 07:43 --------- d-----w c:\program files\Apoint
2008-11-24 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-24 00:48 --------- d-----w c:\program files\Yahoo!
2008-11-09 15:58 --------- d-----w c:\program files\Java
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot_2008-12-17_23.16.20.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-29 09:26:30 35,888 ----a-r c:\windows\LastGood\system32\DRIVERS\SymIM.sys
+ 2008-12-12 03:29:18 255,536 ----a-w c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys
+ 2008-11-29 09:26:30 362,544 ----a-w c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys
+ 2008-12-12 03:29:18 306,736 ----a-w c:\windows\system32\drivers\NIS\1002000.007\srtsp.sys
+ 2008-12-12 03:29:18 43,696 ----a-w c:\windows\system32\drivers\NIS\1002000.007\srtspx.sys
+ 2008-12-12 03:29:18 12,976 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symdns.sys
+ 2008-12-12 03:29:19 309,296 ----a-w c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys
+ 2008-12-12 03:29:19 89,904 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symfw.sys
+ 2008-12-12 03:29:19 34,608 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symids.sys
+ 2008-12-12 03:29:20 37,424 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symndis.sys
+ 2008-12-12 03:29:20 40,496 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symndisv.sys
+ 2008-12-12 03:29:20 24,624 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symredrv.sys
+ 2008-12-12 03:29:20 198,192 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symtdi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="stsystra.exe" [2008-11-25 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-06-12 50688]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS []
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1002000.007\ccHPx86.sys [2008-12-18 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081212.001\IDSxpx86.sys [2008-12-15 274808]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe" -service [2006-12-19 79432]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1 []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-29 99376]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCG-11CF-AAX5-81CX5C625612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - KO.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\KO\Application Data\Mozilla\Firefox\Profiles\55zkc9qf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 08:34:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1316)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
.
**************************************************************************
.
Completion time: 2008-12-19 8:38:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-19 16:37:55
ComboFix2.txt 2008-12-18 07:17:17
ComboFix3.txt 2008-12-10 16:47:19

Pre-Run: 60,110,053,376 bytes free
Post-Run: 60,161,568,768 bytes free

317 --- E O F --- 2008-12-13 11:02:05


---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:12 PM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SilkQuit Meter.lnk = C:\Program Files\valecam\SilkQuit\SilkQuit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227952653706
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7714 bytes

#14 dark messenger

dark messenger

  • Members
  • 1,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Auckland NZ
  • Local time:10:50 AM

Posted 21 December 2008 - 06:54 PM

Hi, we're almost done :thumbsup:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Also, plesae include a New HijackThis log in your next post.

#15 ko48

ko48
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 22 December 2008 - 10:42 AM

Hi there,

Below please find the Kaspersky scan report & a new Hijack This log. Looks like the bugger is still in there! *#(*$#

Thanks again for all your help.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 22, 2008 02:04:38
Records in database: 1498137
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 62357
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:28:12


File name / Threat name / Threats count
C:\Program Files\Wave Systems Corp\Dell Preboot Manager\temp\deleteusers.exe Infected: Packed.Win32.Krap.b 1

The selected area was scanned.

--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:15 AM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070612
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SilkQuit Meter.lnk = C:\Program Files\valecam\SilkQuit\SilkQuit.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227952653706
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 7747 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users