Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo virus removal help


  • This topic is locked This topic is locked
11 replies to this topic

#1 borz

borz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 05 December 2008 - 07:17 PM

I had to do this in Safe Mode as my computer freezes in the regular Windows.
This virus seems to not be removed! I have run virus removal programs many times, but it can't remove this.
The logs are long, sorry for this..

info.txt logfile of random's system information tool 1.04 2008-12-05 06:10:08

======Uninstall list======

-->"C:\Documents and Settings\All Users\Application Data\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe" REMOVE=TRUE MODIFY=FALSE
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ACR Detail PC Workbench 2.4(32-bit)-->C:\PROGRA~1\UNITEC~1\Detail32\UNWISE.EXE C:\PROGRA~1\UNITEC~1\Detail32\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Communications Inc.® L2 Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AutoCAD 2002-->MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AVPM-Setup-->MsiExec.exe /I{8A7B5873-D9A7-4C14-8BDB-1D8F2141D378}
Butterfly Fantasia Screen Saver-->C:\WINDOWS\system32\BUTTER~1.SCR /U
Byki Express-->"C:\Documents and Settings\All Users\Application Data\{AFD61B9C-946C-4129-B53C-E1C5D51A536D}\BYKI4Installer.exe" REMOVE=TRUE MODIFY=FALSE
Byki-->C:\Documents and Settings\All Users\Application Data\{AFD61B9C-946C-4129-B53C-E1C5D51A536D}\BYKI4Installer.exe
Camtasia-->C:\Program Files\TechSmith\Camtasia\CTuninst.EXE
Catalyst Media Center DVD Authoring Module-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Catalyst Media Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}
ColdFusion 4.0-->C:\WINDOWS\IsUninst.exe -fC:\CFUSION\BIN\Uninst.isu
Creative Centrale-->"C:\Documents and Settings\All Users\Application Data\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Creative Centrale-->C:\Documents and Settings\All Users\Application Data\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe
Creative PC-CAM Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 /remove
Creative Software Update-->C:\Documents and Settings\All Users\Application Data\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe
Creative WebCam Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 /remove
Creative WebCam Notebook Driver (1.04.01.0322)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1171.uns -unsext NT -plugin P1171Pin.dll -pluginres P1171Pin.crl
Creative WebCam Notebook User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Notebook\Creative WebCam Notebook User's Guide\English\CTManual.isu"
Creative ZEN X-Fi User's Guide-->"C:\Program Files\Creative\Creative ZEN X-Fi\UGRemove.exe" /Product_Name:ZENX-FI
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
Free Natural Text to Speech Reader 2008-->MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
FSX_Screensaver-->C:\Program Files\FSX_Screensaver\Uninstall.exe
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Home VPN Client 5.0.01.0600-->MsiExec.exe /I{BE0182D9-6F6B-49D6-85C4-630177802136}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB921411)-->"C:\WINDOWS\$NtUninstallKB921411$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ImageMixer for Sony-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kagaya Screen Saver-->C:\WINDOWS\system32\Kagaya.SCR /U
Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
MA111 Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B35E04CF-3A12-4F91-9981-ECF1915BCE76}\Setup.exe" -l0x9
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C# 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition - ENU\setup.exe
Microsoft Visual C# 2008 Express Edition - ENU-->MsiExec.exe /X{2D07422C-CA35-375A-A3A8-3631AB85BFE5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft XNA Framework Redistributable 3.0 (CTP)-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
Microsoft XNA Game Studio 3.0 (CTP) (ARP entry)-->MsiExec.exe /I{E1D78366-91DA-4AD0-B417-28155743CC22}
Microsoft XNA Game Studio 3.0 (CTP) (Redists)-->MsiExec.exe /I{0DC16794-7E69-4534-82FA-9DD0500FF338}
Microsoft XNA Game Studio 3.0 (CTP) (shared components)-->MsiExec.exe /I{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}
Microsoft XNA Game Studio 3.0 (CTP) (vcsexpress)-->MsiExec.exe /I{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}
Microsoft XNA Game Studio 3.0 (CTP) (xnaliveproxy)-->MsiExec.exe /I{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}
Microsoft XNA Game Studio 3.0 (CTP) Documentation-->MsiExec.exe /I{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}
Microsoft XNA Game Studio 3.0 (CTP)-->C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\Setup\Bootstrapper.exe
MicroStaff WINASPI-->C:\MWASPI\uninst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Recovery Tool-->"C:\Program Files\Creative\MP3 Player Recovery Tool\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NLVM v2.0 - English-->"C:\Program Files\NLVM\UninstallerData\Uninstall NLVM.exe"
ooVoo-->"C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x0009 -removeonly
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RapidPlayer v5.0 ActiveX Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C2F32D-C5DD-4583-8181-B48591CA231C}\Setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Screensavers.com Content-->"C:\Program Files\www_screensavers_com\www_screensavers_comUninst.exe"
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 8 (KB951804)-->"C:\WINDOWS\ie8updates\KB951804-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB953838)-->"C:\WINDOWS\ie8updates\KB953838-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Tranquil - Waterfalls Screen Saver-->C:\WINDOWS\Tranquil - Waterfalls.scr /u
TubeTilla-->MsiExec.exe /X{5701A652-0DCF-40FE-8040-5C09368EEFD6}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB946501-v2)-->"C:\WINDOWS\$NtUninstallKB946501-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB Video Driver-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (04/27/2007 5.7.0427.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_5584113EC0BFC08E204AA87B6E5C6B347EE096AE\embda.inf
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (04/27/2007 5.7.0427.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_5584113EC0BFC08E204AA87B6E5C6B347EE096AE\emaudio.inf
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Hotfix [See Q828026 for more information]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! uC-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Security center information======

AV: Avira AntiVir PersonalEdition
AV: avast! antivirus 4.8.1296 [VPS 081204-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"XNAGSShared"=C:\Program Files\Common Files\Microsoft Shared\XNA\
"XNAGSv3"=C:\Program Files\Microsoft XNA\XNA Game Studio\v3.0\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-05 06:09:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 53 GB (53%) free of 100 GB
Total RAM: 1015 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:06 AM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {2D7E6A6F-0FB9-4EB9-B5A7-0FB180BB84B4} - C:\WINDOWS\system32\wvUNdaXO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {6cc6} - {54351fed-ed6a-401b-be0f-a430dcc73980} - C:\WINDOWS\system32\lehkdu.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXPiihH.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {74f85b04-dae2-ace9-5fd4-c1eda5c9081b} - {b1809c5a-de1c-4df5-9eca-2ead40b58f47} - C:\WINDOWS\system32\seffvu.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [CMCService] "C:\Program Files\ATI\Catalyst Media Center\CMCService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\Aya\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [c071a3c3] rundll32.exe "C:\WINDOWS\system32\svggbssj.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: seffvu.dll
O20 - Winlogon Notify: cbXPiihH - cbXPiihH.dll (file missing)
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: Cold Fusion Application Server - Allaire - C:\CFUSION\bin\cfserver.exe
O23 - Service: Cold Fusion Executive - Allaire - C:\CFUSION\bin\cfexec.exe
O23 - Service: Cold Fusion RDS - Allaire Corporation - C:\CFUSION\bin\CFRDSService.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11944 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{319869CE-43C0-4CDC-AF93-191226917A0A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D7E6A6F-0FB9-4EB9-B5A7-0FB180BB84B4}]
C:\WINDOWS\system32\wvUNdaXO.dll [2008-11-29 318464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2002-01-01 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54351fed-ed6a-401b-be0f-a430dcc73980}]
C:\WINDOWS\system32\lehkdu.dll [2008-12-04 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\cbXPiihH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-03-17 2193280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-14 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1809c5a-de1c-4df5-9eca-2ead40b58f47}]
C:\WINDOWS\system32\seffvu.dll [2008-12-05 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! uC - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-17 2193280]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-05 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-05 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-10-05 94208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-04-04 1822720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2002-01-01 185896]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2003-10-13 184320]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-03-06 286720]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-06 98304]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-21 266497]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2008-09-12 160160]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"DNS7reminder"=C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2006-11-27 255528]
"CMCService"=C:\Program Files\ATI\Catalyst Media Center\CMCService.exe [2007-08-02 172032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"prunnet"=C:\WINDOWS\system32\prunnet.exe []
"IUpd721"=C:\Documents and Settings\Aya\Application Data\NI.GSCNS\IUpd721.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll []
"c071a3c3"=C:\WINDOWS\system32\svggbssj.dll [2008-12-05 72704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe []
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe [2008-03-24 218496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="seffvu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXPiihH]
cbXPiihH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-05 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\cbXPiihH.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUNdaXO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Abdllah\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Abdllah\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Documents and Settings\Mom\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Mom\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Disabled:PowerSoccer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Disabled:ArmyOps"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\SETUP.EXE /s


======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-12-05 06:09:56 ----D---- C:\rsit
2008-12-05 06:09:56 ----D---- C:\Program Files\trend micro
2008-12-05 05:30:03 ----SH---- C:\WINDOWS\system32\jssbggvs.ini
2008-12-05 05:29:59 ----A---- C:\WINDOWS\system32\svggbssj.dll
2008-12-05 05:27:01 ----A---- C:\WINDOWS\system32\seffvu.dll
2008-12-05 05:27:00 ----A---- C:\WINDOWS\system32\yiijncqu.dll
2008-12-04 16:33:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Nuance
2008-12-04 16:31:36 ----D---- C:\Documents and Settings\Administrator\Application Data\ooVoo Details
2008-12-04 16:23:12 ----SHD---- C:\WINDOWS\CSC
2008-12-04 02:31:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-04 02:31:55 ----D---- C:\Program Files\Alwil Software
2008-12-04 02:09:08 ----A---- C:\WINDOWS\system32\dkymvu.dll
2008-12-04 02:09:07 ----A---- C:\WINDOWS\system32\odwjgvdg.dll
2008-12-04 01:08:11 ----A---- C:\WINDOWS\system32\rcvbyg.dll
2008-12-04 01:08:10 ----A---- C:\WINDOWS\system32\foqgancp.dll
2008-12-04 01:05:12 ----ASH---- C:\WINDOWS\system32\unoeudmg.ini
2008-12-04 01:02:11 ----A---- C:\WINDOWS\system32\lehkdu.dll
2008-12-04 01:02:10 ----A---- C:\WINDOWS\system32\lnfsvkky.dll
2008-11-30 22:17:59 ----ASH---- C:\WINDOWS\system32\whbodogk.ini
2008-11-30 22:15:00 ----A---- C:\WINDOWS\system32\vhautl.dll
2008-11-30 22:14:59 ----A---- C:\WINDOWS\system32\shalyait.dll
2008-11-29 12:37:21 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 11:11:54 ----ASH---- C:\WINDOWS\system32\tgjwuhxn.ini
2008-11-29 11:09:36 ----A---- C:\WINDOWS\system32\cb5267bd-.txt
2008-11-29 11:08:50 ----ASH---- C:\WINDOWS\system32\OXadNUvw.ini2
2008-11-29 11:08:50 ----ASH---- C:\WINDOWS\system32\OXadNUvw.ini
2008-11-29 11:08:47 ----A---- C:\WINDOWS\system32\wvUNdaXO.dll
2008-11-24 23:10:03 ----D---- C:\Program Files\Common Files\Apple
2008-11-24 23:09:30 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-24 23:08:40 ----D---- C:\Program Files\Apple Software Update
2008-11-24 23:08:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-23 18:47:32 ----A---- C:\WINDOWS\system32\TDSSobam.dll
2008-11-22 09:20:53 ----HD---- C:\Documents and Settings\All Users\Application Data\{AFD61B9C-946C-4129-B53C-E1C5D51A536D}
2008-11-22 09:20:49 ----D---- C:\Program Files\Transparent
2008-11-22 09:20:49 ----D---- C:\Documents and Settings\All Users\Application Data\Transparent
2008-11-22 08:56:46 ----HD---- C:\System
2008-11-22 08:56:46 ----D---- C:\Documents
2008-11-22 08:56:45 ----RA---- C:\LaunchU3.exe
2008-11-15 21:27:30 ----A---- C:\WINDOWS\system32\tsccvid.dll
2008-11-15 21:27:29 ----D---- C:\Program Files\TechSmith
2008-11-15 21:27:29 ----A---- C:\WINDOWS\system32\Camtasia.dll
2008-11-15 20:54:13 ----A---- C:\WINDOWS\system32\lmdimon8.dll
2008-11-15 20:53:54 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2008-11-15 20:51:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-15 20:43:58 ----D---- C:\Program Files\Citrix
2008-11-15 20:40:31 ----D---- C:\Program Files\Common Files\XStream
2008-11-14 23:15:04 ----D---- C:\graphedit
2008-11-14 22:19:22 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-11-14 22:18:40 ----D---- C:\Program Files\CyberLink
2008-11-06 17:53:24 ----A---- C:\WINDOWS\system32\AVERM.dll
2008-11-06 17:53:24 ----A---- C:\WINDOWS\system32\AVEQT.dll

======List of files/folders modified in the last 1 months======

2008-12-05 06:09:56 ----RD---- C:\Program Files
2008-12-05 05:30:03 ----D---- C:\WINDOWS\system32
2008-12-04 21:57:51 ----D---- C:\Program Files\Mozilla Firefox
2008-12-04 21:56:09 ----D---- C:\WINDOWS\Prefetch
2008-12-04 18:28:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 17:55:00 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-12-04 16:23:12 ----D---- C:\WINDOWS
2008-12-04 02:53:53 ----D---- C:\WINDOWS\system32\config
2008-12-04 02:32:22 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 20:18:22 ----HD---- C:\WINDOWS\inf
2008-11-29 18:41:53 ----SD---- C:\WINDOWS\Tasks
2008-11-29 11:03:59 ----D---- C:\temp
2008-11-28 13:15:52 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-28 13:15:38 ----D---- C:\Program Files\Google
2008-11-26 21:09:34 ----SHD---- C:\System Volume Information
2008-11-24 23:11:02 ----SHD---- C:\WINDOWS\Installer
2008-11-24 23:10:53 ----D---- C:\Program Files\QuickTime
2008-11-24 23:10:03 ----D---- C:\Program Files\Common Files
2008-11-22 09:20:56 ----RSD---- C:\WINDOWS\Fonts
2008-11-22 07:45:07 ----D---- C:\Program Files\Finale NotePad 2009
2008-11-22 07:42:59 ----D---- C:\Program Files\NoLimits Coasters Demo v1.55
2008-11-21 18:32:01 ----A---- C:\WINDOWS\demdata.txt
2008-11-20 19:49:06 ----D---- C:\WINDOWS\Help
2008-11-15 20:54:11 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-15 20:54:11 ----D---- C:\Program Files\DIFX
2008-11-15 20:54:04 ----D---- C:\Program Files\Microsoft Office
2008-11-15 20:54:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-15 20:51:34 ----D---- C:\Program Files\Common Files\Adobe
2008-11-15 20:51:32 ----D---- C:\WINDOWS\WinSxS
2008-11-15 20:51:24 ----D---- C:\Program Files\Adobe
2008-11-15 20:40:32 ----D---- C:\Program Files\Internet Explorer
2008-11-14 22:18:39 ----D---- C:\Program Files\ATI
2008-11-14 22:16:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-06 17:53:09 ----D---- C:\Program Files\Common Files\Download Manager

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 29696]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
S2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
S2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
S3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2007-08-21 706048]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-05 1181824]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver; C:\WINDOWS\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NETGEAR_MA111;NETGEAR 802.11b MA111 Driver; C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2003-08-29 644608]
S3 P1171VID;Creative WebCam Notebook #2; C:\WINDOWS\system32\DRIVERS\P1171Vid.sys [2004-03-18 91392]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USB28xxBGA;ATI TV Wonder 600 USB 2.0; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-05-16 459520]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-05-16 39808]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirScheduler;Avira AntiVir Personal Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
S2 AntiVirService;Avira AntiVir Personal Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe [2007-08-02 262239]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe [2007-08-02 110685]
S2 Cold Fusion Application Server;Cold Fusion Application Server; C:\CFUSION\bin\cfserver.exe [1999-04-09 3662848]
S2 Cold Fusion Executive;Cold Fusion Executive; C:\CFUSION\bin\cfexec.exe [1999-04-09 373760]
S2 Cold Fusion RDS;Cold Fusion RDS; C:\CFUSION\bin\CFRDSService.exe [1999-04-09 1488896]
S2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
S2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
S2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe [2007-08-02 1073152]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2002-01-01 66872]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
S2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2008-09-12 5119392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 13 December 2008 - 06:18 AM

Hello, sorry for our late reply. If you still need help, please run RSIT again and post the fresh RSIT log.txt here for my review..



Regards
fenzodahl512

Edited by fenzodahl512, 13 December 2008 - 06:20 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 borz

borz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 13 December 2008 - 12:30 PM

Thank you for replying! Here is the log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2002-01-01 20:05:20
Microsoft Windows XP Professional Service Pack 2
System drive C: has 53 GB (53%) free of 100 GB
Total RAM: 1015 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:26 PM, on 1/1/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {00944c91-5c6e-6d2b-bec4-4167ac6d7273} - {3727d6ca-7614-4ceb-b2d6-e6c519c44900} - C:\WINDOWS\system32\qswtbo.dll
O2 - BHO: {6cc6} - {54351fed-ed6a-401b-be0f-a430dcc73980} - C:\WINDOWS\system32\lehkdu.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7CAB59B4-55A3-4737-9FD5-B93C6430BF78} - C:\WINDOWS\system32\okvnnpis.dll
O2 - BHO: (no name) - {92ACF506-529D-43E9-B097-2CA6AED5A11F} - C:\WINDOWS\system32\wvUNdaXO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {c76f255b-4af4-4ac1-a09c-c9b6fdd99b4a} - C:\WINDOWS\system32\jimaneno.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [CMCService] "C:\Program Files\ATI\Catalyst Media Center\CMCService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\Aya\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [masohovopi] Rundll32.exe "C:\WINDOWS\system32\weluyotu.dll",s
O4 - HKLM\..\Run: [c071a3c3] rundll32.exe "C:\WINDOWS\system32\cjhsykuf.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
O4 - HKUS\S-1-5-19\..\Run: [masohovopi] Rundll32.exe "C:\WINDOWS\system32\weluyotu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [masohovopi] Rundll32.exe "C:\WINDOWS\system32\weluyotu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BDARemote.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\WINDOWS\system32\mesekewi.dll qswtbo.dll
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: Cold Fusion Application Server - Allaire - C:\CFUSION\bin\cfserver.exe
O23 - Service: Cold Fusion Executive - Allaire - C:\CFUSION\bin\cfexec.exe
O23 - Service: Cold Fusion RDS - Allaire Corporation - C:\CFUSION\bin\CFRDSService.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 12347 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{319869CE-43C0-4CDC-AF93-191226917A0A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2002-01-01 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3727d6ca-7614-4ceb-b2d6-e6c519c44900}]
C:\WINDOWS\system32\qswtbo.dll [2002-01-01 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54351fed-ed6a-401b-be0f-a430dcc73980}]
C:\WINDOWS\system32\lehkdu.dll [2008-12-04 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CAB59B4-55A3-4737-9FD5-B93C6430BF78}]
C:\WINDOWS\system32\okvnnpis.dll [2002-01-01 116224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92ACF506-529D-43E9-B097-2CA6AED5A11F}]
C:\WINDOWS\system32\wvUNdaXO.dll [2008-11-29 318464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-03-17 2193280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-14 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c76f255b-4af4-4ac1-a09c-c9b6fdd99b4a}]
C:\WINDOWS\system32\jimaneno.dll [65535-65535-31889 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! uC - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-17 2193280]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-10-05 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-10-05 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-10-05 94208]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-04-04 1822720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2002-01-01 185896]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [2003-10-13 184320]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-03-06 286720]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-06 98304]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-21 266497]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2008-09-12 160160]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"DNS7reminder"=C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2006-11-27 255528]
"CMCService"=C:\Program Files\ATI\Catalyst Media Center\CMCService.exe [2007-08-02 172032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"prunnet"=C:\WINDOWS\system32\prunnet.exe []
"IUpd721"=C:\Documents and Settings\Aya\Application Data\NI.GSCNS\IUpd721.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"masohovopi"=C:\WINDOWS\system32\weluyotu.dll [65535-65535-31889 61440]
"c071a3c3"=C:\WINDOWS\system32\cjhsykuf.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe []
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe [2008-03-24 218496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BDARemote.lnk - C:\Program Files\USB TV\EM28XX\BDARemote.exe
MA111 Configuration Utility.lnk - C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\WINDOWS\system32\mesekewi.dll qswtbo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-05 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUNdaXO
"notification packages"=scecli
C:\WINDOWS\system32\mesekewi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Abdllah\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Abdllah\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\Documents and Settings\Mom\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Mom\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Disabled:PowerSoccer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Disabled:ArmyOps"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\SETUP.EXE /s


======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\weluyotu.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\mesekewi.dll
65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jimaneno.dll
2008-12-11 05:15:22 ----ASH---- C:\WINDOWS\system32\vqnvvmib.ini
2008-12-11 05:15:19 ----A---- C:\WINDOWS\system32\bimvvnqv.dll
2008-12-11 05:12:20 ----A---- C:\WINDOWS\system32\frzmhk.dll
2008-12-11 05:12:19 ----A---- C:\WINDOWS\system32\mlasbjep.dll
2008-12-08 09:25:49 ----A---- C:\WINDOWS\system32\tfvkod.dll
2008-12-08 09:25:48 ----A---- C:\WINDOWS\system32\hcovbomm.dll
2008-12-08 09:22:50 ----ASH---- C:\WINDOWS\system32\hlsdpwou.ini
2008-12-08 09:22:47 ----A---- C:\WINDOWS\system32\uowpdslh.dll
2008-12-07 16:53:31 ----A---- C:\WINDOWS\system32\puxmst.dll
2008-12-07 16:53:30 ----A---- C:\WINDOWS\system32\obfkpsfy.dll
2008-12-07 16:51:34 ----A---- C:\WINDOWS\system32\uxfvuluy.dll
2008-12-06 23:08:22 ----D---- C:\VundoFix Backups
2008-12-06 23:08:22 ----A---- C:\VundoFix.txt
2008-12-06 12:56:15 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-12-06 11:45:48 ----A---- C:\WINDOWS\system32\iktgvg.dll
2008-12-06 11:45:47 ----A---- C:\WINDOWS\system32\mrvjtnbi.dll
2008-12-06 11:43:35 ----ASH---- C:\WINDOWS\system32\xbggsclp.ini
2008-12-05 07:40:11 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-12-05 06:09:56 ----D---- C:\rsit
2008-12-05 06:09:56 ----D---- C:\Program Files\trend micro
2008-12-05 05:30:03 ----ASH---- C:\WINDOWS\system32\jssbggvs.ini
2008-12-05 05:29:59 ----A---- C:\WINDOWS\system32\svggbssj.dll
2008-12-05 05:27:01 ----A---- C:\WINDOWS\system32\seffvu.dll
2008-12-05 05:27:00 ----A---- C:\WINDOWS\system32\yiijncqu.dll
2008-12-04 16:33:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Nuance
2008-12-04 16:31:36 ----D---- C:\Documents and Settings\Administrator\Application Data\ooVoo Details
2008-12-04 16:23:12 ----SHD---- C:\WINDOWS\CSC
2008-12-04 02:31:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-04 02:31:55 ----D---- C:\Program Files\Alwil Software
2008-12-04 02:09:08 ----A---- C:\WINDOWS\system32\dkymvu.dll
2008-12-04 02:09:07 ----A---- C:\WINDOWS\system32\odwjgvdg.dll
2008-12-04 01:08:11 ----A---- C:\WINDOWS\system32\rcvbyg.dll
2008-12-04 01:08:10 ----A---- C:\WINDOWS\system32\foqgancp.dll
2008-12-04 01:05:12 ----ASH---- C:\WINDOWS\system32\unoeudmg.ini
2008-12-04 01:02:11 ----A---- C:\WINDOWS\system32\lehkdu.dll
2008-12-04 01:02:10 ----A---- C:\WINDOWS\system32\lnfsvkky.dll
2008-11-30 22:17:59 ----ASH---- C:\WINDOWS\system32\whbodogk.ini
2008-11-30 22:15:00 ----A---- C:\WINDOWS\system32\vhautl.dll
2008-11-30 22:14:59 ----A---- C:\WINDOWS\system32\shalyait.dll
2008-11-29 12:37:21 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-29 11:11:54 ----ASH---- C:\WINDOWS\system32\tgjwuhxn.ini
2008-11-29 11:09:36 ----A---- C:\WINDOWS\system32\cb5267bd-.txt
2008-11-29 11:08:50 ----ASH---- C:\WINDOWS\system32\OXadNUvw.ini2
2008-11-29 11:08:50 ----ASH---- C:\WINDOWS\system32\OXadNUvw.ini
2008-11-29 11:08:47 ----A---- C:\WINDOWS\system32\wvUNdaXO.dll
2008-11-24 23:10:03 ----D---- C:\Program Files\Common Files\Apple
2008-11-24 23:09:30 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-24 23:08:40 ----D---- C:\Program Files\Apple Software Update
2008-11-24 23:08:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-23 18:47:32 ----A---- C:\WINDOWS\system32\TDSSobam.dll
2008-11-22 09:20:53 ----HD---- C:\Documents and Settings\All Users\Application Data\{AFD61B9C-946C-4129-B53C-E1C5D51A536D}
2008-11-22 09:20:49 ----D---- C:\Program Files\Transparent
2008-11-22 09:20:49 ----D---- C:\Documents and Settings\All Users\Application Data\Transparent
2008-11-22 08:56:46 ----HD---- C:\System
2008-11-22 08:56:46 ----D---- C:\Documents
2008-11-22 08:56:45 ----RA---- C:\LaunchU3.exe
2008-11-15 21:27:30 ----A---- C:\WINDOWS\system32\tsccvid.dll
2008-11-15 21:27:29 ----D---- C:\Program Files\TechSmith
2008-11-15 21:27:29 ----A---- C:\WINDOWS\system32\Camtasia.dll
2008-11-15 20:54:13 ----A---- C:\WINDOWS\system32\lmdimon8.dll
2008-11-15 20:53:54 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2008-11-15 20:51:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-15 20:43:58 ----D---- C:\Program Files\Citrix
2008-11-15 20:40:31 ----D---- C:\Program Files\Common Files\XStream
2008-11-14 23:15:04 ----D---- C:\graphedit
2008-11-14 22:19:22 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-11-14 22:18:40 ----D---- C:\Program Files\CyberLink
2008-11-06 17:53:24 ----A---- C:\WINDOWS\system32\AVERM.dll
2008-11-06 17:53:24 ----A---- C:\WINDOWS\system32\AVEQT.dll
2008-10-25 14:35:28 ----A---- C:\WINDOWS\wddb32.ini
2008-10-25 14:35:24 ----D---- C:\Program Files\Unitech Systems
2008-10-19 13:21:17 ----D---- C:\Program Files\Red Kawa
2008-10-09 20:50:36 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-10-09 20:47:52 ----D---- C:\Program Files\ATI Technologies
2008-10-09 11:58:48 ----A---- C:\WINDOWS\GraphEdt.INI
2008-10-08 19:54:21 ----D---- C:\Dragon
2008-10-08 18:10:16 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2008-10-08 18:09:15 ----D---- C:\Program Files\DIFX
2008-10-08 18:09:14 ----A---- C:\WINDOWS\emMON.exe
2008-10-08 18:09:11 ----D---- C:\Program Files\USB TV
2008-10-08 18:08:31 ----D---- C:\Documents and Settings\All Users\Application Data\Cyberlink
2008-10-08 18:08:02 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-10-08 18:07:45 ----A---- C:\WINDOWS\system32\MFC71u.dll
2008-10-08 18:07:45 ----A---- C:\WINDOWS\system32\atl71.dll
2008-10-08 18:07:42 ----D---- C:\Program Files\ATI
2008-10-07 16:37:39 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-07 16:36:58 ----D---- C:\Program Files\Common Files\AVSMedia
2008-10-07 16:36:55 ----A---- C:\WINDOWS\system32\msvcp70.dll
2008-10-07 16:36:55 ----A---- C:\WINDOWS\system32\mfc70.dll
2008-10-07 16:36:54 ----D---- C:\Program Files\AVS4YOU
2008-10-07 16:36:54 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2008-10-06 14:54:49 ----D---- C:\Program Files\IrfanView
2008-10-06 12:07:52 ----D---- C:\RedHat
2008-10-05 11:00:25 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-05 10:58:45 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2008-10-05 10:58:45 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-10-05 10:58:43 ----D---- C:\Program Files\Common Files\Nuance
2008-10-05 10:58:13 ----D---- C:\Program Files\Nuance
2008-10-05 10:58:13 ----D---- C:\Documents and Settings\All Users\Application Data\Nuance
2008-10-05 10:58:09 ----D---- C:\WINDOWS\speech
2008-10-02 11:42:54 ----A---- C:\WINDOWS\demdata.txt
2008-10-02 11:34:35 ----D---- C:\PSFONTS
2008-10-02 11:34:16 ----D---- C:\Program Files\Finale NotePad 2009
2008-09-26 16:53:42 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-18 18:32:19 ----HDC---- C:\WINDOWS\$NtUninstallwinusb0100$
2008-09-18 18:31:34 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$
2008-09-18 18:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2008-09-18 18:15:19 ----A---- C:\WINDOWS\system32\imapi2fs.dll
2008-09-18 18:15:19 ----A---- C:\WINDOWS\system32\imapi2.dll
2008-09-16 15:20:24 ----D---- C:\Program Files\Common Files\SourceTec
2008-09-16 15:20:23 ----D---- C:\Program Files\SourceTec
2008-09-12 17:48:22 ----A---- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-09-12 17:46:32 ----A---- C:\WINDOWS\system32\ZuneBusEnum.exe
2008-09-12 17:32:14 ----A---- C:\WINDOWS\system32\ZuneTcp2Udp.dll
2008-09-12 17:32:12 ----A---- C:\WINDOWS\system32\ZuneRegUtil.dll
2008-09-12 17:32:12 ----A---- C:\WINDOWS\system32\ZunePTDNS.dll
2008-09-12 17:32:10 ----A---- C:\WINDOWS\system32\ZuneNetProxy.dll
2008-09-10 16:10:00 ----D---- C:\WINDOWS\Tranquil - Waterfalls dir
2008-09-10 16:10:00 ----A---- C:\WINDOWS\impborl.dll
2008-09-10 16:10:00 ----A---- C:\WINDOWS\flashax.exe
2008-09-10 16:03:40 ----A---- C:\WINDOWS\system32\readme.txt
2008-09-10 16:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 16:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-04 18:18:21 ----D---- C:\My Downloads
2008-08-27 15:19:00 ----A---- C:\WINDOWS\system32\WUDFUpdate_01007.dll
2008-08-27 15:19:00 ----A---- C:\WINDOWS\system32\WinUSBCoInstaller.dll
2008-08-24 14:40:42 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-08-24 14:40:42 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-08-24 14:40:42 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-08-24 14:40:42 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-08-24 14:40:42 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-08-24 14:40:42 ----A---- C:\WINDOWS\system32\px.dll
2008-08-24 14:40:25 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-08-18 19:33:14 ----D---- C:\Downloads
2008-08-18 18:51:42 ----A---- C:\WINDOWS\cdplayer.ini
2008-08-15 22:22:35 ----D---- C:\GAMES
2008-08-15 21:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-15 20:11:20 ----D---- C:\Program Files\NoLimits Coasters Demo v1.55
2008-08-01 10:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-01 10:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-01 10:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-01 10:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-01 10:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-01 10:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-01 10:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-07-10 15:07:17 ----D---- C:\Program Files\Common Files\Wextech Shared
2008-07-10 15:06:45 ----D---- C:\Program Files\Common Files\Autodesk Shared
2008-07-10 15:06:45 ----D---- C:\Program Files\AutoCAD 2002
2008-07-09 13:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-07-09 13:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-08 00:04:52 ----D---- C:\Program Files\Skype
2008-07-08 00:04:52 ----D---- C:\Program Files\Common Files\Skype
2008-07-04 01:57:21 ----D---- C:\Program Files\QuickTime
2008-07-03 23:37:44 ----D---- C:\Program Files\DivX
2008-06-25 16:01:02 ----D---- C:\WINDOWS\ie8updates
2008-06-23 12:33:00 ----D---- C:\Program Files\HyCam2
2008-06-21 22:01:03 ----D---- C:\Program Files\BearShare Applications
2008-06-21 21:56:24 ----D---- C:\Program Files\iMesh Applications
2008-06-21 21:19:16 ----D---- C:\Documents and Settings\All Users\Application Data\Launcher
2008-06-20 16:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-18 18:04:17 ----A---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-18 18:04:15 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-06-18 17:45:03 ----D---- C:\Movavi files
2008-06-18 14:51:46 ----D---- C:\Program Files\MyPublisher
2008-06-14 16:50:03 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-06-14 16:50:02 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-06-14 16:49:56 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-06-14 16:49:56 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-06-14 16:49:55 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-06-14 16:49:55 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-06-14 16:49:54 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-06-14 16:49:54 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-06-14 16:49:54 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-06-14 16:49:52 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-06-14 16:45:40 ----D---- C:\Program Files\Microsoft Games
2008-06-14 10:28:39 ----D---- C:\Program Files\FSX_Screensaver
2008-06-13 16:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-13 16:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-13 16:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-13 16:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-10 18:04:26 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-06-10 18:04:26 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-05-13 13:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-05-03 16:26:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-28 14:36:38 ----D---- C:\WINDOWS\Internet Logs
2008-04-28 14:34:04 ----D---- C:\Program Files\Compapps
2008-04-28 14:33:46 ----AC---- C:\WINDOWS\system32\dneinobj.dll
2008-04-28 14:33:37 ----D---- C:\Program Files\Common Files\Deterministic Networks
2008-04-28 14:33:36 ----D---- C:\Program Files\Cisco Systems
2008-04-28 14:33:28 ----HD---- C:\Program Files\SELFHEAL
2008-04-17 18:11:06 ----A---- C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-10 16:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB948881$
2008-04-10 16:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-04-10 16:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-04-10 16:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-04-10 09:23:07 ----AC---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-04-10 09:22:44 ----AC---- C:\WINDOWS\Irremote.ini
2008-04-10 09:01:14 ----D---- C:\Program Files\Mozilla Firefox
2008-03-17 20:14:42 ----A---- C:\WINDOWS\system32\muweb.dll
2008-03-17 20:14:42 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 20:14:42 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-03-17 15:19:01 ----D---- C:\WINDOWS\Sun
2008-03-17 15:15:37 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-03-17 15:15:36 ----D---- C:\Program Files\Google
2008-03-17 15:15:26 ----A---- C:\WINDOWS\system32\javaws.exe
2008-03-17 15:15:26 ----A---- C:\WINDOWS\system32\javaw.exe
2008-03-17 15:15:26 ----A---- C:\WINDOWS\system32\java.exe
2008-03-16 17:57:42 ----D---- C:\Program Files\MSXML 4.0
2008-03-15 16:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-03-15 15:49:04 ----D---- C:\temp
2008-03-15 15:48:51 ----D---- C:\Program Files\PQDVD
2008-03-15 14:42:23 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-03-15 14:19:02 ----D---- C:\Program Files\NeroInstall.bak
2008-03-15 14:18:20 ----AC---- C:\WINDOWS\system32\MsiExec.exe.log
2008-03-15 14:17:08 ----D---- C:\Program Files\Common Files\Nero
2008-03-15 14:17:08 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-15 14:16:27 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-03-15 14:16:24 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-03-14 14:27:42 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-03-14 14:27:00 ----D---- C:\Program Files\Microsoft Works
2008-03-14 14:26:53 ----D---- C:\Program Files\MSBuild
2008-03-14 14:26:41 ----D---- C:\Program Files\Microsoft Visual Studio
2008-03-14 14:26:41 ----D---- C:\Program Files\Common Files\DESIGNER
2008-03-14 14:26:10 ----D---- C:\Program Files\Microsoft.NET
2008-03-14 14:23:24 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-03-14 14:22:41 ----D---- C:\WINDOWS\SHELLNEW
2008-03-14 14:22:22 ----D---- C:\Program Files\Microsoft Office
2008-03-14 14:22:22 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-14 14:22:01 ----RHD---- C:\MSOCache
2008-03-12 00:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-03-12 00:26:44 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-03-12 00:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-03-12 00:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-03-12 00:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-03-12 00:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-03-12 00:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-03-12 00:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-03-12 00:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-03-12 00:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-03-12 00:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-03-12 00:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-03-12 00:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-03-12 00:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-03-12 00:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-03-12 00:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-03-12 00:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-03-12 00:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-03-12 00:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-03-12 00:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-03-12 00:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-03-12 00:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-03-12 00:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-03-12 00:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-03-12 00:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-03-12 00:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-03-12 00:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-03-12 00:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-03-12 00:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-03-12 00:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-03-12 00:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-03-12 00:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2008-03-12 00:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-03-12 00:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-03-12 00:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2008-03-12 00:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-03-12 00:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-03-12 00:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-03-12 00:24:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-03-12 00:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-03-12 00:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-03-12 00:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-03-12 00:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-03-12 00:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-03-12 00:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-03-12 00:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-03-12 00:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-03-12 00:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-03-12 00:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-03-12 00:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-03-12 00:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-03-12 00:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-03-12 00:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-03-12 00:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-03-12 00:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-03-12 00:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-03-12 00:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-03-12 00:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-03-12 00:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-03-12 00:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-03-12 00:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-03-12 00:22:40 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2008-03-12 00:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-03-12 00:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-03-12 00:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-03-12 00:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-03-12 00:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-03-12 00:22:12 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-03-12 00:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-03-12 00:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-03-12 00:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-03-12 00:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-03-12 00:21:53 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-03-12 00:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-03-12 00:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-03-12 00:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-03-12 00:21:39 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-03-12 00:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2008-03-12 00:21:33 ----AC---- C:\WINDOWS\system32\wmpns.dll
2008-03-12 00:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-03-12 00:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-03-12 00:21:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-03-12 00:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-03-12 00:21:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-03-12 00:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-03-12 00:20:55 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-03-11 17:00:16 ----D---- C:\WINDOWS\system32\PreInstall
2008-03-11 17:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-03-08 14:27:28 ----HDC---- C:\WINDOWS\$NtUninstallQ828026$
2008-03-08 14:19:06 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-03-08 13:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-03-08 13:28:43 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-03-08 13:28:40 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-03-08 13:28:32 ----D---- C:\Program Files\Windows Media Connect 2
2008-03-08 13:28:25 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-03-08 13:28:01 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-03-08 13:27:48 ----D---- C:\WINDOWS\system32\LogFiles
2008-03-08 13:27:43 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-03-08 12:18:59 ----D---- C:\WINDOWS\WBEM
2008-03-08 12:18:19 ----HDC---- C:\WINDOWS\ie8
2008-03-08 12:18:19 ----D---- C:\WINDOWS\system32\en-US
2008-03-08 12:17:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946501-v2$
2008-03-08 12:16:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-03-03 20:01:22 ----AC---- C:\WINDOWS\system32\msfeedsbs.dll
2008-03-03 20:01:22 ----AC---- C:\WINDOWS\system32\msfeeds.dll
2008-03-03 20:01:22 ----AC---- C:\WINDOWS\system32\ieui.dll
2008-03-03 20:01:22 ----A---- C:\WINDOWS\system32\IESetting.dll
2008-03-03 20:01:22 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-03-03 20:01:08 ----AC---- C:\WINDOWS\system32\ieframe.dll.mui
2008-03-03 20:00:00 ----AC---- C:\WINDOWS\system32\advpack.dll.mui
2008-03-03 19:53:08 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-03-03 19:51:46 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-03-03 19:50:46 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2008-03-03 19:50:40 ----AC---- C:\WINDOWS\system32\icardie.dll
2008-03-03 19:50:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-03-03 19:34:48 ----AC---- C:\WINDOWS\system32\ieapfltr.dll
2008-03-03 17:26:52 ----SHD---- C:\$RECYCLE.BIN
2008-03-03 15:09:36 ----RAS---- C:\BOOTSECT.BAK
2008-03-03 15:09:36 ----H---- C:\Boot.BAK
2008-03-03 15:09:33 ----SHD---- C:\Boot
2008-03-03 14:58:49 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-03-03 14:58:32 ----D---- C:\Program Files\WinRAR
2008-03-02 20:33:51 ----SHD---- C:\RECYCLER
2008-03-02 18:49:28 ----RA---- C:\WINDOWS\system32\ChCfg.exe
2008-03-02 18:48:58 ----RC---- C:\WINDOWS\SoundMan.exe
2008-03-02 18:48:57 ----RC---- C:\WINDOWS\SkyTel.exe
2008-03-02 18:48:56 ----R---- C:\WINDOWS\RtlUpd.exe
2008-03-02 18:48:51 ----RC---- C:\WINDOWS\RTLCPL.exe
2008-03-02 18:48:39 ----R---- C:\WINDOWS\RTHDCPL.exe
2008-03-02 18:48:38 ----RC---- C:\WINDOWS\MicCal.exe
2008-03-02 18:48:35 ----RC---- C:\WINDOWS\Alcmtr.exe
2008-03-02 18:48:33 ----RC---- C:\WINDOWS\alcwzrd.exe
2008-03-02 18:48:32 ----D---- C:\Program Files\Realtek
2008-03-02 18:48:05 ----RC---- C:\WINDOWS\RtlExUpd.dll
2008-03-02 17:43:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-03-02 17:43:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-03-02 17:36:16 ----RA---- C:\WINDOWS\system32\igfxres.dll
2008-03-02 17:34:11 ----D---- C:\WINDOWS\system32\Atheros_L2
2008-03-02 17:33:50 ----RAC---- C:\WINDOWS\system32\SRSWOW.dll
2008-03-02 17:33:50 ----RAC---- C:\WINDOWS\system32\SRSTSXT.dll
2008-03-02 17:33:50 ----RAC---- C:\WINDOWS\system32\RtkCoInst.dll
2008-03-02 17:33:50 ----RAC---- C:\WINDOWS\system32\RtkApoApi.dll
2008-03-02 17:33:49 ----RAC---- C:\WINDOWS\system32\RtkPgExt.dll
2008-03-02 17:33:48 ----RAC---- C:\WINDOWS\system32\RtkAPO.dll
2008-03-02 17:33:44 ----RAC---- C:\WINDOWS\RtHDVCpl.exe
2008-03-02 17:32:51 ----D---- C:\WINDOWS\system32\RTCOM
2008-03-02 17:32:50 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-03-02 17:32:30 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-03-02 17:31:54 ----AC---- C:\WINDOWS\HideWin.exe
2008-03-02 17:31:32 ----RAC---- C:\WINDOWS\system32\igfxexps.dll
2008-03-02 17:31:32 ----RAC---- C:\WINDOWS\system32\igfxCoIn_v4704.dll
2008-03-02 17:31:32 ----RAC---- C:\WINDOWS\system32\difx32.dll
2008-03-02 17:31:32 ----RA---- C:\WINDOWS\system32\iglicd32.dll
2008-03-02 17:31:32 ----RA---- C:\WINDOWS\system32\igldev32.dll
2008-03-02 17:31:32 ----RA---- C:\WINDOWS\system32\igfxress.dll
2008-03-02 17:31:32 ----RA---- C:\WINDOWS\system32\igfxpers.exe
2008-03-02 17:31:32 ----RA---- C:\WINDOWS\system32\igfxext.exe
2008-03-02 17:31:32 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2008-03-02 17:31:31 ----RAC---- C:\WINDOWS\system32\igfxdo.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igxprd32.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igxpgd32.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igxpdx32.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igxpdv32.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igfxsrvc.exe
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2008-03-02 17:31:31 ----RA---- C:\WINDOWS\system32\hccutils.dll
2008-03-02 17:31:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-03-02 17:31:17 ----RAC---- C:\WINDOWS\system32\difxapi.dll
2008-03-02 17:31:17 ----RA---- C:\WINDOWS\system32\igxpun.exe
2008-03-02 17:31:17 ----D---- C:\WINDOWS\system32\Lang
2008-03-02 17:29:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-03-02 17:29:32 ----D---- C:\Program Files\Intel
2008-03-02 17:29:22 ----HDC---- C:\WINDOWS\$NtUninstallKB921411$
2008-03-02 17:29:19 ----AC---- C:\WINDOWS\AS_Debug.txt
2008-03-02 17:28:59 ----AC---- C:\WINDOWS\Ascd_tmp.ini
2008-03-02 17:13:21 ----HD---- C:\Program Files\InstallShield Installation Information
2008-03-02 17:13:21 ----D---- C:\Program Files\NETGEAR
2008-03-02 17:13:21 ----A---- C:\WINDOWS\system32\W32N50.dll
2008-03-02 17:13:12 ----D---- C:\Program Files\Common Files\InstallShield
2008-03-02 17:03:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-02 17:03:49 ----HD---- C:\Program Files\Uninstall Information
2008-03-02 17:03:39 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-02 17:03:39 ----ASHC---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-03-02 17:03:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-03-02 17:03:33 ----SD---- C:\WINDOWS\system32\Microsoft
2008-03-02 17:03:33 ----D---- C:\WINDOWS\Prefetch
2008-03-02 17:03:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-03-02 16:45:59 ----D---- C:\WINDOWS\system32\xircom
2008-03-02 16:45:59 ----D---- C:\Program Files\xerox
2008-03-02 16:45:59 ----D---- C:\Program Files\microsoft frontpage
2008-03-02 16:45:42 ----AC---- C:\WINDOWS\control.ini
2008-03-02 16:45:42 ----A---- C:\AUTOEXEC.BAT
2008-03-02 16:45:35 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-03-02 16:45:32 ----AC---- C:\WINDOWS\system32\mapi32.dll
2008-03-02 16:44:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-03-02 16:44:56 ----RD---- C:\WINDOWS\Offline Web Pages
2008-03-02 16:44:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-02 16:44:52 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-03-02 16:44:48 ----HD---- C:\Program Files\WindowsUpdate
2008-03-02 16:44:34 ----D---- C:\WINDOWS\system32\DirectX
2008-03-02 16:44:16 ----AC---- C:\WINDOWS\system32\atrace.dll
2008-03-02 16:44:14 ----A---- C:\WINDOWS\system32\desktop.ini
2008-03-02 16:44:13 ----AC---- C:\WINDOWS\desktop.ini
2008-03-02 16:44:07 ----AC---- C:\WINDOWS\system32\nmevtmsg.dll
2008-03-02 16:44:06 ----A---- C:\WINDOWS\system32\acctres.dll
2008-03-02 16:44:05 ----D---- C:\Program Files\Common Files\Services
2008-03-02 16:44:03 ----SD---- C:\WINDOWS\Tasks
2008-03-02 16:44:03 ----AC---- C:\WINDOWS\system32\icfgnt5.dll
2008-03-02 16:44:02 ----D---- C:\Program Files\Common Files\MSSoap
2008-03-02 16:43:59 ----D---- C:\WINDOWS\srchasst
2008-03-02 16:43:58 ----D---- C:\WINDOWS\system32\Macromed
2008-03-02 16:43:55 ----AC---- C:\WINDOWS\system32\wuaueng1.dll
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wups.dll
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-03-02 16:43:55 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-03-02 16:43:54 ----AC---- C:\WINDOWS\system32\bitsprx3.dll
2008-03-02 16:43:54 ----AC---- C:\WINDOWS\system32\bitsprx2.dll
2008-03-02 16:43:54 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-03-02 16:43:54 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-03-02 16:43:51 ----D---- C:\Program Files\Movie Maker
2008-03-02 16:43:47 ----AC---- C:\WINDOWS\system32\safrslv.dll
2008-03-02 16:43:47 ----AC---- C:\WINDOWS\system32\safrdm.dll
2008-03-02 16:43:47 ----AC---- C:\WINDOWS\system32\safrcdlg.dll
2008-03-02 16:43:47 ----AC---- C:\WINDOWS\system32\racpldlg.dll
2008-03-02 16:43:44 ----AC---- C:\WINDOWS\system32\fltmc.exe
2008-03-02 16:43:44 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-03-02 16:43:43 ----D---- C:\WINDOWS\system32\Restore
2008-03-02 16:43:43 ----AC---- C:\WINDOWS\system32\mnmdd.dll
2008-03-02 16:43:43 ----AC---- C:\WINDOWS\system32\isrdbg32.dll
2008-03-02 16:43:43 ----AC---- C:\WINDOWS\system32\ils.dll
2008-03-02 16:43:43 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-03-02 16:43:43 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-03-02 16:43:43 ----A---- C:\WINDOWS\system32\srclient.dll
2008-03-02 16:43:42 ----AC---- C:\WINDOWS\system32\nmmkcert.dll
2008-03-02 16:43:42 ----AC---- C:\WINDOWS\system32\msconf.dll
2008-03-02 16:43:42 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-03-02 16:43:40 ----D---- C:\Program Files\NetMeeting
2008-03-02 16:43:40 ----AC---- C:\WINDOWS\system32\msoert2.dll
2008-03-02 16:43:40 ----AC---- C:\WINDOWS\system32\msoeacct.dll
2008-03-02 16:43:39 ----AC---- C:\WINDOWS\system32\inetres.dll
2008-03-02 16:43:38 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-03-02 16:43:37 ----D---- C:\Program Files\Outlook Express
2008-03-02 16:43:37 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-03-02 16:43:37 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-03-02 16:43:36 ----AC---- C:\WINDOWS\system32\mstask.dll
2008-03-02 16:43:36 ----AC---- C:\WINDOWS\system32\isign32.dll
2008-03-02 16:43:36 ----AC---- C:\WINDOWS\system32\inetcfg.dll
2008-03-02 16:43:36 ----AC---- C:\WINDOWS\system32\icwphbk.dll
2008-03-02 16:43:36 ----AC---- C:\WINDOWS\system32\icwdial.dll
2008-03-02 16:43:31 ----D---- C:\Program Files\Common Files\System
2008-03-02 16:43:30 ----D---- C:\Program Files\Internet Explorer
2008-03-02 16:43:07 ----D---- C:\Program Files\ComPlus Applications
2008-03-02 16:43:06 ----AC---- C:\WINDOWS\vbaddin.ini
2008-03-02 16:43:06 ----AC---- C:\WINDOWS\vb.ini
2008-03-02 16:43:03 ----D---- C:\WINDOWS\Registration
2008-03-02 16:42:58 ----D---- C:\Program Files\Windows Media Player
2008-03-02 16:42:58 ----D---- C:\Program Files\Online Services
2008-03-02 16:42:54 ----D---- C:\Program Files\Messenger
2008-03-02 16:42:50 ----D---- C:\Program Files\MSN Gaming Zone
2008-03-02 16:42:50 ----AC---- C:\WINDOWS\system32\write.exe
2008-03-02 16:42:42 ----AC---- C:\WINDOWS\system32\sndvol32.exe
2008-03-02 16:42:42 ----AC---- C:\WINDOWS\system32\avwav.dll
2008-03-02 16:42:42 ----AC---- C:\WINDOWS\system32\avtapi.dll
2008-03-02 16:42:42 ----AC---- C:\WINDOWS\system32\avmeter.dll
2008-03-02 16:42:42 ----A---- C:\WINDOWS\system32\hticons.dll
2008-03-02 16:42:41 ----A---- C:\WINDOWS\system32\winchat.exe
2008-03-02 16:42:36 ----AC---- C:\WINDOWS\system32\getuname.dll
2008-03-02 16:42:35 ----AC---- C:\WINDOWS\system32\winmine.exe
2008-03-02 16:42:35 ----AC---- C:\WINDOWS\system32\sol.exe
2008-03-02 16:42:35 ----AC---- C:\WINDOWS\system32\charmap.exe
2008-03-02 16:42:35 ----AC---- C:\WINDOWS\system32\calc.exe
2008-03-02 16:42:34 ----AC---- C:\WINDOWS\system32\usrlogon.cmd
2008-03-02 16:42:34 ----AC---- C:\WINDOWS\system32\tslabels.ini
2008-03-02 16:42:34 ----AC---- C:\WINDOWS\system32\mshearts.exe
2008-03-02 16:42:34 ----AC---- C:\WINDOWS\system32\freecell.exe
2008-03-02 16:42:34 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-03-02 16:42:34 ----A---- C:\WINDOWS\system32\tskill.exe
2008-03-02 16:42:34 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-03-02 16:42:34 ----A---- C:\WINDOWS\system32\tscon.exe
2008-03-02 16:42:34 ----A---- C:\WINDOWS\system32\shadow.exe
2008-03-02 16:42:34 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-03-02 16:42:34 ----A---- C:\WINDOWS\system32\reset.exe
2008-03-02 16:42:33 ----AC---- C:\WINDOWS\system32\rdpcfgex.dll
2008-03-02 16:42:33 ----AC---- C:\WINDOWS\system32\msdtcprf.ini
2008-03-02 16:42:33 ----AC---- C:\WINDOWS\system32\cdmodem.dll
2008-03-02 16:42:33 ----A---- C:\WINDOWS\system32\regini.exe
2008-03-02 16:42:33 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-03-02 16:42:33 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-03-02 16:42:33 ----A---- C:\WINDOWS\system32\msg.exe
2008-03-02 16:42:33 ----A---- C:\WINDOWS\system32\logoff.exe
2008-03-02 16:42:32 ----AC---- C:\WINDOWS\system32\stclient.dll
2008-03-02 16:42:32 ----AC---- C:\WINDOWS\system32\mtxlegih.dll
2008-03-02 16:42:32 ----AC---- C:\WINDOWS\system32\mtxex.dll
2008-03-02 16:42:32 ----AC---- C:\WINDOWS\system32\mtxdm.dll
2008-03-02 16:42:32 ----AC---- C:\WINDOWS\system32\comrepl.dll
2008-03-02 16:42:32 ----AC---- C:\WINDOWS\system32\comaddin.dll
2008-03-02 16:42:32 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-03-02 16:42:31 ----AC---- C:\WINDOWS\system32\comsnap.dll
2008-03-02 16:42:27 ----AC---- C:\WINDOWS\system32\wmimgmt.msc
2008-03-02 16:42:17 ----D---- C:\Program Files\MSN
2008-03-02 16:42:17 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-03-02 16:42:16 ----D---- C:\Program Files\Windows NT
2008-03-02 16:42:16 ----AC---- C:\WINDOWS\system32\sndrec32.exe
2008-03-02 16:42:16 ----AC---- C:\WINDOWS\system32\mspaint.exe
2008-03-02 16:42:16 ----AC---- C:\WINDOWS\system32\hypertrm.dll
2008-03-02 16:42:16 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-03-02 16:42:15 ----AC---- C:\WINDOWS\system32\tscfgwmi.dll
2008-03-02 16:42:15 ----AC---- C:\WINDOWS\system32\spider.exe
2008-03-02 16:42:15 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-03-02 16:42:14 ----AC---- C:\WINDOWS\system32\remotepg.dll
2008-03-02 16:42:14 ----AC---- C:\WINDOWS\system32\rdchost.dll
2008-03-02 16:42:14 ----AC---- C:\WINDOWS\system32\mstsc.exe
2008-03-02 16:42:14 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-03-02 16:42:14 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-03-02 16:42:14 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-03-02 16:42:14 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-03-02 16:42:14 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-03-02 16:42:13 ----D---- C:\WINDOWS\system32\MsDtc
2008-03-02 16:42:13 ----AC---- C:\WINDOWS\system32\rdpwsx.dll
2008-03-02 16:42:13 ----AC---- C:\WINDOWS\system32\rdpsnd.dll
2008-03-02 16:42:13 ----AC---- C:\WINDOWS\system32\mtxoci.dll
2008-03-02 16:42:13 ----AC---- C:\WINDOWS\system32\msdtcuiu.dll
2008-03-02 16:42:13 ----AC---- C:\WINDOWS\system32\cfgbkend.dll
2008-03-02 16:42:13 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-03-02 16:42:13 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-03-02 16:42:13 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-03-02 16:42:13 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-03-02 16:42:12 ----AC---- C:\WINDOWS\system32\xolehlp.dll
2008-03-02 16:42:12 ----AC---- C:\WINDOWS\system32\msdtctm.dll
2008-03-02 16:42:12 ----AC---- C:\WINDOWS\system32\msdtcprx.dll
2008-03-02 16:42:12 ----AC---- C:\WINDOWS\system32\msdtclog.dll
2008-03-02 16:42:12 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-03-02 16:42:11 ----D---- C:\WINDOWS\system32\Com
2008-03-02 16:42:11 ----AC---- C:\WINDOWS\system32\clbcatex.dll
2008-03-02 16:42:11 ----AC---- C:\WINDOWS\system32\catsrvps.dll
2008-03-02 16:42:11 ----A---- C:\WINDOWS\system32\colbact.dll
2008-03-02 16:42:11 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-03-02 16:42:11 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-03-02 16:42:10 ----AC---- C:\WINDOWS\system32\comuid.dll
2008-03-02 16:42:10 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-03-02 16:42:10 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-03-02 16:42:05 ----AC---- C:\WINDOWS\system32\servdeps.dll
2008-03-02 16:42:04 ----AC---- C:\WINDOWS\system32\mmfutil.dll
2008-03-02 16:42:04 ----AC---- C:\WINDOWS\system32\licwmi.dll
2008-03-02 16:42:04 ----AC---- C:\WINDOWS\system32\cmprops.dll
2008-03-02 10:41:14 ----A---- C:\WINDOWS\system32\h323log.txt
2008-03-02 10:29:33 ----A---- C:\WINDOWS\system32\usbui.dll
2008-03-02 10:28:45 ----A---- C:\WINDOWS\imsins.BAK
2008-03-02 10:28:42 ----SHD---- C:\WINDOWS\Installer
2008-03-02 10:28:42 ----D---- C:\Program Files\Common Files\ODBC
2008-03-02 10:28:42 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-03-02 10:28:42 ----AC---- C:\WINDOWS\ODBCINST.INI
2008-03-02 10:28:39 ----RD---- C:\Program Files
2008-03-02 10:28:39 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-03-02 10:28:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-03-02 10:28:39 ----D---- C:\Program Files\Common Files
2008-03-02 10:28:36 ----RAC---- C:\WINDOWS\system32\kbdtuq.dll
2008-03-02 10:28:36 ----RAC---- C:\WINDOWS\system32\kbdtuf.dll
2008-03-02 10:28:36 ----RAC---- C:\WINDOWS\system32\kbdazel.dll
2008-03-02 10:28:35 ----RAC---- C:\WINDOWS\system32\kbduzb.dll
2008-03-02 10:28:35 ----RAC---- C:\WINDOWS\system32\kbdtat.dll
2008-03-02 10:28:35 ----RAC---- C:\WINDOWS\system32\kbdmon.dll
2008-03-02 10:28:35 ----RAC---- C:\WINDOWS\system32\kbdkyr.dll
2008-03-02 10:28:35 ----RAC---- C:\WINDOWS\system32\kbdkaz.dll
2008-03-02 10:28:35 ----RAC---- C:\WINDOWS\system32\kbdaze.dll
2008-03-02 10:28:34 ----RAC---- C:\WINDOWS\system32\kbdycc.dll
2008-03-02 10:28:34 ----RAC---- C:\WINDOWS\system32\kbdur.dll
2008-03-02 10:28:34 ----RAC---- C:\WINDOWS\system32\kbdru1.dll
2008-03-02 10:28:34 ----RAC---- C:\WINDOWS\system32\kbdru.dll
2008-03-02 10:28:34 ----RAC---- C:\WINDOWS\system32\kbdbu.dll
2008-03-02 10:28:34 ----RAC---- C:\WINDOWS\system32\kbdblr.dll
2008-03-02 10:28:33 ----RAC---- C:\WINDOWS\system32\kbdhept.dll
2008-03-02 10:28:33 ----RAC---- C:\WINDOWS\system32\kbdhela3.dll
2008-03-02 10:28:33 ----RAC---- C:\WINDOWS\system32\kbdhela2.dll
2008-03-02 10:28:33 ----RAC---- C:\WINDOWS\system32\kbdhe319.dll
2008-03-02 10:28:33 ----RAC---- C:\WINDOWS\system32\kbdhe220.dll
2008-03-02 10:28:33 ----RAC---- C:\WINDOWS\system32\kbdgkl.dll
2008-03-02 10:28:32 ----RAC---- C:\WINDOWS\system32\kbdhe.dll
2008-03-02 10:28:31 ----RAC---- C:\WINDOWS\system32\kbdlv1.dll
2008-03-02 10:28:31 ----RAC---- C:\WINDOWS\system32\kbdlv.dll
2008-03-02 10:28:31 ----RAC---- C:\WINDOWS\system32\kbdlt1.dll
2008-03-02 10:28:31 ----RAC---- C:\WINDOWS\system32\kbdlt.dll
2008-03-02 10:28:31 ----RAC---- C:\WINDOWS\system32\kbdest.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdycl.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdsl1.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdsl.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdro.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdpl1.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdpl.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdhu1.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdhu.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdcz2.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdcz1.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdcz.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\kbdcr.dll
2008-03-02 10:28:29 ----RAC---- C:\WINDOWS\system32\KBDAL.DLL
2008-03-02 10:28:27 ----AC---- C:\WINDOWS\system32\spxcoins.dll
2008-03-02 10:28:27 ----AC---- C:\WINDOWS\system32\irclass.dll
2008-03-02 10:28:27 ----AC---- C:\WINDOWS\system32\EqnClass.Dll
2008-03-02 10:28:27 ----AC---- C:\WINDOWS\system32\dgsetup.dll
2008-03-02 10:28:27 ----AC---- C:\WINDOWS\system32\dgrpsetu.dll
2008-03-02 10:28:25 ----AC---- C:\WINDOWS\TASKMAN.EXE
2008-03-02 10:28:25 ----AC---- C:\WINDOWS\system32\CONFIG.TMP
2008-03-02 10:28:24 ----AC---- C:\WINDOWS\system32\batt.dll
2008-03-02 10:28:24 ----AC---- C:\WINDOWS\NOTEPAD.EXE
2008-03-02 10:28:23 ----AC---- C:\WINDOWS\system32\storprop.dll
2008-03-02 10:28:18 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-03-02 10:26:36 ----RAC---- C:\WINDOWS\SET8.tmp
2008-03-02 10:26:34 ----RAC---- C:\WINDOWS\SET4.tmp
2008-03-02 10:26:32 ----RAC---- C:\WINDOWS\SET3.tmp
2008-03-02 10:26:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-03-02 10:26:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-03-02 10:26:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-02 10:26:07 ----AC---- C:\WINDOWS\setuplog.txt
2008-03-02 10:26:04 ----SHD---- C:\System Volume Information
2008-03-02 10:26:04 ----D---- C:\Documents and Settings
2008-03-02 10:25:19 ----SH---- C:\boot.ini
2008-03-02 10:25:19 ----RASH---- C:\Boot.ini.saved
2008-03-02 10:21:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-03-02 10:21:22 ----RSD---- C:\WINDOWS\Fonts
2008-03-02 10:21:22 ----RD---- C:\WINDOWS\Web
2008-03-02 10:21:22 ----HD---- C:\WINDOWS\inf
2008-03-02 10:21:22 ----D---- C:\WINDOWS\WinSxS
2008-03-02 10:21:22 ----D---- C:\WINDOWS\twain_32
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Temp
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\wins
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\wbem
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\usmt
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\spool
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\ShellExt
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\Setup
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\ras
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\oobe
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\npp
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\mui
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\inetsrv
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\IME
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\icsxml
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\ias
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\export
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\drivers
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\dhcp
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\config
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\3com_dmi
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\3076
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\2052
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1054
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1042
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1041
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1037
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1033
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1031
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1028
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32\1025
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system32
2008-03-02 10:21:22 ----D---- C:\WINDOWS\system
2008-03-02 10:21:22 ----D---- C:\WINDOWS\security
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Resources
2008-03-02 10:21:22 ----D---- C:\WINDOWS\repair
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Provisioning
2008-03-02 10:21:22 ----D---- C:\WINDOWS\PeerNet
2008-03-02 10:21:22 ----D---- C:\WINDOWS\pchealth
2008-03-02 10:21:22 ----D---- C:\WINDOWS\mui
2008-03-02 10:21:22 ----D---- C:\WINDOWS\msapps
2008-03-02 10:21:22 ----D---- C:\WINDOWS\msagent
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Media
2008-03-02 10:21:22 ----D---- C:\WINDOWS\java
2008-03-02 10:21:22 ----D---- C:\WINDOWS\ime
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Help
2008-03-02 10:21:22 ----D---- C:\WINDOWS\ehome
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Driver Cache
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Debug
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Cursors
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Connection Wizard
2008-03-02 10:21:22 ----D---- C:\WINDOWS\Config
2008-03-02 10:21:22 ----D---- C:\WINDOWS\AppPatch
2008-03-02 10:21:22 ----D---- C:\WINDOWS\addins
2008-03-02 10:21:22 ----D---- C:\WINDOWS
2008-01-11 11:35:38 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-01-11 11:35:16 ----AC---- C:\WINDOWS\system32\nlsdl.dll
2008-01-11 11:35:16 ----A---- C:\WINDOWS\system32\normaliz.dll
2008-01-11 11:35:16 ----A---- C:\WINDOWS\system32\idndl.dll
2007-11-30 18:16:18 ----AC---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-11-13 05:31:11 ----A---- C:\WINDOWS\system32\tzchange.exe
2007-10-24 00:47:38 ----AC---- C:\WINDOWS\system32\mscorier.dll
2007-10-24 00:47:38 ----A---- C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47:38 ----A---- C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47:28 ----A---- C:\WINDOWS\system32\dfshim.dll
2007-10-11 14:12:48 ----AC---- C:\WINDOWS\system32\LegitCheckControl.DLL
2007-10-11 09:55:10 ----A---- C:\WINDOWS\system32\infocardapi.dll
2007-10-11 09:55:10 ----A---- C:\WINDOWS\system32\icardres.dll.mui
2007-10-11 09:55:10 ----A---- C:\WINDOWS\system32\icardres.dll
2007-10-11 09:55:10 ----A---- C:\WINDOWS\system32\icardagt.exe
2007-10-09 13:03:14 ----A---- C:\WINDOWS\system32\milcore.dll
2007-10-09 13:03:12 ----A---- C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 13:03:12 ----A---- C:\WINDOWS\system32\evr.dll
2007-10-09 13:03:08 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 13:03:08 ----A---- C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 13:03:04 ----A---- C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 13:03:02 ----A---- C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 13:03:00 ----A---- C:\WINDOWS\system32\dxva2.dll
2007-10-09 12:58:20 ----A---- C:\WINDOWS\system32\tswpfwrp.exe
2007-08-23 00:03:38 ----A---- C:\WINDOWS\system32\FM20.DLL
2007-07-30 19:19:12 ----A---- C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19:02 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2007-07-30 19:18:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2007-07-30 19:18:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2007-07-16 10:58:10 ----A---- C:\WINDOWS\system32\vpnapi.dll
2007-07-16 10:58:00 ----AC---- C:\WINDOWS\system32\CSGina.dll
2007-05-15 15:43:10 ----A---- C:\WINDOWS\system32\msxml6.dll
2007-05-08 17:08:12 ----A---- C:\WINDOWS\system32\msxml6r.dll
2007-05-08 14:03:04 ----AC---- C:\WINDOWS\system32\msxml4.dll
2007-03-23 06:07:56 ----A---- C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 06:07:54 ----A---- C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 20:25:02 ----A---- C:\WINDOWS\system32\prntvpt.dll
2006-11-02 06:00:10 ----A---- C:\WINDOWS\system32\winusb.dll
2006-10-26 13:10:06 ----AC---- C:\WINDOWS\system32\FM20ENU.DLL
2006-10-26 12:45:04 ----AC---- C:\WINDOWS\system32\INKED.DLL
2006-10-26 12:45:04 ----A---- C:\WINDOWS\system32\WISPTIS.EXE
2006-10-24 12:30:20 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2006-10-24 12:30:06 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2006-10-24 12:30:00 ----A---- C:\WINDOWS\system32\WMPhoto.dll
2006-10-24 12:29:50 ----A---- C:\WINDOWS\system32\WindowsCodecsExt.dll
2006-10-18 21:58:00 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58:00 ----A---- C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47:22 ----AC---- C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47:20 ----AC---- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47:20 ----AC---- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47:20 ----AC---- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47:20 ----AC---- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47:18 ----AC---- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47:18 ----AC---- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47:18 ----AC---- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47:18 ----AC---- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47:14 ----AC---- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47:14 ----AC---- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47:14 ----AC---- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47:08 ----A---- C:\WINDOWS\system32\audiodev.dll
2006-10-18 20:00:46 ----A---- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00:14 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-16 04:21:48 ----AC---- C:\WINDOWS\system32\xpsp3res.dll
2006-10-02 15:28:42 ----AC---- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13:26 ----A---- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 19:53:16 ----A---- C:\WINDOWS\system32\msvcr70.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CDDBUI.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CddbLangNL.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CddbLangJA.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CddbLangIT.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CddbLangFR.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CddbLangES.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CddbLangDE.dll
2006-09-28 19:52:18 ----A---- C:\WINDOWS\system32\CDDBControl.dll
2006-09-28 18:56:38 ----A---- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56:38 ----A---- C:\WINDOWS\system32\WudfHost.exe
2006-09-28 18:56:16 ----A---- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56:14 ----A---- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 16:15:06 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll
2006-07-24 09:50:40 ----AC---- C:\WINDOWS\system32\VBAME.DLL
2006-07-24 09:50:40 ----AC---- C:\WINDOWS\system32\SCP32.DLL
2006-07-24 09:50:38 ----AC---- C:\WINDOWS\system32\MSSTDFMT.DLL
2006-03-16 18:38:01 ----A---- C:\WINDOWS\system32\verclsid.exe
2005-10-11 09:56:14 ----RA---- C:\WINDOWS\system32\atiexdxx.dll
2005-09-23 07:28:56 ----AC---- C:\WINDOWS\system32\netfxperf.dll
2005-03-01 09:27:04 ----A---- C:\WINDOWS\system32\unicows.dll
2005-01-26 08:22:28 ----A---- C:\WINDOWS\system32\vsinit.dll
2005-01-26 08:22:16 ----A---- C:\WINDOWS\system32\vsdata.dll
2005-01-07 17:07:16 ----AC---- C:\WINDOWS\system32\HdAProp.dll
2005-01-07 17:07:16 ----A---- C:\WINDOWS\system32\HdAShCut.exe
2005-01-07 17:07:04 ----AC---- C:\WINDOWS\system32\HdAudRes.dll
2004-08-03 18:56:48 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2004-08-03 18:56:48 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2004-08-03 18:56:46 ----AC---- C:\WINDOWS\system32\pid.dll
2004-08-03 18:56:46 ----A---- C:\WINDOWS\system32\pjlmon.dll
2004-08-03 18:56:46 ----A---- C:\WINDOWS\system32\msyuv.dll
2004-08-03 18:56:44 ----AC---- C:\WINDOWS\system32\dmutil.dll
2004-08-03 18:56:44 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2004-08-03 18:56:44 ----A---- C:\WINDOWS\system32\hid.dll
2004-08-03 18:56:42 ----A---- C:\WINDOWS\system32\cnbjmon.dll
2004-08-03 17:02:46 ----A---- C:\WINDOWS\system32\netsetup.exe
2004-08-03 17:01:08 ----AC---- C:\WINDOWS\system32\rdpdd.dll
2004-08-03 17:01:08 ----A---- C:\WINDOWS\system32\tsddd.dll
2004-08-03 16:59:02 ----AC---- C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-03 16:57:06 ----A---- C:\WINDOWS\system32\drmclien.dll
2004-08-03 16:57:04 ----A---- C:\WINDOWS\system32\wmvcore.dll
2004-08-03 16:57:04 ----A---- C:\WINDOWS\system32\drmv2clt.dll
2004-08-03 16:57:02 ----AC---- C:\WINDOWS\system32\msscp.dll
2004-08-03 16:57:02 ----A---- C:\WINDOWS\system32\msnetobj.dll
2004-08-03 16:56:58 ----AC---- C:\WINDOWS\winhlp32.exe
2004-08-03 16:56:58 ----AC---- C:\WINDOWS\system32\wiaacmgr.exe
2004-08-03 16:56:58 ----AC---- C:\WINDOWS\system32\userinit.exe
2004-08-03 16:56:58 ----AC---- C:\WINDOWS\system32\tourstart.exe
2004-08-03 16:56:58 ----AC---- C:\WINDOWS\system32\telnet.exe
2004-08-03 16:56:58 ----AC---- C:\WINDOWS\system32\taskmgr.exe
2004-08-03 16:56:58 ----AC---- C:\WINDOWS\system32\shutdown.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\xcopy.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\wscript.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\wscntfy.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\wpabaln.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\winver.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\winlogon.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\wextract.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\vssvc.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\utilman.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\ups.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\upnpcont.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\tracert.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\tracerpt.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\tlntsess.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\svchost.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\stimon.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\spoolsv.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\spnpinst.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\smss.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\smbinst.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\skeys.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\sigverif.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\shrpubw.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\shmgrate.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\setup.exe
2004-08-03 16:56:58 ----A---- C:\WINDOWS\system32\sethc.exe
2004-08-03 16:56:56 ----AC---- C:\WINDOWS\system32\regsvr32.exe
2004-08-03 16:56:56 ----AC---- C:\WINDOWS\system32\ntvdm.exe
2004-08-03 16:56:56 ----AC---- C:\WINDOWS\system32\ntbackup.exe
2004-08-03 16:56:56 ----AC---- C:\WINDOWS\system32\notepad.exe
2004-08-03 16:56:56 ----AC---- C:\WINDOWS\regedit.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\services.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\secedit.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\sdbinst.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\schtasks.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\scardsvr.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\savedump.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\runonce.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rundll32.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rtcshare.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rsnotify.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rsh.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rexec.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\reg.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rcp.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rcimlby.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\rasphone.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\proxycfg.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\proquota.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\progman.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\powercfg.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\ping.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\perfmon.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\packager.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\osk.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\openfiles.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\odbcconf.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\odbcad32.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\nslookup.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\netstat.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\netsh.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\netdde.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\net1.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\net.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\nddeapir.exe
2004-08-03 16:56:56 ----A---- C:\WINDOWS\system32\narrator.exe
2004-08-03 16:56:54 ----AC---- C:\WINDOWS\system32\msiexec.exe
2004-08-03 16:56:54 ----AC---- C:\WINDOWS\system32\mshta.exe
2004-08-03 16:56:54 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2004-08-03 16:56:54 ----A---- C:\WINDOWS\system32\mqsvc.exe
2004-08-03 16:56:54 ----A---- C:\WINDOWS\system32\mqbkup.exe
2004-08-03 16:56:52 ----AC---- C:\WINDOWS\system32\imapi.exe
2004-08-03 16:56:52 ----AC---- C:\WINDOWS\system32\ie4uinit.exe
2004-08-03 16:56:52 ----AC---- C:\WINDOWS\hh.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\mobsync.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\mmc.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\makecab.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\magnify.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\lsass.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\logonui.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\logman.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\logagent.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\locator.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\ipxroute.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\ipv6.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\ipconfig.exe
2004-08-03 16:56:52 ----A---- C:\WINDOWS\system32\iexpress.exe
2004-08-03 16:56:50 ----AC---- C:\WINDOWS\system32\dwwin.exe
2004-08-03 16:56:50 ----AC---- C:\WINDOWS\system32\dumprep.exe
2004-08-03 16:56:50 ----AC---- C:\WINDOWS\system32\dfrgntfs.exe
2004-08-03 16:56:50 ----AC---- C:\WINDOWS\system32\defrag.exe
2004-08-03 16:56:50 ----AC---- C:\WINDOWS\system32\cmd.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\grpconv.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\gpresult.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\ftp.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\fsquirt.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\fontview.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\findstr.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\extrac32.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\eventcreate.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\eudcedit.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dxdiag.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dmremote.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dmadmin.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dllhost.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\diskpart.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\diantz.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\ddeshare.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\ctfmon.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\csrss.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\cscript.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\conime.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\cmstp.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\cmmon32.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\system32\cmdl32.exe
2004-08-03 16:56:50 ----A---- C:\WINDOWS\explorer.exe
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\twain_32.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\zipfldr.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\xmlprovi.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wzcdlg.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wstdecod.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wsnmp32.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\WshRm.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wship6.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wshcon.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wshbth.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wsecedit.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmvdmoe2.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmvdmod.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmstream.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\WMSPDMOE.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmsdmoe2.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmsdmoe.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmsdmod.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmpui.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmpshell.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmpcore.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmpcd.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\WMNetMgr.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmidx.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmdmps.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wmdmlog.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\WMADMOE.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\WMADMOD.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\winshfhc.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wiavideo.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wiadss.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\wiadefui.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\webvw.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\vdmredir.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\vdmdbg.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\vbajet32.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\usp10.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\upnpui.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\untfs.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\ulib.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\txflog.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\twext.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\tlntsvrp.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\termmgr.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\tcpmonui.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\tcpmib.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\tapi3.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\t2embed.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\syssetup.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\synceng.dll
2004-08-03 16:56:48 ----AC---- C:\WINDOWS\system32\autochk.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\xmlprov.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\xactsrv.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wtsapi32.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wsock32.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wshtcpip.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wshext.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wscsvc.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\ws2help.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\ws2_32.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wow32.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\WMSPDMOD.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wmpasf.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wmp.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wmasf.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wlnotify.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wldap32.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wkssvc.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wintrust.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\winsta.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\winsrv.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\winscard.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\winrnr.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\winmm.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\winipsec.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wininet.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\winhttp.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\win32spl.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wiashext.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wiaservc.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wiascr.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\webclnt.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\wdigest.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\w3ssl.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\w32time.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\vssapi.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\version.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\vbscript.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\uxtheme.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\userenv.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\user32.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\usbmon.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\url.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\upnphost.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\upnp.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\uniplat.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\unimdmat.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\umpnpmgr.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\umandlg.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\udhisapi.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\trkwks.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\themeui.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\tcpmon.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\tapisrv.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\tapi32.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\syncui.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\sxs.dll
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\clipsrv.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\cliconfg.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\cisvc.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\cipher.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\blastcln.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\autolfn.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\autofmt.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\autoconv.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\auditusr.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\atmadm.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\at.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\alg.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\ahui.exe
2004-08-03 16:56:48 ----A---- C:\WINDOWS\system32\actmovie.exe
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\strmdll.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sti_ci.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sqlunirl.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sqlsrv32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\snmpsnap.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\snmpapi.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\smlogcfg.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\slbiop.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\slayerxp.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sigtab.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\shscrap.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sfcfiles.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sendmail.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sendcmsg.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\security.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sdhcinst.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\scrobj.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sclgntfy.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sccsccp.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\scarddlg.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sbeio.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\sbe.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\rtipxmib.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\rsmps.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\rshx32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\regwizc.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\rcbdyctl.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\rassapi.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\qedit.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\qdvd.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\qdv.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\qcap.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\qasf.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\pstorec.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\polstore.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\pnrpnsp.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\perfproc.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\perfdisk.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\perfctrs.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\pdh.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\pautoenr.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\p2psvc.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\p2pnetsh.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\p2pgraph.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\p2pgasvc.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\p2p.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\oleprn.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\offfilt.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odtext32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odpdx32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odfox32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odexl32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\oddbse32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odbctrac.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odbcjt32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odbccu32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odbccr32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odbccp32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odbcconf.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\odbc32gt.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\objsel.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\nwwks.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\nwprovau.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\ntprint.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\ntmsmgr.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\ntmsdba.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\ntmsapi.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\npptools.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\nlhtml.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\newdev.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\netid.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\nddenb32.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\msxbde40.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\mswstr10.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\mswmdm.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\mswebdvd.dll
2004-08-03 16:56:46 ----AC---- C:\WINDOWS\system32\mswdat10.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\strmfilt.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\stobject.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\sti.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ssdpsrv.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ssdpapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\srvsvc.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\spoolss.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shsvcs.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shmedia.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shlwapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shimgvw.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shimeng.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shgina.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shfolder.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shell32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\shdocvw.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\sfc_os.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\sfc.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\setupapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\sensapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\sens.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\secur32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\seclogon.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\scrrun.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\schannel.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\scesrv.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\scecli.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\samsrv.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\samlib.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rtutils.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rpcss.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\riched20.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\resutils.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\regsvc.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\regapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rastls.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rastapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rasppp.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rasmans.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rasman.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rasdlg.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\raschap.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rasauto.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rasapi32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\rasadhlp.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\query.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\quartz.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\pstorsvc.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\psbase.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\psapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\profmap.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\printui.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\powrprof.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\pngfilt.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\photowiz.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\perfos.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\osuninst.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\opengl32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\olepro32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\oleaut32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ole32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\odbcbcp.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\odbc32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\occache.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\oakley.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ntshrui.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ntmssvc.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ntmarta.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ntlanman.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ntdsapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netui1.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netui0.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netshell.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netrap.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netplwiz.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netman.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netlogon.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netcfgx.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\netapi32.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\nddeapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\ncobjapi.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\mydocs.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\mtxclu.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\msxml3.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\msxml2.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\msxml.dll
2004-08-03 16:56:46 ----A---- C:\WINDOWS\system32\mswsock.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msw3prt.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msvbvm60.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mstext40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mssap.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msrepl40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msrd3x40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msrd2x40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msrating.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mspmsp.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mspbde40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msorcl32.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msnsspc.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msltus40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mslbui.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msjtes40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msjter40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msjint40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msjet40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msihnd.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msident.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msexcl40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msexch40.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msdart.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msdadiag.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\MSCTFP.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mscpxl32.dLL
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\msapsspc.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqutil.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqupgrd.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqtrig.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqsnap.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqsec.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqrtdep.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqrt.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqqm.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqoa.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqlogmgr.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqise.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqdscli.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mqad.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\MPG4DMOD.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\MP4SDMOD.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\MP43DMOD.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mobsync.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mmcndmgr.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mmcbase.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\miglibnt.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mgmtapi.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mfc42u.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mf3216.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mdminst.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mciwave.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mciseq.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mciqtz32.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mciavi32.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\mcastmib.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\lprhelp.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\lpk.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\localui.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\localsec.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\loadperf.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\lmrt.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\licmgr10.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\LAPRXY.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\keymgr.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\jsproxy.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ixsso.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\iuengine.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\itss.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\itircl.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ir50_qcx.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ir50_qc.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ir41_qcx.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ir41_qc.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ipv6mon.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ipsmsnap.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ipsecsnp.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ippromon.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\inseng.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\input.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\initpki.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\inetppui.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\inetmib1.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\imeshare.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\igmpagnt.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ifmon.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\iesetup.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\iernonce.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ieencode.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ieaksie.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ieakeng.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\idq.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\iasrad.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\htui.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\hnetwiz.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\hhsetup.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\hccoin.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\h323msp.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\gptext.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\fwcfg.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\fontext.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\filemgmt.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\fdeploy.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\expsrv.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\encdec.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\encapi.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\els.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\efsadu.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dxmasf.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dx8vb.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dx7vb.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dsprop.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dsound3d.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dsdmoprp.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dsdmo.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\ds32gt.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\drmstor.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpwsockx.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpvvox.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpvoice.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpvacm.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpnhupnp.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpnhpast.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpnet.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dpmodemx.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dplayx.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\docprop2.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmusic.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmsynth.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmstyle.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmscript.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmloader.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmime.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmdskmgr.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmcompos.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dmband.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\digest.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dgnet.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dfrgsnap.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\devmgr.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dbnmpntw.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dbnetlib.dll
2004-08-03 16:56:44 ----AC---- C:\WINDOWS\system32\dbmsrpcn.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msvidctl.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msvfw32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msvcrt.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msvcp60.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msvcirt.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msv1_0.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msutb.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mstlsapi.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mstime.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msrle32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mspmsnsv.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mspatcha.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msisip.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\MSIMTF.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msimg32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msieftp.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msidle.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msi.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mshtmled.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msgsvc.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msgina.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msftedit.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msdmo.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msctf.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mscms.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msasn1.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\msacm32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mprapi.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mpr.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\modemui.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mmcshext.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mlang.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\midimap.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mfcsubs.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\mfc42.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\lsasrv.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\localspl.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\linkinfo.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\licdll.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\kernel32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\kerberos.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\jscript.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\ir50_32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\ipsecsvc.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\iphlpapi.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\inetpp.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\imm32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\imgutil.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\imagehlp.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\icm32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\iccvid.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\httpapi.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\hotplug.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\hnetcfg.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\glu32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\gdi32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\fldrclnr.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\feclient.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\faultrep.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\extmgr.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\eventlog.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\esent.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\es.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\ersvc.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dxtrans.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\duser.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dswave.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dsuiext.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dssec.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dsquery.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dsound.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dskquota.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\drprov.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dnsapi.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dmserver.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dinput8.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dinput.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dfsshlex.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dfrgui.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\devenum.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\ddrawex.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\ddraw.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dciman32.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dbghelp.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\davclnt.dll
2004-08-03 16:56:44 ----A---- C:\WINDOWS\system32\dataclen.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\danim.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\d3dim700.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\d3d8thk.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\d3d8.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cryptext.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cryptdlg.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\corpol.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\compstui.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\compatUI.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cmutil.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cmsetACL.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cmdial32.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cmcfg32.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cliconfg.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\ciodm.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cewmdm.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\certmgr.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cdosys.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\cdfview.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\camocx.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\btpanui.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\bthserv.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\bthci.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\browsewm.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\blackbox.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\bidispl.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\atmlib.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\asycfilt.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\appmgr.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\amstream.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\adsnt.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\adsmsext.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\adsldp.dll
2004-08-03 16:56:42 ----AC---- C:\WINDOWS\system32\admparse.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\d3d9.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\csrsrv.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cscui.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cscdll.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cryptui.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cryptnet.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cryptdll.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\crypt32.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\credui.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\comres.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\comdlg32.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\comctl32.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\clusapi.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\certcli.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cdm.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cabview.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\cabinet.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\browseui.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\browser.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\batmeter.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\basesrv.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\avifil32.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\authz.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\audiosrv.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\atl.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\appmgmts.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\apphelp.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\alrsvc.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\advpack.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\advapi32.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\adsldpc.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\actxprxy.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\activeds.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\aclui.dll
2004-08-03 16:56:42 ----A---- C:\WINDOWS\system32\6to4svc.dll
2004-08-03 16:56:38 ----AC---- C:\WINDOWS\system32\xpsp1res.dll
2004-08-03 16:56:38 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2004-08-03 16:56:38 ----A---- C:\WINDOWS\system32\xpob2res.dll
2004-08-03 16:56:38 ----A---- C:\WINDOWS\system32\wmploc.dll
2004-08-03 16:56:38 ----A---- C:\WINDOWS\system32\ntdll.dll
2004-08-03 16:56:36 ----AC---- C:\WINDOWS\system32\wmerror.dll
2004-08-03 16:56:36 ----AC---- C:\WINDOWS\system32\winntbbu.dll
2004-08-03 16:56:36 ----AC---- C:\WINDOWS\system32\winbrand.dll
2004-08-03 16:56:36 ----A---- C:\WINDOWS\system32\wmi.dll
2004-08-03 16:56:28 ----AC---- C:\WINDOWS\system32\dpcdll.dll
2004-08-03 16:56:28 ----A---- C:\WINDOWS\system32\shdoclc.dll
2004-08-03 16:56:26 ----AC---- C:\WINDOWS\system32\qedwipes.dll
2004-08-03 16:56:24 ----AC---- C:\WINDOWS\system32\odbcp32r.dll
2004-08-03 16:56:24 ----AC---- C:\WINDOWS\system32\odbcji32.dll
2004-08-03 16:56:24 ----A---- C:\WINDOWS\system32\odbcint.dll
2004-08-03 16:56:20 ----AC---- C:\WINDOWS\system32\msorc32r.dll
2004-08-03 16:56:20 ----A---- C:\WINDOWS\system32\msprivs.dll
2004-08-03 16:56:18 ----AC---- C:\WINDOWS\system32\msimsg.dll
2004-08-03 16:56:16 ----AC---- C:\WINDOWS\system32\mshtmler.dll
2004-08-03 16:56:14 ----AC---- C:\WINDOWS\system32\msdxmlc.dll
2004-08-03 16:56:14 ----AC---- C:\WINDOWS\system32\mscpx32r.dLL
2004-08-03 16:56:14 ----AC---- C:\WINDOWS\system32\msafd.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\moricons.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdukx.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdsmsno.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdsmsfi.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdno1.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdmlt48.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdmlt47.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdmaori.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdinmal.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdinben.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdinbe1.dll
2004-08-03 16:56:12 ----AC---- C:\WINDOWS\system32\kbdfi1.dll
2004-08-03 16:56:08 ----AC---- C:\WINDOWS\system32\gpkrsrc.dll
2004-08-03 16:56:08 ----AC---- C:\WINDOWS\system32\gpedit.dll
2004-08-03 16:56:08 ----AC---- C:\WINDOWS\system32\framebuf.dll
2004-08-03 16:56:08 ----A---- C:\WINDOWS\system32\icmp.dll
2004-08-03 16:56:06 ----AC---- C:\WINDOWS\system32\dsprpres.dll
2004-08-03 16:56:06 ----A---- C:\WINDOWS\system32\pidgen.dll
2004-08-03 16:56:04 ----AC---- C:\WINDOWS\system32\dpnlobby.dll
2004-08-03 16:56:04 ----AC---- C:\WINDOWS\system32\dpnaddr.dll
2004-08-03 16:56:02 ----A---- C:\WINDOWS\system32\cfgmgr32.dll
2004-08-03 16:56:00 ----AC---- C:\WINDOWS\system32\atmfd.dll
2004-08-03 16:56:00 ----AC---- C:\WINDOWS\system32\asferror.dll
2004-08-03 16:56:00 ----A---- C:\WINDOWS\system32\browselc.dll
2004-08-03 15:18:32 ----AC---- C:\WINDOWS\system32\ntoskrnl.exe
2004-08-03 14:59:36 ----A---- C:\WINDOWS\system32\spiisupd.exe
2004-08-03 14:59:24 ----AC---- C:\WINDOWS\system32\kd1394.dll
2004-08-03 14:59:14 ----AC---- C:\WINDOWS\system32\hal.dll
2004-08-03 14:58:26 ----AC---- C:\WINDOWS\system32\msvcrt40.dll
2004-08-03 14:51:22 ----A---- C:\WINDOWS\system32\dosx.exe
2004-08-03 14:51:20 ----AC---- C:\WINDOWS\system32\winnls.dll
2004-08-03 14:51:12 ----A---- C:\WINDOWS\system32\mmsystem.dll
2004-08-03 14:49:34 ----A---- C:\WINDOWS\system32\krnl386.exe
2004-08-03 14:48:46 ----A---- C:\WINDOWS\system32\redir.exe
2004-08-03 14:38:34 ----RASH---- C:\NTDETECT.COM
2004-08-03 14:31:44 ----AC---- C:\WINDOWS\system32\slbcsp.dll
2004-08-03 14:31:44 ----AC---- C:\WINDOWS\system32\sccbase.dll
2004-08-03 14:31:44 ----AC---- C:\WINDOWS\system32\gpkcsp.dll
2004-08-03 14:31:44 ----A---- C:\WINDOWS\system32\rsaenh.dll
2004-08-03 14:31:44 ----A---- C:\WINDOWS\system32\dssenh.dll
2004-07-17 03:46:14 ----AC---- C:\WINDOWS\system32\tcpmon.ini
2004-07-17 03:42:38 ----AC---- C:\WINDOWS\system32\login.cmd
2004-07-17 03:39:16 ----AC---- C:\WINDOWS\system32\xenroll.dll
2004-07-17 03:36:44 ----AC---- C:\WINDOWS\system32\odbc16gt.dll
2004-07-17 03:36:44 ----AC---- C:\WINDOWS\system32\ds16gt.dLL
2004-07-17 03:34:48 ----AC---- C:\WINDOWS\system32\msjetoledb40.dll
2003-04-18 15:29:26 ----A---- C:\WINDOWS\system32\msxml4r.dll
2002-01-04 02:08:30 ----D---- C:\Program Files\Smilebox
2002-01-03 13:07:11 ----D---- C:\Program Files\ooVoo
2002-01-03 09:38:04 ----D---- C:\Program Files\AcidMods
2002-01-03 09:38:04 ----D---- C:\AcidMods
2002-01-03 03:17:29 ----D---- C:\Program Files\Power Audio Recorder
2002-01-02 13:49:42 ----D---- C:\Program Files\TubeTilla
2002-01-02 12:09:27 ----ASH---- C:\WINDOWS\system32\mfswmxwy.ini
2002-01-02 12:06:21 ----A---- C:\WINDOWS\system32\lnebltav.dll
2002-01-02 10:51:57 ----HD---- C:\Documents and Settings\All Users\Application Data\{549E12A2-AFC9-415A-8917-B8D197926D0C}
2002-01-02 10:51:00 ----HD---- C:\Documents and Settings\All Users\Application Data\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}
2002-01-02 09:36:50 ----ASH---- C:\WINDOWS\system32\agjmetxj.ini
2002-01-02 09:36:50 ----A---- C:\WINDOWS\system32\jxtemjga.dll
2002-01-02 09:34:37 ----A---- C:\WINDOWS\system32\uknacn.dll
2002-01-02 09:34:36 ----A---- C:\WINDOWS\system32\taiyejkt.dll
2002-01-02 09:33:35 ----A---- C:\WINDOWS\system32\hqdhal.dll
2002-01-02 09:33:34 ----A---- C:\WINDOWS\system32\qeiusswb.dll
2002-01-02 08:53:14 ----D---- C:\WINDOWS\system32\appmgmt
2002-01-02 08:31:15 ----D---- C:\Program Files\Java
2002-01-02 08:30:37 ----D---- C:\Program Files\Common Files\Java
2002-01-02 07:31:40 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2002-01-02 07:31:22 ----A---- C:\WINDOWS\system32\ZuneUsbTransport.dll
2002-01-02 07:31:22 ----A---- C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2002-01-02 07:31:22 ----A---- C:\WINDOWS\system32\ZuneMTPZ.dll
2002-01-02 07:31:22 ----A---- C:\WINDOWS\system32\ZuneIpTransport.dll
2002-01-02 07:30:49 ----D---- C:\Program Files\Zune
2002-01-02 07:29:28 ----RSD---- C:\WINDOWS\assembly
2002-01-02 07:29:09 ----D---- C:\WINDOWS\Microsoft.NET
2002-01-02 06:39:01 ----A---- C:\WINDOWS\system32\msxml3a.dll
2002-01-02 06:39:01 ----A---- C:\WINDOWS\system32\mfc71.dll
2002-01-02 06:38:39 ----D---- C:\Program Files\Audible
2002-01-02 06:38:25 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2002-01-02 05:36:37 ----AC---- C:\WINDOWS\system32\ptpusb.dll
2002-01-02 05:36:36 ----AC---- C:\WINDOWS\system32\ptpusd.dll
2002-01-02 02:18:49 ----A---- C:\WINDOWS\system32\vyetrp.dll
2002-01-02 02:18:49 ----A---- C:\WINDOWS\system32\snrliljv.dll
2002-01-02 02:15:49 ----ASH---- C:\WINDOWS\system32\jhkxwsqp.ini
2002-01-02 00:14:20 ----D---- C:\Program Files\NLVM
2002-01-02 00:13:57 ----HD---- C:\Program Files\Zero G Registry
2002-01-02 00:12:19 ----ASH---- C:\WINDOWS\system32\ydvagvhj.ini
2002-01-02 00:11:31 ----D---- C:\Program Files\lx_cats
2002-01-02 00:11:13 ----AC---- C:\WINDOWS\system32\lxcrvs.dll
2002-01-02 00:11:12 ----A---- C:\WINDOWS\system32\lxcrinpa.dll
2002-01-02 00:11:12 ----A---- C:\WINDOWS\system32\lxcriesc.dll
2002-01-02 00:11:11 ----AC---- C:\WINDOWS\system32\lxcrcoin.dll
2002-01-02 00:11:02 ----AC---- C:\WINDOWS\system32\wiafbdrv.dll
2002-01-02 00:11:01 ----AC---- C:\WINDOWS\system32\lxcrdrs.dll
2002-01-02 00:11:01 ----AC---- C:\WINDOWS\system32\lxcrcaps.dll
2002-01-02 00:11:00 ----AC---- C:\WINDOWS\system32\lxcrcnv4.dll
2002-01-02 00:10:45 ----AC---- C:\WINDOWS\system32\LXPMONUI.DLL
2002-01-02 00:10:45 ----A---- C:\WINDOWS\system32\LXPRMON.DLL
2002-01-02 00:10:25 ----A---- C:\WINDOWS\system32\LXPMONRC.DLL
2002-01-02 00:10:25 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2002-01-02 00:10:25 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2002-01-02 00:10:24 ----D---- C:\Documents and Settings\All Users\Application Data\FaxCtr
2002-01-02 00:10:13 ----D---- C:\Program Files\Lexmark Fax Solutions
2002-01-02 00:09:55 ----D---- C:\Program Files\Lexmark Toolbar
2002-01-02 00:09:53 ----D---- C:\Program Files\Lexmark 2400 Series
2002-01-02 00:09:24 ----AC---- C:\WINDOWS\system32\lxcrutil.dll
2002-01-02 00:09:24 ----AC---- C:\WINDOWS\system32\LXCRinst.dll
2002-01-02 00:09:24 ----A---- C:\WINDOWS\system32\lxcrusb1.dll
2002-01-02 00:09:23 ----AC---- C:\WINDOWS\system32\lxcrpplc.dll
2002-01-02 00:09:23 ----AC---- C:\WINDOWS\system32\lxcrpmui.dll
2002-01-02 00:09:23 ----A---- C:\WINDOWS\system32\lxcrserv.dll
2002-01-02 00:09:23 ----A---- C:\WINDOWS\system32\lxcrprox.dll
2002-01-02 00:09:23 ----A---- C:\WINDOWS\system32\lxcrlmpm.dll
2002-01-02 00:09:22 ----AC---- C:\WINDOWS\system32\lxcrjswr.dll
2002-01-02 00:09:22 ----AC---- C:\WINDOWS\system32\lxcrinsr.dll
2002-01-02 00:09:22 ----AC---- C:\WINDOWS\system32\lxcrinsb.dll
2002-01-02 00:09:22 ----AC---- C:\WINDOWS\system32\lxcrins.dll
2002-01-02 00:09:22 ----AC---- C:\WINDOWS\system32\lxcrgf.dll
2002-01-02 00:09:22 ----AC---- C:\WINDOWS\system32\lxcrcub.dll
2002-01-02 00:09:22 ----A---- C:\WINDOWS\system32\lxcrih.exe
2002-01-02 00:09:21 ----AC---- C:\WINDOWS\system32\lxcrcur.dll
2002-01-02 00:09:21 ----AC---- C:\WINDOWS\system32\lxcrcu.dll
2002-01-02 00:09:21 ----AC---- C:\WINDOWS\system32\lxcrcomm.dll
2002-01-02 00:09:21 ----AC---- C:\WINDOWS\system32\lxcrcomc.dll
2002-01-02 00:09:21 ----AC---- C:\WINDOWS\system32\LXCRcfg.dll
2002-01-02 00:09:21 ----A---- C:\WINDOWS\system32\lxcrcoms.exe
2002-01-02 00:09:19 ----A---- C:\WINDOWS\system32\wqrvjbnq.dll
2002-01-01 22:37:29 ----D---- C:\vbroker
2002-01-01 19:00:03 ----D---- C:\Program Files\Avira
2002-01-01 19:00:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2002-01-01 14:57:48 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2002-01-01 14:07:17 ----D---- C:\WINDOWS\Minidump
2002-01-01 12:53:49 ----D---- C:\MWASPI
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LTTWN12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LTKRN12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LTIMG12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LTFIL12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LTEFX12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LTDIS12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LFTIF12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\lfmpg12n.dll
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\lfgif12n.dll
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LFFAX12n.DLL
2002-01-01 12:49:49 ----AC---- C:\WINDOWS\system32\LFCMP12n.DLL
2002-01-01 12:44:35 ----AC---- C:\WINDOWS\system32\SONYHCY.DLL
2002-01-01 12:44:34 ----D---- C:\Drivers
2002-01-01 12:33:22 ----AC---- C:\WINDOWS\system32\WNASPI32.DLL
2002-01-01 12:33:22 ----AC---- C:\WINDOWS\msfsetup.ini
2002-01-01 12:31:22 ----D---- C:\Program Files\PIXELA
2002-01-01 10:12:41 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2002-01-01 09:45:09 ----D---- C:\DAZ
2002-01-01 08:59:22 ----D---- C:\Program Files\InfraRecorder
2002-01-01 08:32:02 ----D---- C:\Program Files\Sony Setup
2002-01-01 06:53:56 ----D---- C:\Program Files\America's Army Server Manager
2002-01-01 06:51:34 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2002-01-01 06:51:33 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2002-01-01 06:51:33 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2002-01-01 06:51:30 ----D---- C:\Program Files\America's Army
2002-01-01 06:51:30 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2002-01-01 06:51:20 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2002-01-01 06:51:19 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2002-01-01 06:51:19 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2002-01-01 06:51:17 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2002-01-01 06:49:42 ----D---- C:\Program Files\Microsoft XNA
2002-01-01 06:46:16 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2002-01-01 06:46:12 ----D---- C:\Program Files\Microsoft Silverlight
2002-01-01 06:46:09 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2002-01-01 06:46:02 ----D---- C:\Program Files\Microsoft Synchronization Services
2002-01-01 06:46:02 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2002-01-01 06:43:12 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2002-01-01 06:42:41 ----D---- C:\Program Files\Microsoft SDKs
2002-01-01 06:41:41 ----D---- C:\WINDOWS\system32\XPSViewer
2002-01-01 06:41:35 ----D---- C:\Program Files\Reference Assemblies
2002-01-01 06:40:39 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2002-01-01 06:40:34 ----D---- C:\Program Files\MSXML 6.0
2002-01-01 06:24:01 ----A---- C:\WINDOWS\system32\SETBROWS.EXE
2002-01-01 06:24:01 ----A---- C:\WINDOWS\system32\cfperfmon.dll
2002-01-01 06:24:01 ----A---- C:\WINDOWS\system32\BTinstall.dll
2002-01-01 06:23:41 ----A---- C:\WINDOWS\system32\NTWDBLIB.DLL
2002-01-01 06:23:41 ----A---- C:\WINDOWS\system32\INETWH32.dll
2002-01-01 06:23:41 ----A---- C:\WINDOWS\system32\CTL3DNT.DLL
2002-01-01 06:23:41 ----A---- C:\WINDOWS\system32\CTL3D95.DLL
2002-01-01 06:17:18 ----D---- C:\CFUSION
2002-01-01 06:17:18 ----A---- C:\WINDOWS\cfml.ini
2002-01-01 06:15:50 ----A---- C:\WINDOWS\system32\CFRds.dll
2002-01-01 06:15:49 ----A---- C:\WINDOWS\system32\wddx_com.dll
2002-01-01 06:15:49 ----A---- C:\WINDOWS\system32\cfvalidator.dll
2002-01-01 06:15:49 ----A---- C:\WINDOWS\system32\cfssvradmin.dll
2002-01-01 06:15:49 ----A---- C:\WINDOWS\system32\CFSDebug.dll
2002-01-01 06:15:48 ----A---- C:\WINDOWS\system32\CFRegExp.dll
2002-01-01 06:15:48 ----A---- C:\WINDOWS\system32\cfproject.dll
2002-01-01 06:15:48 ----A---- C:\WINDOWS\system32\CFFileProxy.dll
2002-01-01 06:15:47 ----A---- C:\WINDOWS\system32\CFFtp.dll
2002-01-01 06:15:46 ----A---- C:\WINDOWS\system32\CFFPTree.dll
2002-01-01 06:15:30 ----A---- C:\WINDOWS\system32\xmltok.dll
2002-01-01 06:15:30 ----A---- C:\WINDOWS\system32\xmlparse.dll
2002-01-01 06:15:30 ----A---- C:\WINDOWS\system32\cfmsg.dll
2002-01-01 06:15:21 ----D---- C:\Program Files\Allaire
2002-01-01 06:00:48 ----A---- C:\ADBEPPROCS3_ALP.exe
2002-01-01 06:00:32 ----D---- C:\urban
2002-01-01 05:02:01 ----D---- C:\Program Files\Common Files\xing shared
2002-01-01 05:01:56 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2002-01-01 05:01:53 ----A---- C:\WINDOWS\system32\pndx5032.dll
2002-01-01 05:01:53 ----A---- C:\WINDOWS\system32\pndx5016.dll
2002-01-01 05:01:53 ----A---- C:\WINDOWS\system32\pncrt.dll
2002-01-01 05:01:53 ----A---- C:\WINDOWS\system32\msvcr71.dll
2002-01-01 05:01:53 ----A---- C:\WINDOWS\system32\msvcp71.dll
2002-01-01 05:01:52 ----D---- C:\Program Files\Common Files\Real
2002-01-01 05:01:51 ----D---- C:\Program Files\Real
2002-01-01 04:59:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Real
2002-01-01 04:53:38 ----D---- C:\Program Files\NaturalSoft
2002-01-01 04:53:22 ----D---- C:\WINDOWS\Downloaded Installations
2002-01-01 04:29:20 ----D---- C:\Media
2002-01-01 04:25:03 ----N---- C:\WINDOWS\Ctregrun.exe
2002-01-01 04:24:27 ----RAC---- C:\WINDOWS\system32\P1171Vfw.dll
2002-01-01 04:24:27 ----RAC---- C:\WINDOWS\system32\P1171Sti.dll
2002-01-01 04:24:27 ----RAC---- C:\WINDOWS\system32\P1171Pin.dll
2002-01-01 04:24:27 ----RAC---- C:\WINDOWS\system32\P1171Hwx.dll
2002-01-01 04:24:27 ----RAC---- C:\WINDOWS\P1171Cfg.exe
2002-01-01 04:24:27 ----RA---- C:\WINDOWS\system32\P1171Srv.exe
2002-01-01 04:24:27 ----RA---- C:\WINDOWS\system32\CtCamMgr.dll
2002-01-01 04:24:27 ----RA---- C:\WINDOWS\CtDrvIns.exe
2002-01-01 04:24:25 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2002-01-01 04:23:21 ----D---- C:\WINDOWS\CtDrvInstall
2002-01-01 04:15:41 ----D---- C:\WINDOWS\Profiles
2002-01-01 04:15:40 ----D---- C:\WINDOWS\system32\Adobe
2002-01-01 04:15:40 ----D---- C:\Program Files\Common Files\Adobe
2002-01-01 04:15:40 ----D---- C:\Program Files\Adobe
2002-01-01 04:14:17 ----A---- C:\WINDOWS\IsUninst.exe
2002-01-01 04:14:11 ----D---- C:\Program Files\Creative
2002-01-01 02:39:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2002-01-01 02:39:46 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2002-01-01 02:34:19 ----D---- C:\Program Files\Common Files\Download Manager
2002-01-01 02:34:06 ----C---- C:\WINDOWS\Unnero.exe
2002-01-01 02:34:06 ----AC---- C:\WINDOWS\system32\MultiSZ.dll
2002-01-01 02:34:01 ----D---- C:\Program Files\Ahead
2002-01-01 02:34:01 ----AC---- C:\WINDOWS\system32\TwnLib20.dll
2002-01-01 02:34:01 ----AC---- C:\WINDOWS\system32\picn20.dll
2002-01-01 02:34:01 ----AC---- C:\WINDOWS\system32\NeroCheck.exe
2002-01-01 02:34:01 ----AC---- C:\WINDOWS\system32\ImagXpr5.dll
2002-01-01 02:34:01 ----AC---- C:\WINDOWS\system32\imagx5.dll
2002-01-01 02:34:01 ----AC---- C:\WINDOWS\system32\imagr5.dll
2002-01-01 02:28:20 ----AC---- C:\WINDOWS\ModemLog_IBM Data Fax Modem.txt
2002-01-01 02:16:51 ----A---- C:\WINDOWS\system32\ghsxkcrg.dll
2002-01-01 02:13:51 ----ASH---- C:\WINDOWS\system32\uinhajjc.ini
2002-01-01 02:11:01 ----A---- C:\error.txt
2002-01-01 01:49:38 ----D---- C:\Kingston
2002-01-01 01:22:46 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2002-01-01 01:16:19 ----D---- C:\Program Files\Common Files\DAZ
2002-01-01 01:16:18 ----D---- C:\Program Files\DAZ
2002-01-01 00:27:38 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2002-01-01 00:27:25 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2002-01-01 00:19:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2002-01-01 00:19:09 ----A---- C:\YServer.txt
2002-01-01 00:19:04 ----D---- C:\Program Files\Yahoo!
2002-01-01 00:11:08 ----ASH---- C:\WINDOWS\system32\qtouuefx.ini
2002-01-01 00:10:22 ----A---- C:\WINDOWS\system32\abfmnv.dll
2002-01-01 00:10:21 ----A---- C:\WINDOWS\system32\kakbxuvh.dll
2002-01-01 00:08:15 ----ASH---- C:\WINDOWS\system32\knfniatr.ini
2002-01-01 00:08:12 ----A---- C:\WINDOWS\system32\rtainfnk.dll
2002-01-01 00:08:08 ----A---- C:\WINDOWS\system32\kycagnfs.dll
2002-01-01 00:08:08 ----A---- C:\WINDOWS\system32\cwulmy.dll
2002-01-01 00:07:52 ----ASH---- C:\WINDOWS\system32\osamrcdl.ini
2002-01-01 00:07:48 ----A---- C:\WINDOWS\system32\ldcrmaso.dll
2002-01-01 00:07:31 ----A---- C:\WINDOWS\system32\okvnnpis.dll
2002-01-01 00:05:52 ----ASH---- C:\WINDOWS\system32\oopeubue.ini
2002-01-01 00:05:49 ----A---- C:\WINDOWS\system32\eubuepoo.dll
2002-01-01 00:05:08 ----ASH---- C:\WINDOWS\system32\ojcsqkns.ini
2002-01-01 00:05:04 ----A---- C:\WINDOWS\system32\snkqscjo.dll
2002-01-01 00:05:04 ----A---- C:\WINDOWS\system32\nmkbsk.dll
2002-01-01 00:05:03 ----A---- C:\WINDOWS\system32\npxodgkv.dll
2002-01-01 00:04:31 ----A---- C:\WINDOWS\system32\eiasaubs.dll
2002-01-01 00:04:31 ----A---- C:\WINDOWS\system32\asjrwa.dll
2002-01-01 00:04:23 ----A---- C:\WINDOWS\system32\quqnncct.dll
2002-01-01 00:04:16 ----A---- C:\WINDOWS\system32\qswtbo.dll
2002-01-01 00:04:16 ----A---- C:\WINDOWS\system32\nnhtjwwl.dll
2002-01-01 00:04:15 ----A---- C:\WINDOWS\system32\rkigjwql.dll
2002-01-01 00:03:34 ----A---- C:\WINDOWS\system32\yajbps.dll
2002-01-01 00:03:34 ----A---- C:\WINDOWS\system32\ufqgurcq.dll
2002-01-01 00:02:57 ----ASH---- C:\WINDOWS\system32\metsnxtw.ini
2002-01-01 00:02:57 ----A---- C:\WINDOWS\system32\wtxnstem.dll
2002-01-01 00:02:45 ----A---- C:\WINDOWS\system32\uxiegnvc.dll
2002-01-01 00:02:45 ----A---- C:\WINDOWS\system32\strmee.dll
2002-01-01 00:02:06 ----A---- C:\WINDOWS\system32\yvkkle.dll
2002-01-01 00:02:06 ----A---- C:\WINDOWS\system32\gulrlmik.dll
2002-01-01 00:02:05 ----ASH---- C:\WINDOWS\system32\fukyshjc.ini
2001-12-31 23:53:40 ----D---- C:\ATI

======List of files/folders modified in the last 1 months======

2008-08-23 16:05:05 ----A---- C:\WINDOWS\win.ini
2008-03-03 20:01:22 ----A---- C:\WINDOWS\system32\msls31.dll
2008-03-03 19:51:50 ----AC---- C:\WINDOWS\system32\ieakui.dll
2008-03-02 10:28:38 ----AC---- C:\WINDOWS\system.ini
2006-11-01 13:17:45 ----AC---- C:\WINDOWS\system32\mfc40u.dll
2006-10-16 10:15:00 ----A---- C:\WINDOWS\system32\oledlg.dll
2006-10-13 06:35:12 ----AC---- C:\WINDOWS\system32\nwapi32.dll
2006-07-21 02:24:43 ----AC---- C:\WINDOWS\system32\hlink.dll
2006-06-01 12:47:07 ----AC---- C:\WINDOWS\system32\jgpl400.dll
2006-06-01 12:47:07 ----AC---- C:\WINDOWS\system32\jgdw400.dll
2005-10-17 15:14:45 ----AC---- C:\WINDOWS\system32\fontsub.dll
2005-07-25 22:39:49 ----A---- C:\WINDOWS\system32\olecnv32.dll
2005-07-25 22:39:48 ----A---- C:\WINDOWS\system32\olecli32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 29696]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
S2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
S2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
S3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2007-08-21 706048]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-05 1181824]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver; C:\WINDOWS\system32\DRIVERS\KTC111.SYS [2001-08-17 19016]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NETGEAR_MA111;NETGEAR 802.11b MA111 Driver; C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2003-08-29 644608]
S3 P1171VID;Creative WebCam Notebook #2; C:\WINDOWS\system32\DRIVERS\P1171Vid.sys [2004-03-18 91392]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USB28xxBGA;ATI TV Wonder 600 USB 2.0; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-05-16 459520]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-05-16 39808]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirScheduler;Avira AntiVir Personal Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
S2 AntiVirService;Avira AntiVir Personal Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe [2007-08-02 262239]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe [2007-08-02 110685]
S2 Cold Fusion Application Server;Cold Fusion Application Server; C:\CFUSION\bin\cfserver.exe [1999-04-09 3662848]
S2 Cold Fusion Executive;Cold Fusion Executive; C:\CFUSION\bin\cfexec.exe [1999-04-09 373760]
S2 Cold Fusion RDS;Cold Fusion RDS; C:\CFUSION\bin\CFRDSService.exe [1999-04-09 1488896]
S2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
S2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
S2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe [2007-08-02 1073152]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2002-01-01 66872]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
S2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2008-09-12 5119392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 13 December 2008 - 02:52 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Edited by fenzodahl512, 13 December 2008 - 02:52 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 borz

borz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 13 December 2008 - 03:22 PM

Here is the new log:
ComboFix 08-12-12.05 - Administrator 2008-12-13 14:10:36.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.684 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mom\Application Data\WeatherDPA
c:\documents and settings\Mom\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\program files\Internet Explorer\msimg32.dll
c:\windows\emMON.exe
c:\windows\system32\agjmetxj.ini
c:\windows\system32\bimvvnqv.dll
c:\windows\system32\dkymvu.dll
c:\windows\system32\foqgancp.dll
c:\windows\system32\frzmhk.dll
c:\windows\system32\fukyshjc.ini
c:\windows\system32\hcovbomm.dll
c:\windows\system32\hlsdpwou.ini
c:\windows\system32\iktgvg.dll
c:\windows\system32\jhkxwsqp.ini
c:\windows\system32\jimaneno.dll
c:\windows\system32\jssbggvs.ini
c:\windows\system32\knfniatr.ini
c:\windows\system32\lehkdu.dll
c:\windows\system32\lnfsvkky.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mesekewi.dll
c:\windows\system32\metsnxtw.ini
c:\windows\system32\mfswmxwy.ini
c:\windows\system32\mlasbjep.dll
c:\windows\system32\mrvjtnbi.dll
c:\windows\system32\nilpqt.dll
c:\windows\system32\njwlerlt.dll
c:\windows\system32\obfkpsfy.dll
c:\windows\system32\odwjgvdg.dll
c:\windows\system32\ojcsqkns.ini
c:\windows\system32\okvnnpis.dll
c:\windows\system32\oopeubue.ini
c:\windows\system32\osamrcdl.ini
c:\windows\system32\OXadNUvw.ini
c:\windows\system32\OXadNUvw.ini2
c:\windows\system32\puxmst.dll
c:\windows\system32\qswtbo.dll
c:\windows\system32\qtouuefx.ini
c:\windows\system32\rcvbyg.dll
c:\windows\system32\seffvu.dll
c:\windows\system32\shalyait.dll
c:\windows\system32\svggbssj.dll
c:\windows\system32\TDSSayoa.log
c:\windows\system32\TDSSnero.dat
c:\windows\system32\TDSSobam.dll
c:\windows\system32\tfvkod.dll
c:\windows\system32\tgjwuhxn.ini
c:\windows\system32\uinhajjc.ini
c:\windows\system32\unoeudmg.ini
c:\windows\system32\uowpdslh.dll
c:\windows\system32\uxfvuluy.dll
c:\windows\system32\vhautl.dll
c:\windows\system32\vqnvvmib.ini
c:\windows\system32\weluyotu.dll
c:\windows\system32\whbodogk.ini
c:\windows\system32\wvUNdaXO.dll
c:\windows\system32\xbggsclp.ini
c:\windows\system32\ydvagvhj.ini
c:\windows\system32\yiijncqu.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

2008-12-06 23:08 . 2008-12-06 23:08 <DIR> d-------- C:\VundoFix Backups
2008-12-05 06:09 . 2008-12-05 06:10 <DIR> d-------- C:\rsit
2008-12-05 06:09 . 2002-01-01 20:08 <DIR> d-------- c:\program files\trend micro
2008-12-04 16:33 . 2008-12-04 16:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nuance
2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ooVoo Details
2008-12-04 02:31 . 2008-12-04 02:31 <DIR> d-------- c:\program files\Alwil Software
2008-11-28 14:48 . 2008-11-28 14:48 <DIR> d-------- c:\documents and settings\Mom\Funny Stuff
2008-11-24 23:10 . 2008-11-24 23:10 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-24 23:09 . 2008-11-24 23:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-24 23:08 . 2008-11-24 23:08 <DIR> d-------- c:\program files\Apple Software Update
2008-11-24 23:08 . 2008-11-24 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-24 22:00 . 2008-11-25 00:34 <DIR> d-------- c:\documents and settings\Mom\Application Data\ICAClient
2008-11-23 15:34 . 2008-11-29 11:03 69,960 --a------ c:\windows\system32\MSINET.OCX
2008-11-23 15:34 . 2008-11-29 11:03 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 15:34 . 2008-11-29 11:03 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-22 09:20 . 2008-11-22 09:20 <DIR> d-------- c:\program files\Transparent
2008-11-22 09:20 . 2008-11-22 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Transparent
2008-11-22 09:20 . 2008-11-22 09:20 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{AFD61B9C-946C-4129-B53C-E1C5D51A536D}
2008-11-22 08:56 . 2008-11-22 08:56 <DIR> d--h----- C:\System
2008-11-22 08:56 . 2008-11-22 08:56 <DIR> d-------- C:\Documents
2008-11-22 08:56 . 2007-10-23 00:45 1,336,632 -ra------ C:\LaunchU3.exe
2008-11-22 07:29 . 2008-11-22 07:34 <DIR> d-------- c:\documents and settings\Heaba\Application Data\ooVoo Details
2008-11-21 11:39 . 2008-11-24 02:21 <DIR> d-------- c:\documents and settings\Mom\Tracing
2008-11-17 14:04 . 2008-11-17 14:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-15 21:27 . 2008-11-15 21:27 <DIR> d-------- c:\program files\TechSmith
2008-11-15 21:27 . 2001-09-12 02:21 98,304 --a------ c:\windows\system32\tsccvid.dll
2008-11-15 21:27 . 2001-09-12 02:21 34,864 --a------ c:\windows\system32\Camtasia.dll
2008-11-15 20:54 . 2008-09-29 22:27 84,992 --a------ c:\windows\system32\lmdimon8.dll
2008-11-15 20:53 . 2008-11-15 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Applications
2008-11-15 20:43 . 2008-11-15 20:43 <DIR> d-------- c:\program files\Citrix
2008-11-15 20:40 . 2008-11-15 20:40 <DIR> d-------- c:\program files\Common Files\XStream
2008-11-15 20:40 . 2000-05-22 00:00 438,976 --a------ c:\windows\system32\MSHFLXGD.OCX
2008-11-15 20:40 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx
2008-11-15 15:55 . 2008-11-15 15:55 7,680 --a------ C:\ATI PCI.GRF
2008-11-14 23:15 . 2008-11-14 23:15 <DIR> d-------- C:\graphedit
2008-11-14 22:19 . 2008-11-14 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-11-14 22:18 . 2008-11-14 22:18 <DIR> d-------- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 19:15 --------- d-----w c:\program files\Google
2008-11-28 17:02 2,074 ----a-w c:\documents and settings\Abdllah\Application Data\SAS7_000.DAT
2008-11-25 05:10 --------- d-----w c:\program files\QuickTime
2008-11-22 13:45 --------- d-----w c:\program files\Finale NotePad 2009
2008-11-22 13:42 --------- d-----w c:\program files\NoLimits Coasters Demo v1.55
2008-11-16 02:54 --------- d-----w c:\program files\DIFX
2008-11-16 02:51 --------- d-----w c:\program files\Common Files\Adobe
2008-11-15 04:18 --------- d-----w c:\program files\ATI
2008-11-06 23:53 --------- d-----w c:\program files\Common Files\Download Manager
2008-11-03 03:17 --------- d-----w c:\documents and settings\Heaba\Application Data\Skype
2008-11-02 22:00 --------- d-----w c:\documents and settings\Heaba\Application Data\skypePM
2008-11-02 15:12 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-31 15:16 --------- d-----w c:\documents and settings\Mom\Application Data\U3
2008-10-25 20:35 --------- d-----w c:\program files\Unitech Systems
2008-10-22 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-21 23:46 --------- d-----w c:\documents and settings\Mom\Application Data\Nuance
2008-10-19 19:21 --------- d-----w c:\program files\Red Kawa
2008-07-04 04:26 630 ----a-w c:\program files\Torrent.lnk
2008-02-08 03:46 13,624 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 03:46 87,360 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 03:46 91,448 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 03:46 21,824 ----a-w c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 03:46 206,136 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 03:46 31,544 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 03:46 40,248 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 23:27 479,232 ----a-w c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 23:27 548,864 ----a-w c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 23:27 626,688 ----a-w c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 18:47 981,170 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 03:46 24,384 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-24 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2002-01-01 185896]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2007-08-02 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]

c:\documents and settings\Heaba\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\Mom\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-01-02 113664]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2008-10-08 81997]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2008-03-02 1156608]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-04-28 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ATI\CATALY~1\Kernel\Burner\MKDMP3Enc.ACM
"MSVideo"= camtasia.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Abdllah\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Documents and Settings\\Mom\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2008-03-02 29696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-04 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-04 20560]
S2 Cold Fusion Application Server;Cold Fusion Application Server;c:\cfusion\bin\cfserver.exe [2002-01-01 3662848]
S2 Cold Fusion Executive;Cold Fusion Executive;c:\cfusion\bin\cfexec.exe [2002-01-01 373760]
S2 Cold Fusion RDS;Cold Fusion RDS;c:\cfusion\bin\CFRDSService.exe [2002-01-01 1488896]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2002-01-01 19016]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\DRIVERS\P1171Vid.sys [2002-01-01 91392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\SETUP.EXE /s
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-12 c:\windows\Tasks\User_Feed_Synchronization-{319869CE-43C0-4CDC-AF93-191226917A0A}.job
- c:\windows\system32\msfeedssync.exe [2008-03-03 19:50]
.
- - - - ORPHANS REMOVED - - - -

BHO-{05cbf6cf-6b35-498b-bfad-e79c88cb50ef} - c:\windows\system32\nilpqt.dll
BHO-{54351fed-ed6a-401b-be0f-a430dcc73980} - c:\windows\system32\lehkdu.dll
BHO-{7CAB59B4-55A3-4737-9FD5-B93C6430BF78} - c:\windows\system32\okvnnpis.dll
BHO-{92ACF506-529D-43E9-B097-2CA6AED5A11F} - c:\windows\system32\wvUNdaXO.dll
BHO-{c76f255b-4af4-4ac1-a09c-c9b6fdd99b4a} - c:\windows\system32\jimaneno.dll
HKCU-RunOnce-NeroHomeFirstStart - c:\program files\Common Files\Nero\Lib\NMFirstStart.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-IUpd721 - c:\documents and settings\Aya\Application Data\NI.GSCNS\IUpd721.exe
HKLM-Run-c071a3c3 - c:\windows\system32\cjhsykuf.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 14:14:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-13 14:16:06 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-12-13 20:16:04

Pre-Run: 57,419,309,056 bytes free
Post-Run: 60,644,208,640 bytes free

276 --- E O F --- 2008-09-10 22:02:51

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 13 December 2008 - 03:55 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Run ComboFix again.. Post me these logs in your next reply..

1. Malwarebytes'
2. Attach GMER report
3. ComboFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 borz

borz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 13 December 2008 - 07:52 PM

MBAM Log:
Malwarebytes' Anti-Malware 1.31
Database version: 1497
Windows 5.1.2600 Service Pack 2

2008-12-13 18:06:36
mbam-log-2008-12-13 (18-06-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193812
Time elapsed: 24 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 61

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05cbf6cf-6b35-498b-bfad-e79c88cb50ef} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{05cbf6cf-6b35-498b-bfad-e79c88cb50ef} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54351fed-ed6a-401b-be0f-a430dcc73980} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54351fed-ed6a-401b-be0f-a430dcc73980} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c76f255b-4af4-4ac1-a09c-c9b6fdd99b4a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c76f255b-4af4-4ac1-a09c-c9b6fdd99b4a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c071a3c3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nilpqt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lehkdu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bimvvnqv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dkymvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\foqgancp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\frzmhk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hcovbomm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iktgvg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jimaneno.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lehkdu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lnfsvkky.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mesekewi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlasbjep.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mrvjtnbi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\obfkpsfy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\odwjgvdg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\okvnnpis.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\puxmst.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qswtbo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rcvbyg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\seffvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\shalyait.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\svggbssj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tfvkod.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uowpdslh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uxfvuluy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vhautl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\weluyotu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUNdaXO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yiijncqu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asjrwa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cwulmy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eiasaubs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eubuepoo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghsxkcrg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gulrlmik.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqdhal.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxtemjga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kakbxuvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kycagnfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ldcrmaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lnebltav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmkbsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnhtjwwl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npxodgkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qeiusswb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\quqnncct.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkigjwql.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rtainfnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\snkqscjo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\snrliljv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\strmee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taiyejkt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufqgurcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uknacn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxiegnvc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyetrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqrvjbnq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtxnstem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yajbps.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvkkle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

ComboFix Log:
ComboFix 08-12-12.05 - Administrator 2008-12-13 18:42:17.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.716 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-13 18:08 . 2008-12-13 18:20 250 --a------ c:\windows\gmer.ini
2008-12-13 17:32 . 2008-12-13 17:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 17:32 . 2008-12-13 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 17:32 . 2008-12-13 17:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-13 17:32 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 17:32 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 23:08 . 2008-12-06 23:08 <DIR> d-------- C:\VundoFix Backups
2008-12-05 06:09 . 2008-12-05 06:10 <DIR> d-------- C:\rsit
2008-12-05 06:09 . 2002-01-01 20:08 <DIR> d-------- c:\program files\trend micro
2008-12-04 16:33 . 2008-12-04 16:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nuance
2008-12-04 16:31 . 2008-12-04 16:31 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ooVoo Details
2008-12-04 02:31 . 2008-12-04 02:31 <DIR> d-------- c:\program files\Alwil Software
2008-11-28 14:48 . 2008-11-28 14:48 <DIR> d-------- c:\documents and settings\Mom\Funny Stuff
2008-11-24 23:10 . 2008-11-24 23:10 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-24 23:09 . 2008-11-24 23:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-24 23:08 . 2008-11-24 23:08 <DIR> d-------- c:\program files\Apple Software Update
2008-11-24 23:08 . 2008-11-24 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-24 22:00 . 2008-11-25 00:34 <DIR> d-------- c:\documents and settings\Mom\Application Data\ICAClient
2008-11-23 15:34 . 2008-11-29 11:03 69,960 --a------ c:\windows\system32\MSINET.OCX
2008-11-23 15:34 . 2008-11-29 11:03 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 15:34 . 2008-11-29 11:03 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-22 09:20 . 2008-11-22 09:20 <DIR> d-------- c:\program files\Transparent
2008-11-22 09:20 . 2008-11-22 09:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Transparent
2008-11-22 09:20 . 2008-11-22 09:20 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{AFD61B9C-946C-4129-B53C-E1C5D51A536D}
2008-11-22 08:56 . 2008-11-22 08:56 <DIR> d--h----- C:\System
2008-11-22 08:56 . 2008-11-22 08:56 <DIR> d-------- C:\Documents
2008-11-22 08:56 . 2007-10-23 00:45 1,336,632 -ra------ C:\LaunchU3.exe
2008-11-22 07:29 . 2008-11-22 07:34 <DIR> d-------- c:\documents and settings\Heaba\Application Data\ooVoo Details
2008-11-21 11:39 . 2008-11-24 02:21 <DIR> d-------- c:\documents and settings\Mom\Tracing
2008-11-17 14:04 . 2008-11-17 14:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-15 21:27 . 2008-11-15 21:27 <DIR> d-------- c:\program files\TechSmith
2008-11-15 21:27 . 2001-09-12 02:21 98,304 --a------ c:\windows\system32\tsccvid.dll
2008-11-15 21:27 . 2001-09-12 02:21 34,864 --a------ c:\windows\system32\Camtasia.dll
2008-11-15 20:54 . 2008-09-29 22:27 84,992 --a------ c:\windows\system32\lmdimon8.dll
2008-11-15 20:53 . 2008-11-15 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Applications
2008-11-15 20:43 . 2008-11-15 20:43 <DIR> d-------- c:\program files\Citrix
2008-11-15 20:40 . 2008-11-15 20:40 <DIR> d-------- c:\program files\Common Files\XStream
2008-11-15 20:40 . 2000-05-22 00:00 438,976 --a------ c:\windows\system32\MSHFLXGD.OCX
2008-11-15 20:40 . 2000-05-22 00:00 244,416 --a------ c:\windows\system32\Msflxgrd.ocx
2008-11-15 15:55 . 2008-11-15 15:55 7,680 --a------ C:\ATI PCI.GRF
2008-11-14 23:15 . 2008-11-14 23:15 <DIR> d-------- C:\graphedit
2008-11-14 22:19 . 2008-11-14 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-11-14 22:18 . 2008-11-14 22:18 <DIR> d-------- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 19:15 --------- d-----w c:\program files\Google
2008-11-28 17:02 2,074 ----a-w c:\documents and settings\Abdllah\Application Data\SAS7_000.DAT
2008-11-25 05:10 --------- d-----w c:\program files\QuickTime
2008-11-22 13:45 --------- d-----w c:\program files\Finale NotePad 2009
2008-11-22 13:42 --------- d-----w c:\program files\NoLimits Coasters Demo v1.55
2008-11-16 02:54 --------- d-----w c:\program files\DIFX
2008-11-16 02:51 --------- d-----w c:\program files\Common Files\Adobe
2008-11-15 04:18 --------- d-----w c:\program files\ATI
2008-11-06 23:53 --------- d-----w c:\program files\Common Files\Download Manager
2008-11-03 03:17 --------- d-----w c:\documents and settings\Heaba\Application Data\Skype
2008-11-02 22:00 --------- d-----w c:\documents and settings\Heaba\Application Data\skypePM
2008-11-02 15:12 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-31 15:16 --------- d-----w c:\documents and settings\Mom\Application Data\U3
2008-10-25 20:35 --------- d-----w c:\program files\Unitech Systems
2008-10-22 00:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-21 23:46 --------- d-----w c:\documents and settings\Mom\Application Data\Nuance
2008-10-19 19:21 --------- d-----w c:\program files\Red Kawa
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-07-04 04:26 630 ----a-w c:\program files\Torrent.lnk
2008-02-08 03:46 13,624 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 03:46 87,360 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 03:46 91,448 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 03:46 21,824 ----a-w c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 03:46 206,136 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 03:46 31,544 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 03:46 40,248 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 23:27 479,232 ----a-w c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 23:27 548,864 ----a-w c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 23:27 626,688 ----a-w c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 18:47 981,170 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 03:46 24,384 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92ACF506-529D-43E9-B097-2CA6AED5A11F}]

c:\windows\system32\wvUNdaXO.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Nero\Lib\NMFirstStart.exe" [BU]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-24 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2002-01-01 185896]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [BU]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2007-08-02 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IUpd721"="c:\documents and settings\Aya\Application Data\NI.GSCNS\IUpd721.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]

c:\documents and settings\Heaba\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\Mom\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-01-02 113664]
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2008-10-08 81997]
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2008-03-02 1156608]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-04-28 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ATI\CATALY~1\Kernel\Burner\MKDMP3Enc.ACM
"MSVideo"= camtasia.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Abdllah\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Documents and Settings\\Mom\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2008-03-02 29696]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-04 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-04 20560]
S2 Cold Fusion Application Server;Cold Fusion Application Server;c:\cfusion\bin\cfserver.exe [2002-01-01 3662848]
S2 Cold Fusion Executive;Cold Fusion Executive;c:\cfusion\bin\cfexec.exe [2002-01-01 373760]
S2 Cold Fusion RDS;Cold Fusion RDS;c:\cfusion\bin\CFRDSService.exe [2002-01-01 1488896]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\KTC111.SYS [2002-01-01 19016]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\DRIVERS\P1171Vid.sys [2002-01-01 91392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\SETUP.EXE /s

*Newly Created Service* - GMER
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-13 c:\windows\Tasks\User_Feed_Synchronization-{319869CE-43C0-4CDC-AF93-191226917A0A}.job
- c:\windows\system32\msfeedssync.exe [2008-03-03 19:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 18:43:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-13 18:43:35
ComboFix-quarantined-files.txt 2008-12-14 00:43:29
ComboFix2.txt 2008-12-13 20:16:07

Pre-Run: 63,027,744,768 bytes free
Post-Run: 63,043,448,832 bytes free

226 --- E O F --- 2008-09-10 22:02:51

Attached Files

  • Attached File  GMER.log   153.88KB   1 downloads


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 13 December 2008 - 11:31 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    c:\windows\system32\wvUNdaXO.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92ACF506-529D-43E9-B097-2CA6AED5A11F}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE



NEXT


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.





Post me these logs in your next reply..

1. OTMoveIt3
2. Kaspersky Online
3. Tell me, how is the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 borz

borz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 14 December 2008 - 06:40 PM

1. ========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\system32\wvUNdaXO.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92ACF506-529D-43E9-B097-2CA6AED5A11F}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_IV9q98zvCF344rkqC3dM scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\d1u09lmk.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_115818



2. --------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 17:34:54
Records in database: 1460955
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 134182
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:02:23

No malware has been detected. The scan area is clean.

The selected area was scanned.

3. The computer is back to normal. No "Vundo detected" messages!
It has been working normally before this step.
I appreciate your help so much! Thank you thank you!

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 15 December 2008 - 03:21 AM

Great.. lets do some cleanup..

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image


To learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 borz

borz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 PM

Posted 15 December 2008 - 02:22 PM

Thank you!
The computer is behaving normally now. No longer is it freezing up, or saying it's infected.

Thank you again!

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 15 December 2008 - 10:10 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users